Bank adopts 'security data warehouse' to fight persistent security threats

[InfoSec News <alerts () infosecnews org>]

http://www.networkworld.com/news/2011/102511-zions-security-252371.html

By Ellen Messmer
Network World
October 25, 2011

Zions Bancorporation has set up a massive repository for proactively 
analyzing a combination of real-time security and business data in order 
to identify phishing attacks, prevent fraud and ward off stealthy hacker 
incursions known as advanced persistent threats.

"This system allows you to start leveraging disparate types of events 
around the organization, such as patterns of behavior in your network," 
says Preston Wood, chief security officer at Zions, in discussing how 
the Salt Lake City bank-holding company, which has over $51 billion in 
assets, has set up its data-mining analytics for security purposes.

The foundational tool for Zions, is the Zettaset Security Data 
Warehouse, based on open-source Hadoop for data-intensive distributed 
applications. Wood says for him, the approach a huge change because it 
relies on making security decisions based on mining business 
intelligence and combining it with security-related event data from 
security devices

Today, security analysis more typically relies on what's known as 
security information and event management (SIEM) tools which can 
aggregate security and other technical information for a birds-eve view 
of network activity or detect possible unauthorized actions. Wood says 
that's fine in and of itself, but it's now possible to go further 
through correlation of business activities, based on feeds from other 
sources too.

[...]


_____________________________________________________
Subscribe to InfoSec News - www.infosecnews.org
http://www.infosecnews.org/mailman/listinfo/isn