December 01, 2005

Company: Cole Taylor Bank

Project Leader: Erik Hart, Vice President and Information Security Officer

Technology In Focus: Security Event Management (SEM)

Problem: Cole Taylor needed to identify and protect against security breaches in its Windows servers. At the same time, it had to prove compliance with SOX and Federal Reserve rules.

Solution: The bank augmented its security infrastructure with a SEM appliance.

Bottom Line: The SEM appliance allows Cole Taylor's 23-person IT department to control and monitor the security events on all 180 or so of the bank's infrastructure devices. Without it, Hart estimates he'd need an additional full-time employee to meet regulatory security requirements.


How do you meet regulatory demands that require you to log, monitor, and audit the security-related activity of a network infrastructure that generates millions of events a day? If you're Erik Hart, the information security officer and a vice president at Cole Taylor Bank in Chicago, you turn to one of the IT industry's fastest-growing technologies: Security Event Management (SEM).

Vendors tout SEM as "SOX-in-a-box"--technology that delivers a ready-made cure for compliance with the Sarbanes-Oxley Act. But the banking industry is subject to many other rules, so Cole Taylor needs SEM for more than just SOX. "It allows us to show that we have key IT security control functions in place," says Hart. That's critical for complying with the strict standards set by the Federal Reserve. "And it permits us to test IT security performance against real events," he adds.

SEM also helps the bank's IT staff get more work done. Hart estimates it saves about 20 man-hours per week. "Because of this, Cole Taylor Bank didn't have to hire another person," he says. With the staff no longer manually monitoring Cisco hardware and defending Microsoft servers, people are freed up to concentrate on other projects as the bank expands.

Capturing A Security Event
Click to Enlarge in another window

SCRIPT KIDDING

After an inauspicious founding at the onset of the Great Depression, Cole Taylor has become Illinois' largest independent bank, with 11 branches throughout the Chicago area and a total of nearly $3.5 billion in assets. It outsources its customer-facing Web operations, but the 23-person IT team is still responsible for running the company's internal e-mail and Web servers. Although they're intended for internal use only, the servers are exposed to the Internet and are thus subject to a wide variety of attempted attacks.

Hart doesn't want to go into too much detail about the specific software he's running or its vulnerabilities, but he does admit Cole Taylor is a Microsoft shop. As for the attacks against it? "The usual," he says. "Script kiddies trying to run an executable on our Web site, trying to hack into our Web site."

The bank's servers keep logs of all activity, but identifying script-kiddie offensives is difficult due to the huge amounts of data involved. Unlike the "old days" when banks relied on paper documents, personal meetings, and written signatures, a large percentage of banking transactions now take place electronically, and the volume is increasing all the time.

"It would be nearly impossible to see those types of attacks by trying to comb through hundreds of megabytes of pure text," says Hart. "You can't do that with the standard Windows logging capabilities."