08:47 AM
Connect Directly

Ingrian Networks Helps Union Bank Protect Customer Data Better

Vendor's DataSecure platform boosts bank's encryption capabilities and improves key management.

Few companies want to secure and protect their customers' data more than financial services firms. One security breach can irreparably damage customers' trust. Laws such as the California database-breach disclosure law, known as SB 1386, which requires customer notification when certain types of financial information are disclosed unless they're encrypted, are giving companies new reasons to lock down customer data further.

Union Bank of California (a subsidiary of San Francisco-based UnionBanCal Corp., $46.1 billion in total assets) has done a good job with security, including thwarting network, denial-of-service and other types of attacks, says Bob Justus, senior vice president of corporate information security and IS/IT contingency. But it's not stopping there. "Now we're improving security throughout the full business application process," he says. Union Bank is installing Ingrian Networks' (Redwood City, Calif.) DataSecure Platform to bolster encryption and better protect data such as Social Security numbers and financial information stored in applications, databases and storage systems.

Key Management Key Tool

Justus says he was looking for a centralized platform that includes more granular encryption, key management that supports federal encryption standards and common digital-certificate-management functions such as access logging and auditing.

One of the biggest problems with using the encryption tools that come with applications and databases is key management, Justus says. With most applications, the keys used to encrypt and decrypt the data need to be stored on the same server as the application. If the system is circumvented in some way, the keys are there and available to the attacker, and "you don't get the full value from the encryption," he says. Ingrian Networks' key-management technology doesn't require the keys to be stored locally, Justus says.

Increased pressure to encrypt data will be "one of the biggest security challenges" over the next three years, says Pete Lindstrom, research director at research firm Spire Security (Malvern, Pa.). "You're talking about obfuscating data, and that can make data very difficult to manage," he says.

Ingrian Networks also adds protection against the next software vulnerability. "There always seems to be some new vulnerability issue coming up. You patch and do the best that you can, but there's always the concern of a new zero-day attack," Union Bank of California's Justus says.

Pricing for the DataSecure Platform starts at $32,500.

This article, written by George V. Hulme, originally appeared in InformationWeek, a sibling publication of Bank Systems & Technology.

An award winning writer and journalist, for more than 20 years George Hulme has written about business, technology, and IT security topics. He currently freelances for a wide range of publications, and is security blogger at View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Janice, I think I've got a message from the code father!
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.