Financial Services

Security & Compliance Solutions for Financial Services

Financial services companies face a variety of security and compliance challenges. Sarbanes Oxley mandates require that only authorized personal have access to financial information, and that strict policies and procedures are adhered to in order to fulfill that requirement. GLBA requires security risk assessments, security solutions that effectively detect, prevent, and allow timely incident response, and auditing and monitoring of the security environment. If credit card transactions are processed, the additional regulatory requirements of PCI-DSS must be satisfied. 

At a minimum, this requires a unified security approach consisting of data security, fraud and data leakage detection, and log and event management.  Furthermore, the appropriate user, asset and policy context must be applied, in order to produce comprehensive, high-quality compliance reports that will address the specific needs of a compliance auditor.

 

  • Overview
  • Data Security
  • Insider Theft
  • Compliance

NitroView combines active network protection, database and application monitoring with centralized information management, assessment and reporting, to address the specific challenges faced by financial services industry, using one or more of the following:

  • A firewall and Intrusion Prevention System (IPS) to provide active protection against a breach.
  • A Data Security system to monitor, protect, and log all access to sensitive data.
  • An application monitoring system to detect data loss and protect against insider theft.
  • A Log Management system to store all logs in a secure manner, for audit purposes.
  • A Security Information & Event Management system (SIEM) to bring all the required event and asset data together, for incident detection, response, and reporting purposes.

NitroView continuously monitors database activity to protect data at its source. NitroView monitors all user logins, logouts, and failed login attempts as well as unauthorized access attempts. It analyzes all access paths to protected data--whether from applications, users, viruses, worms, trojan horses, utilities, "back-doors," queries, LAMP scripting, ODBC utilities, etc., regardless of the password or privileges of the user, and alerts on all suspicious activity.

All database activity is also logged, producing a complete audit trail suitable with GLBA, PCI, and SoX compliance requirements, making it easier to obtain and sustain compliance. 

In addition, NitroView can see inside the contents of applications such as email, chat programs, and web browsers, and can detect the presence of sensitive data such as credit card numbers.  This allows NitroView to detect violations in data usage policies, ensuring that protected data isn't being mishandled.

The theft of confidential information is a primary concern among financial institutions, which is why NitroView provides visibility into sensitive data both when at rest, using dedicated network database monitoring, and when in motion, using application data monitoring.

This allows nitroView to know when information has been accessed illegally or outside of internal polices.  If information is accessed legitimately, NitroView's application data monitoring ensures that it isn't misused, by monitoring email attachments, web form posts, instant messages, and hundred of other applications to ensure that data isn't being stolen or leaked.  NitroView can even monitor printer, fax, and VoIIP protocols.

When suspicious activity occurs, NitroView sends real-time alerts containing the information needed to fully identify the perpetrator, the nature of the suspicious activity, and other pertinent information so that the situation can be handled appropriately, in line with incident response instructions provided by PCI and other regulations.

Security events and logs aren't always human readable, and a report that makes perfect sense to a security analyst might not mean a thing to a compliance auditor.  That's why NitroSecurity worked closely with experts in PCI and SOX compliance, to provide a comprehensive set of compliance report out-of-the-box. 

NitroView then helps you to collect the information that you need -- such as data access records -- apply the necessary context, and produce reports that are organized and formatted appropriately ... all from a centralized, automated system.

Is there any way to make compliance easier?  We thought so, and so we've included a real-time dashboard for every compliance report, so that you can manage your compliance ni conjunction with your daily security operations, and remediate any compliance gaps as they occur, instead of waiting until after the audit.