Banks these days simply can’t fly by the seat of their pants when it comes to security. They not only have to answer to government regulators, but investors and customers as well. Unibank CJSC in Yerevan, Armenia knows this as well as anyone. The answer to many of its security, governance and regulatory challenges is a one-two punch from GFI Software. The bank deployed GFI EndPointSecurity® and GFI EventsManager®.
Unibank has been using software from GFI for seven years – half of the bank’s entire existence – so long that the memory of alternatives has grown faint.
“Before I selected this product, I tried many alternative programs. It was so long ago that it is hard to remember the list of alternatives and their inconsistency in meeting requirements,” said Elen Mikayelyan, head of system and network administration for the bank.
One area of exposure identified by Unibank was data leakage through USB devices and other portable devices that carry data. The bank needed a way to “prevent data outflow to portable devices by controlling, auditing and securing access to removable devices,” said Ms. Mikayelyan.
That is the very purview of GFI EndPointSecurity®, which secures endpoint devices and stops data breached by controlling USB drives, iPods, thumb drives and other endpoint devices that can store data.
Unibank was also concerned with understanding network traffic and the threats its poses, and here the bank needed “real-time centralized event log monitoring for critical security incidents from all types of systems and devices, and periodic analysis of security-relevant logs,” Ms. Mikayelyan noted.
That solution came in the form of GFI EventsManager®, which does event log monitoring and analysis, management and log archiving.
The 14-year-old Unibank can’t take compliance and security issues lightly. Corporate governance and risk management are critical to the bank’s reputation, to protect commercial and retail customers, and avoid liability. The bank doesn’t just provide deposit and loan services, but credit and debit cards, investment and settlement services as well, among other services.
“Risk management in Unibank specifies a complex system of interrelated activities which is directed to prevent and minimize potential losses,” the bank explained. “The ultimate goal of the bank in relation to the Risk Management is preservation of Bank’s capital and assets on the high level by minimizing risks.”
Some compliance standards apply nearly the world over, and two of these apply to Unibank – PCI-DSS and ISO 27000. The PC-DSS standard is designed to protect credit card and similar online transactions, which can be a key area of exposure for the banks that issue and must stand behind the cards.
ISO 27000, meanwhile, represents a series of international standards related to information security – and helps to define a so-called Information Security Management System (ISMS). ISO 27000 revolves around protecting information, the lifeblood of any bank, and refers to information contained in IT systems and even stored in paper documents and other forms.
IT, in most cases, is not the owner, but the custodian of the data and is obliged to protect it. Fortunately for Unibank, the duo of GFI EndPointSecurity® and GFI EventsManager® offer a high level of information security, helping Unibank to remain in compliance, Ms. Mikayelyan said.
Features and functions are all well and good, but mean nothing if the software is hard to install, manage and use. Fortunately Ms. Mikayelyan found GFI tools have an “easy and effective administration process. I haven't encountered any serious and unsolvable difficulties while installing, configuring or during administration of GFI products.”
Furthermore, the GFI tag team of security tools makes IT life easier. “It saved my operation time: there is a one-time easy initial installation and configuration process, with easy ongoing management,” she said.Not all tools are perfect and Ms. Mikayelyan has a few ideas for improvement. “It would be great for me if there was a web Interface, multilevel user access to administration console with different permissions, and detailed administration/configuration actions logging,” she concluded.
Disclaimer: All product and company names herein may be trademarks of their respective owners. To the best of our knowledge, all details were correct at the time of publishing; this information is subject to change without notice.