A couple years ago, good security meant a good firewall at the periphery of a bank's network. Today, given the range of internal and external threats at financial institutions, that's no longer enough. Instead of installing security appliances at key locations, banks like Fayetteville, AR-based ANB Financial are turning entire networks into security systems.
Founded in 1994, the bank grew to $650 million in assets in just over a decade. ANB has always been aggressive with new technology, being an early adopter of imaging, Internet banking, mobile ATMs and VoIP. And to stay ahead of the security curve, the bank's rolling out biometric ID for employee security. A fingerprint scan will be used in conjunction with another security measure, such as a passcode or a keychain-sized dongle.
The innovation is part of the bank's enterprise-wide security overhaul that includes revamping the communications network to include safeguarding more than just the network's perimeter. The bank has installed a system from Enterasys Networks, with the help of VeriSource, its technology partner.
The system, called the Enterasys Secure Network, includes switches and security routers, as well as a central management console. The bank can manage its entire network from a single location, monitor usage and detect abnormal behavior. The system covers about 250 workstations, 12 locations and more than 250 users in Arkansas and Utah.
The switches, which help dictate system accessibility, were installed about six months ago and give employees a well-defined set of behaviors based on job need. "We call it 'least privilege'," says Cris Carter, the bank's svp of electronic data processing. "They only have access to certain programs and, within those programs, to only those aspects that they need to do their job. And that access is reviewed each year and locked down."
Part of the strategy is to combat the threat of internal sabotage, a problem that's growing even faster than external attacks. "By locking down the security on the internal network, it would reduce the possibility of someone physically getting onto one of the computers that they shouldn't have access to," says Don Goff, COO for VeriSource.
The bank had been using internal detection, but wanted to beef it up to meet an increasing internal threat. For example, the Enterasys system is capable of intelligent behavior, learning and responding to problems on the fly. "It's getting better and better as it learns the intricacies of our system," says Carter.
That the functions are distributed across the network means it can pick up complex and hard-to-detect threats, says Enterasys CTO John Roese. And by distributing security functionality, threats can be detected quicker. "There's a linkage between the ability to detect incredibly complex security events and respond where the event is actually occurring, rather than at an aggregation point," he says. The system can also respond automatically according to pre-set security rules and policies. That allows the technology to respond immediately by, say, quarantining a site of a suspected virus outbreak, before it spreads.
These benefits are enhanced by a simple and intuitive interface, adds Nat Bothwell, ANB's evp for marketing. "A single platform means that you can manage it efficiently with a limited number of staff," he says.
The security upgrade is the latest project between ANB and VeriSource, which have a relationship that dates to 1996. VeriSource was once a subsidiary of the bank, but was spun off. It handled the construction and maintenance of the bank's Web site and ran a help desk for its desktops.
The bank keeps some technology projects in house, including a data processing department, and a front-end Web site developer. "But for a mid-sized bank, a relationship similar to what ANB has with VeriSource could be a win-win situation," Bothwell says. "It gives us redundancy and a constant flow of expertise that we would not be able to afford, especially in the early days. We've been able to do more with less as a result."