The fact that Quantum National Bank was able to use a product called Gladiator RTA to locate and avert losses due to outbound connections made by internal malware didn't make the specter of potentially severe losses any less frightening.
Sean Williams, the Suwanee, GA-based bank's IT officer, remembers the first RTA alert as "scary because we knew what could happen." But RTA, which the bank added to its layers of security earlier this year, blocked the malware from making outside connections while Williams and his IT team disconnected the machine from the network and took care of the malware executable program. The product has already spotted three infected devices.
The value of the technology goes beyond the potential price tag of the average data breach ($6.65 million according to a recent study by the Mercator Advisory Group), says Williams. "Knowing there's someone else watching the info gives us peace of mind and helps us makes decisions about where to focus our attention."
Gladiator RTA is a managed service that looks for malicious activity by examining a network's successful outbound connections. It mines firewall data for anomalies in inbound or outbound traffic that tries to link to known or suspicious IP addresses and Internet systems. When it finds any suspicious connections it quickly alerts the bank, pinpointing malware-compromised machines inside the network.
"We look at raw traffic data for patterns and overlay this with ever-growing lists of over 3.5 million malicious hosts and IP address," says Matt Riley, CIO for the Gladiator division of ProfitStars, a Jack Henry & Associates, Inc., company based in Dallas, who says the product snagged 1,600 total outbound call incidents for its customers in 2009. "The threat landscape has evolved so much that standard security that looks only for signature-based viruses, spyware and malware aren't sufficient anymore," he says.
Analysts agree that security threats that derive from inbound and outbound connections are a trouble spot for financial institutions, and there's plenty of security providers that play in the space, including SecureWorks, Inc., Memento, Inc., and Actimize, Inc. Gladiator RTA claims a different approach in that it attempts to identify emerging threats rather than combat existing dangers.
"There has been a rapid evolution in the threat environment. It's an arms race," says Aaron McPherson, a security analyst and practice director with IDC Financial Insights in Framingham, MA. McPherson calls Gladiator RTA's analytic fraud prevention "robust" because it's looking for patterns instead of specific, already-known viruses and malware.
"This is definitely an important threat to mitigate against," says Avivah Litan, a vp and distinguished analyst at Gartner. "In an integrated system with secure Web gateways and e-mail gateways this provides a nice layer and the more layers [of protection] the better."