Can a computer network come to its own defense?
Cisco Systems believes it can, and is offering a "Self-Defending Network" solution the company says can respond to viruses and worms before receiving instructions from the credit union's IT staff.
In an interview with The Credit Union Journal, Cisco executives said several credit unions have already put the integrated network solution in place, including Arizona State Savings Credit Union and Mountain America Credit Union. But other credit unions remain unaware of what it is the Self-Defending Network can do, they said.
"What we're trying to do is educate credit unions on how it is the Self-Defending network can help with risk assessment and compliance, such as with Gramm-Leach-Bliley (Act)," said Rune Olsund, Customer Solutions Manager with Cisco. "I think what they don't realize is that security is much more than a well-managed firewall; it's having layers in place. It's never going to be 100%, but you want to have as much security as you can."
According to Olsund, the Self Defending Network is an intrusion detection system that has "security agents" at all of a credit union's endpoints, such as the ATMs. The company says a credit union can use its existing investments in routing, switching, wireless, and security platforms to deploy the Self-Defending Network to help identify, prevent, and adapt to both known and unknown security threats.
He said that through the use of what is essentially a network "mission control," the system constantly seeks out anything that might be considered an intruder, including, for instance, an employee attaching a laptop to the network.
In a demonstration of the technology for The Credit Union Journal, Cisco representatives said that many credit unions lag in security because all of the third parties with which they deal tell them their particular boxes are secure.
"Bur there must be a human policy in place," stressed Olsund. "One misconception is that if I buy this box, I'm secure. We try to quarantine a machine. We're also proactive in trying to track and prevent (intrusions). I think we're getting much better, but where a person does something malicious, that's much harder to prevent."
Olsund said that one risk the company sees in higher profile at credit unions than larger providers is that one person is performing multiple jobs within the IT structure, and that there is seldom a dedicated security expert. At many credit unions, those responsibilities are part of the "hodge-podge" of general responsibilities in the department, they said.
"Our point is there must be integrated security in order to protect your credit union's most important asset, and that is member trust," said Olsund. "Credit unions have been early-adapters of (voice over Internet protocol) and IP telephony. As credit unions deploy more applications on the network they need to be comfortable that it will be secure when it's up and running. Credit unions also have less scale issues than other institutions; it's easier to deploy across 10 branches than 100."
