PSCU is a credit union service organization (CUSO) that helps nearly 700 credit unions provide competitive service offerings to their customers, including debit and credit cards, electronic banking, online bill payment, mobile banking and more. With PSCU, credit unions can attain new revenue streams, reduce costs, and provide innovative servicing to their customers.
Financial institutions are one of the most targeted industries for data theft, often by organized, profit-driven cyber criminals seeking data that can be readily converted into cash. Organizations in this sector require the highest level of security for their regulated and sensitive information. PSCU was aware of these threats and was concerned about the potential consequences to their bottom line and reputation in the event that malware was to penetrate their data center.
“Our decision to purchase FireEye and Imperva resulted from a change in philosophy. Like most companies, we were focused on protecting the perimeter, but with the advanced threats we’re seeing today, you can’t stop people from getting inside,” says Bradley Walker, IT Security Manager, “We decided to take a data-centric approach, to concentrate on making sure they can’t get to our business-critical information.”
“As a financial institution, we fall under PCI regulations. In addition to protecting cardholder data, we wanted a solution that could be used for defending against advanced targeted attacks,” says Richard Bennett, Senior Security Analyst at PSCU.
Advanced targeted attacks are multi-phased, and organized explicitly to bypass the security perimeter, often targeting company employees as an entry point. The company had tokenization and encryption technology in place to protect sensitive information; however, PSCU understood that the ability to monitor all access to sensitive information and respond to suspicious activity in real-time was a critical step toward enhancing their security posture. In order to monitor privileged users—a prime target of advanced attacks—and locate unauthorized copies of databases, such as those used by developers, the company sought a database audit and protection (DAP) solution.
Advanced targeted attacks are challenging for organizations to detect because these attacks aim to operate under the radar. To help detect advanced targeted attacks, which often leverage malware, PSCU wanted a dedicated malware detection solution to add to its layered defense strategy.
“After evaluating other vendors, we chose Imperva’s Database Firewall solution because it’s best in the breed—we purchase based on that criteria,” says Walker. SecureSphere audits all access to sensitive data in real-time across PSCU’s database platforms and includes powerful analytics and reporting. The product also locates sensitive data within databases to help PSCU focus their security efforts, and offers assessment tests to identify unpatched vulnerabilities or poorly configured security settings.
After testing competing products, PSCU chose the FireEye malware detection solution based on its robust virtual execution engine coupled with an easy-to-use interface. Evaluation criteria included the ability to protect against multifaceted attacks, and prevent any data exfiltration attempts from command-and-control (C&C) servers. “Before we implemented FireEye, we were blind to malware on our network; we needed to establish a baseline,” states Walker, “Now we understand where malware is entering our network and its source.”
Because of product-level integration between SecureSphere Database Firewall and the FireEye Malware Protection System, PSCU was able to uniquely leverage the two as a component of their anti-malware security program.
Incident Response Process
PSCU sought to incorporate a remediation strategy as part of its malware incident response process. For PSCU, an effective remediation strategy includes a layer of protection closely positioned around their data center assets, which can prevent malware from reaching those assets. The FireEye Malware Protection System identifies infected hosts and passes that information to Imperva SecureSphere. SecureSphere uses this actionable intelligence to prevent infected machines from accessing sensitive database information. By selectively isolating access to specific data, PSCU has significantly reduced security risk while disruptions to the end-user and ongoing operations have also been minimized.
“FireEye and Imperva are sitting at the front-end, operating as an early warning system,” says Walker, “When FireEye detects a compromised device, it feeds that information into SecureSphere Database Firewall, where we’ve set up security policies to block that particular device from accessing any kind of sensitive data.”
SecureSphere’s detailed audit trail serves as a tool to perform forensic investigations and accelerate the incident response process. Additionally, by monitoring database activity in real‑time, Imperva establishes a baseline of normal user access patterns and responds to material variances in behavior as a second layer of coverage.
By partnering with FireEye and Imperva, PSCU’s sophisticated IT Security team has achieved an end-to-end solution for detecting malware and protecting their data center from targeted attacks. They are looking to roll out the Imperva-FireEye integration to secure their unstructured file data in the future.