Having read several alarming stories about spear phishing attacks through which a company's internal PCs are infected by malware and become part of botnets through which criminals can access and browse around the network, John Shields, CTO of Patelco Credit Union, recently installed a network access control system that monitors all network activity and detects anything suspicious.
San Francisco-based Patelco is one of the largest credit unions in the U.S., with more than $4 billion in assets, two data centers and 47 branches throughout California. It uses Cisco switches and routers, HP servers and Microsoft applications throughout its networks. The network access control system, Counteract from Forescout, was intalled on 1,500 endpoints across the network within two weeks.
The software monitors network traffic to detect types of behavior that it then classifies. If it sees one computer talk to several others, that could abnormal, suspect behavior that triggers an alert; the IT staff might then block that device on the network. While the NAC system can block devices automatically, Shields has not yet turned this feature on. "Our concern is that we don't want to block something that looks suspicious but isn't," says Shields, who gave Bank Systems & Technology an exclusive interview.
The software helps the credit union comply with Sarbanes-Oxley-like regulations (credit unions aren't subject to SOX, but they have similar regulations). "We need to know what what devices and services people are accessing and the confidential nature of the services," Shields notes. The system also scans all computers to check whether their antivirus software and operating system patches and updates are up to date. If anything is out of date, the software automatically launches the update process.
Although fortunately the software hasn't detected any criminal activity yet, Shields can tell that it is working. "Today, we had a vendor come in who tried to plug in his laptop; the software alerted us and we were able to remediate that right away," Shields says.
Shields has not tried to define a return on investment for the software, but considers it a necessary part of doing business.
Next on his anti-fraud agenda: turning on the software's automatic blocking feature, so that when potentially malicious activity is detected the device can be automatically locked down.