Trusted solutions for financial industry
According to the world's leading experts, banking area may lose more than 1 trillion USD from cyber attacks by 2022. The attacks’ main target will always be financial institutions because it is the place where money is. Cybercriminals aren becoming increasingly sophisticated which requires information security departments to continuously monitor advanced protection technologies.
A cybersecurity strategy needs the full involvement and support from the C-suite and board. Senior leaders don’t always fully understand some of the risks the firm has taken on, whether explicit or implicit—but you should. Make sure that your business plan has a cybersecurity component. It’s not complete without one.PwC report “Top financial services issues in 2018”
Since 2018, many Indeed Identity customers from the financial sector faced the need to comply with the PCI DSS. For the first time, multifactor authentication became mandatory for organizations using such payment systems as Visa, MasterCard, American Express, etc. At the same time, according to Positive Technologies research, the use of dictionary passwords takes the 3rd place in the list of vulnerabilities in the bank’s network perimeter. Thus, the implementation of strong authentication became inevitable.
Internal security threats presented as malicious intent or employees’ negligence gave an impulse to search for non-standard solutions. BelarusBank (14th place in The Banker’s Top 25 Central and Eastern European Banks) needed consistent and reliable authentication of a transactions officer and shift supervisor. The existing model where a senior employee confirmed operations by using a simple password reduced the transaction security to zero.
The infrastructure of financial institutions always assumed the presence of users with “the highest level of access.” Their powers are often exceptional and, as a result, become a separate subject of control. Also, high-tech software of financial companies requires daily support from vendors and support services. To monitor their actions is crucial.
To protect against the unusual scheme of digital robberies, we advise financial institutions to treat cybersecurity in a highly responsible manner, especially to pay particular attention to controlling connected devices and access to the corporate network.Kaspersky Lab
The expansion of interaction of bank employees located in remote offices brings the need to protect corporate mail, electronic documents workflow and communication channels. Applications involving the use of digital certificates as an electronic signature, encryption and employees authentication made it necessary to manage PKI.
Protection of corporate workplace with biometric authentication.
Using passwords for authentication might involve a number of cyber security risks and may also be a cause of employee inefficiency. Biometric authentication technologies can be used to eliminate the problems related to password usage. The users do not utilize complex or longer passwords, as a rule, because these are difficult to create and memorize. This allows an intruder to mine employee account passwords quite quickly.
Protected information resources:
- Cloud applications with the use of SAML (Web SSO) protocol
- Microsoft web application with authentication through ADFS
- RDP access
- VPN access
- Own applications by embedding API
The employees use one and the same password for all applications and services quite frequently. This makes the problem even worse, since, having mined the password to one of the systems, an intruder gains access to all the resources available to the compromised user. The Indeed Access Manager solution makes it possible to use different biometric authentication methods in a broad range of corporate applications.
Biometric technologies eliminate passwords from an employee everyday practice and demonstrate the following advantages: higher security level, inalienability of authentication data, comfort of use.
- Palm vein pattern
- 2D & 3D face recognition
Meeting the requirements of PCI DSS standard to user authentication.
Indeed Access Manager is the universal authentication system, designed to implement strong and/or multi-factor authentication in any enterprise systems. Enterprise Single Sign-On technology is also supported.
- One-time passwords (OATH TOTP, HOTP, SMS, Email)
- Smart cards and USB tokens
- Push notifications
- RFID cards
The Indeed Identity products allow implementing all the mentioned authentication technologies combinations. The list of supported authentication scenarios can also be expanded upon request.
Fully control and track usage of privileged accounts.
Another task to solve was control of administrators activity. To do so, the companies deployed a solution to manage privileged access based on Indeed Privileged Access Manager product. The solution allowed to switch from the obvious use of administrative passwords to gaining access through a single control system.
- who is granted access
- what privileged accounts access is granted to
- what resources access is granted to
- for what time
- what session records should be made
Administrative staff no longer knows privileged credentials and cannot compromise them. All administrative sessions are recorded in the video and text format which makes it possible to conduct investigations in case of any violations
To solve problems connected with Public Key Infrastructure (PKI) management, Indeed Certificate Manager has been installed in the companies.
The system implementation helped to solve Customer’s following tasks:
- To automate the digital certificate issue. The list of certificates to issue is set centrally, based on a policies mechanism. The system provides a single and convenient interface to work with smart cards of various manufacturers and models.
- To perform a number of operations connected with smart cards, for example, to renew certificates or unlock a smart card, without putting an additional burden on the department of information security. For this purpose, users receive a self-service made in the form of a web application.
- To automatically meet the regulators’ requirements. The system keeps records of smart cards and digital certificates in accordance with the legislative requirement.
- To centrally distribute PIN code policies to all the smart cards used in the enterprise. The system usage ensures that all smart cards have the same PIN settings.
Smart cards types supported by Indeed CM:
- eToken by SafeNet
- ID Prime by Gemalto
- Indeed AirKey Enterprise
- Many others
Indeed Identity solutions allowed both to implement standard information security scenarios and overcome unique challenges faced by financial companies.
Complying with the PCI DSS was one of the results of implementing Indeed Access Manager in the customers’ infrastructure. It also provided secure access from outside the infrastructure using two-factor authentication (domain password and OTP).
Indeed Identity readiness to customize the solutions according to the customers’ needs allowed implementing non-trivial scenarios.
Biometric authentication became an easy but highly secure solution in situations where the transaction’s subsequent confirmation is required. Now, to confirm the operation done by a regular employee, a shift supervisor only needs to authenticate himself by fingerprint.
Thanks to Indeed Certificate Manager that managed the electronic signature and certificate life cycle, many banks, Indeed Identity clients, significantly increased the infrastructure security and made incident investigation faster and easier.
Indeed Privileged Access Manager made it possible to switch to the access model without using administrative passwords explicitly. It significantly reduced the attack area in this segment and increased the transparency and security of privileged access.
Smart cards account, management of certificates life cycle, implementation of self-service for company employees largely unloaded information technology department and increased the economic efficiency of this service.