When the Federal Reserve Bank of Chicago completed its Annual Federal Reserve exam of Rosemont, Ill.-based Cole Taylor Bank ($3 billion in total assets) in 2003, examiners suggested that the bank replace its various network monitoring point solutions with an enterprisewide system in order to track employee access to data better. "They said we were not collecting monitoring information like we should be," recalls Erik Hart, vice president and information security officer, Cole Taylor Bank.
So the bank began searching for an in-house monitoring solution that would support all of the network devices across its 12 branches. Hart explains that he wanted a solution that could be implemented on a number of different systems without the complications of managing agents.
In early 2004, Cole Taylor -- a Cisco (San Jose, Calif.) shop running Microsoft (Redmond, Wash.) Windows -- examined security event management systems from GFI (Cary, N.C.), Computer Associates International (Islandia, N.Y.) and Network Intelligence (Westbrook, Mass.). According to Hart, for Cole Taylor, Network Intelligence's solution offered the most comprehensive monitoring of devices -- including routers, firewalls and proxy servers -- and provided the strongest policy and alerting functions. So, later that year, the bank chose to implement Network Intelligence's Engine solution, which includes the vendor's enVision monitoring software housed in its HA series network appliance.
EnVision took only six hours to install, relates Hart. Though no additional hardware or software was required for the implementation, additional programming was needed to enable the software to log on to the bank's legacy network devices and applications that were to be monitored. Cole Taylor initially deployed enVision in a test environment to determine which ports in its segmented network needed to be opened to enable the solution to monitor the network. The bank then went live with enVision in the third quarter of 2004, relates Hart.
Using the Network Intelligence Engine, Cole Taylor has established policies and events that trigger notification. Without the solution, "There's no practical way to monitor 175 [access] logs manually," Hart says, referring to the number of devices enVision monitors at the bank. The software assigns access rights to employees and notifies bank officials of unauthorized attempts to access data. The software can then trace the action back to the time and device where the violation occurred. "We're able to do real-time alerting and reporting without any increase in the security staff," Hart says. Bank officials can utilize the software's more than 700 built-in reports or customize their own.
The Network Intelligence solution, says Hart, has reduced the time and money spent on Sarbanes-Oxley, Gramm-Leach-Bliley and other exam reporting. He estimates that the time spent on SOX reporting alone was reduced by 50 percent over the past 12 months, saving Cole Taylor $500,000. And Hart expects the bank to gain more benefits as it learns all of the software's reporting capabilities.
When the Federal Reserve conducted its next review of Cole Taylor in 2004, examiners were pleased with the bank's new monitoring capabilities, says Hart. "When it came to SOX testing and controls, we were all set."
- Institution: Cole Taylor Bank (Rosemont, Ill.).
- Assets: $3 billion.
- Business Challenge: Provide comprehensive monitoring of network devices and applications.
- Solution: Network Intelligence's (Westbrook, Mass.) Engine solution, including an HA series network appliance and enVision security event management software.