America First Federal Credit Union - Security
Host-based security system strengthens protection at America First Federal Credit Union
Mountain States Networking Helps Strengthen
Security at America First Credit Union
Systems integrator teams with Cisco to help thwart security threats proactively
America First Federal Credit Union (AFFCU), a member-owned financial cooperative formed in 1939, is a $4.5 billion institution with 1,700 employees and 88 branches.
A leader in the financial services industry, AFFCU recognizes malicious attempts to breach any network – such as the infamous Blaster worm – pose a constant data security threat. With millions of laptop computer users and the growing popularity of convenient online transactions, no organization is immune to the danger.
Cody Hatch, Network Systems and Security Manager, says while there may be only a handful of security people working at any financial institution, there are unlimited people who might attempt a criminal act.
“We need to be right 100 percent of the time,” Hatch said. “Because someone determined to take malicious steps against our members needs to be right only once.”
In the world of network security, however, Hatch feels there are few absolutes. AFFCU didn’t feel it was prudent to rely solely on vendor application security, patches and antivirus signatures and, Hatch said, “sought to find and utilize a system much more agile and customizable for our needs, giving us the means to take proactive action.”
The team also sought a program that would allow them to more easily note how applications were behaving, receive system alerts and complete “activity scrubs” so network information could be collected and evaluated for signs of threats.
Beginning in 2004, more proactive network security measures became the AFFCU network security team’s goal.
Security incident monitors at AFFCU had been generally successful in mitigating risks. “However, those monitors were cumbersome and not customizable in ways that would have allowed us to be more proactive,” said Hatch.
To help, AFFCU, turned to Mountain States Networking, a Cisco Systems Gold-Certified partner headquartered in Salt Lake City, Utah, serving the Intermountain West. Mountain States had been a partner with AFFCU for several years, providing networking infrastructure and network security systems. AFFCU’s security team set out a plan for demonstrations, testing and evaluations of upgraded security monitoring and alert systems that would deliver a solution.
According to Eric Lee, Mountain States Networking’s account manager, AFFCU’s requirements for tighter security “included data security and account protection, first and foremost. But the system also needed to go beyond monitoring against attacks. It needed to be customizable and leveraged in numerous ways.”
Comprehensive tests pave the way
As a potential solution for host-based protection, Hatch and Mountain States Networking collaborated in arranging demonstrations and testing of a Cisco host-based security device.
The device combines zero-update attack protection, data-loss prevention and signature-based antivirus in a single agent. It is designed to allow AFFCU to conduct proactive security monitoring and not rely solely on antivirus applications sitting on desktops.
Additionally, a customizable Cisco® Security Monitoring, Analysis, and Response System (MARS) was loaned for the test. MARS integrates network intelligence and correlates network anomalies and security events, validates incidents, investigates them, and mitigates attacks while monitoring the overall system.
MARS was used to correlate all of AFFCU’s intrusion detection, anti-virus, firewall, server, and application logs, as well as customized events from other systems.
Mountain States Networking assisted in selecting a correctly-sized security device for the test, configuring it, determining where to place the device in the network, and then deciding what incidents should be sent to it to verify system parameters.
“We threw everything we could at the security system,” Hatch recalls. “We extrapolated a number of events we might get in a production environment, sized the device appropriately, saw how it would glean relevant information from the network, and learned how customizable it would be. We didn’t have to babysit it.”
The security team sent tens of thousands of events per minute at the device, and the testing confirmed that threats were isolated and identified.
“The system was quick to respond,” Hatch said. “I was surprised how well it handled the flood of data we sent to it and how much it could be customized. Other security monitoring systems would have bogged down.”
The successful testing resulted in AFFCU’s purchase and installation of the equipment from Mountain States Networking.
Reports instantly identify attempted attacks
The security monitoring system, installed on all employee desktop and laptop computers, generates analytical reports hourly and daily based on hundreds of custom rules. Events and alerts are delivered in real-time to MARS, and reports are generated to help AFFCU monitor intrusion attempts into the systems and firewalls.
Today, AFFCU is getting a wealth of information from the system, Hatch reports. In addition to the real-time alerts on critical issues, data is sifted and mined for relevant security information.
The system, for example, has successfully blocked attacks when Internet sites attempted to compromise vulnerabilities found within Adobe when patches had not yet been issued.
“We have a custom rule in MARS letting us know when an application starts behaving like Adobe does,” Hatch said. “We have caught several Web sites attempting to compromise PCs. We know about it when it happens because the security device logs in to MARS and MARS triggers the custom rule.”
What’s true ROI?
Blocking and identifying malicious code “is something you cannot put a price tag on. It’s hard to put a dollar figure on its value when the system gives us the tools to prevent a single damaging attack from succeeding,” Hatch says.
He was pleased to discover substantial buy-in to proactive security measures among AFFCU’s management ranks.
“Identifying, mitigating and managing risks in an affordable way are issues our leaders understand and act upon,” Hatch said.
As for his relationship with Mountain States Networking, Hatch says Cisco and other vendors “are introduced to us in a transparent way. You would think Mountain States and Cisco were one company. I have significant trust in its staff. You don’t know the true intent of some integrators. With Mountain States, we know they have our best interests in mind.”
# # #