Pub. 8 2019 Issue 2

11 S u mm e r | 2019 between workstations and other end-user devices, effective- ly preventing or significantly hindering lateral movement by an attacker. A-Bank has also eliminated password re-use through their bank. Each system has unique passwords for any local accounts. Service accounts also utilize unique passwords. These are all managed by a Privileged Access Management system. A final foundational control A-Bank has implemented is the implementation of a program to cen- tralize all server, firewall, DNS, DHCP and other logs. These logs are archived long-term. Alerts are also configured to identify basic suspicious activity and reports are reviewed daily by the information technology team. B-Bank Established in 1906, B-Bank has an asset size of roughly $430 million dollars. They first got into technology with one workstation over thirty years ago and their technol- ogy footprint and network have grown organically since. B-Bank has a limited information technology budget and also is conservative when it comes to financial and technical risk. They do not currently offer services like mobile check capture, merchant remote deposit, and wire or ACH services via Internet banking. While B-Bank has a lower overall risk than A-Bank, they have not implemented many of the foundational controls that A-Bank has. B-Bank has a patch management program where they apply Microsoft and a few other patches. Additionally, B-Bank is running virus and malware protection program on all systems. Threat Hunting Effectiveness Threat hunting would be beneficial at both banks. How- ever, due to the limited information technology budget, and lack of foundational cyber security controls, B-Bank would see the greatest impact in their cyber security posture by spending their time and money implementing some of the controls outlined in the Top 20 Security Controls by the Cen- ter for Internet Security, or the NSA Top 10 Cybersecurity Mitigation Strategies. A-Bank already has a mature cyber security posture and is well positioned to deploy threat hunting teams in their network. Periodically new cyber security controls become avail- able. Be careful not to implement a control just because the technology or practice is the latest cool thing. Evaluation of the control is an important part of any new cyber security acquisition and if properly done will ensure the greatest return on the investments of time and money. F E A T U R E Ty Purcell is a Security and Compliance Consultant for CoNetrix. CoNetrix is a provider of information security consulting, IT/GLBA audits and security testing, and Tandem – a security and compliance software suite designed to help financial institutions create and main- tain their Information Security Program. Visit our website at www.conetrix.com to learn how CoNetrix can improve your Cybersecurity maturity. https://www.cisecurity.org/controls/ https://www.nsa.gov/Portals/70/documents/what-we-do/cybersecurity/professional-resources/ csi-nsas-top10-cybersecurity-mitigation-strategies.pdf