What's New | Solidcore Blog

ATB Financial prevents change related outages

Tue, 22 Jul 2008 12:51:41 -0400

Taps Solidcore S3 Control to enforce change policy

ATB Financial, one of the largest financial institutions in Canada and the fastest growing bank in Canada, is implementing Solidcore’s S3 Control software to gain visibility over changes across its IT environment and prevent change related outages. ATB is standardizing on Solidcore to increase its IT service availability and streamline change processes.

According to Michael Redeker, vice president and chief technology officer for ATB Financial, “Our IT infrastructure is at the heart of providing exceptional customer service, and as a leading financial institution we cannot afford to have unauthorized change compromise the availability of the network and systems that propel our financial services. Solidcore is the key to managing change across our IT environment, and we look forward to using the S3 Control product to verify that our IT change management best-practices are followed and unauthorized change is not allowed to occur on our critical systems.”

Solidcore's David Walker noted, “Rigorous demands are often placed on the IT group of a financial institution, which often translates into an increased number of file and configuration changes across the infrastructure, and a greater risk for unwanted change. If you are not using Solidcore to detect and stop unwanted change, you are playing Russian Roulette with your IT infrastructure. We are excited to see ATB Financial join a rapidly growing portfolio of customers that are eliminating change-related risks and outages with Solidcore’s real-time change control.”

Tony Thompson
Corporate Marketing & Communications
tthompson@solidcore.com

Insider IT Sabotage - Super Villain of the Digital World?

Mon, 21 Jul 2008 14:29:13 -0400

San Francisco network sabotage leaves administrators feeling helpless

It's still "dark" within the city of San Francisco's network and IT organization after it was determined one of its own network administrators went rogue and changed passwords and allegedly enabled lock-out code preventing any others from accessing the key components. He is still holding the master password for ransom.

According to Insider Threat Research from CERT there most likely would have been pre-cursory warning signs:

Summary of Observations made within a study conducted by CERT, US Secret Service and the National Threat Assessment Center

- 90% of Insiders were granted system administrator or privileged system access when hired by the organization

- 57% of Insiders were perceived as being disgruntled due to unmet expectations

- 92% of Insiders attacked following a negative work-related situation such as termination, dispute with employer, demotion or transfer

- 87% of Insiders performed technical precursors prior to the attack that were undetected by the organization

- 75% of Insiders created access paths unknown to the organization, 57% did not have authorized system access at the time of the attack

- 93% of Insiders exploited insufficient access controls

This should be chapter one in the "Worst Case Scenario" book for CIOs and corporate boards.

Ensure that controls are in place to allow IT administrators (role) to perform their duties (responsibilities) within their job function and scope (segmentation). However monitor, track and alert on all password changes to ensure that the keys to the digital foundation of your organization are not enabling IT Sabotage and or malicious hi-jinks.

This type of drama is unfolding like a comic book, similar to the Marvel comic character Rogue, who at times is good, at times is evil but shares one trait with today's Digital Super Villain - the ability to absorb the powers of others. This could even be exemplifed by the modern day boxoffice thriller Hancock.

Bottom line: Don't let your controls only be policies on paper. Make sure you have the power of enforcement!

Kim Singletary
Director of Embedded Solutions
ksingletary@solidcore.com

Rajesh Rajamani
Product Manager
raj@solidcore.com

Credit Card Theft Blame Game

Thu, 10 Jul 2008 20:58:19 -0400

Cardtronics owned 7-Eleven ATMs uncover a new blame game for who is responsible for credit card thefts

The 7-Eleven/Citibank ATM breach points out the complexity of field deployed self-service kiosks and ATMS. They may be convenient but transactions take a very different path versus a bank-based ATM on the outside of their branch, securely connected on the corporate network.

Using networking lingo, how many "hops" does it take to get a single transaction processed from the remote ATM?

My hypothesis is the following steps:

1- Local processing at the ATM itself

2- Network transport provided by regional and local players to give connectivity

3- Transaction processing of several remote ATMs to aggregate back-end servers within 7-Eleven or Cardtronics "vcom"

4- Connectivity to the third party payment acquirer contracted by 7-Eleven or Cardtronics to provide settlement services

5- Payment Acquirer connectivity and settlement services with Citibank

This is a good example of semi-trusted cooperative networking at its best. The Payment Card Industry Data Security Standard (PCI DSS) expects that compliance is upheld with all those that touch a payment network. However compliance takes people, process and technology, and it is only a baseline for security. The PCI core strategy is know who is accessing the network and log activity, and to monitor for exceptions. When you outsource or trust a service provider, then who is to blame? With all of the hops listed above, can you believe that a single piece of malware went unoticed at some point in this scenario?

Trust and Faith in partners and suppliers is appropriate. But I also like Control and Prevention. Like many of our current customers, they know that Preventing and Detecting Change is important, that's why Solidcore is used today in over 60,000 ATMs worldwide!

Kim Singletary
Director of Embedded Solutions
ksingletary@solidcore.com

What's New | Solidcore Blog

ATB Financial prevents change related outages

See Also

Insider IT Sabotage - Super Villain of the Digital World?

See Also

Credit Card Theft Blame Game

See Also