Faced with increased pressure from auditors for better logging and reporting, Stillwater National Bank and Trust Company (SNB) looked for a system that would meet its compliance needs and also provide a better view of its network activity.
SNB, a subsidiary of Southwest Bancorp Inc. headquartered in Stillwater, Okla., with 28 locations in three states, reviewed five security information management systems (SIMs) vendors. In addition to meeting auditing requirements for log management, the bank wanted a SIM that provided strong reporting capabilities and 24x7 alerting, said Laura Briscoe, vice president of information security at SNB.
The bank ultimately deployed a security information management system from TriGeo Network Security Inc. Within a month, SNB had about 650 sources feeding information into the SIM, including workstations, routers, servers and firewalls. "It gives us more insight into how the network is used," Briscoe said. "And it gives us the reporting we need for the auditors."
SIMs can serve multiple purposes in the financial industry from meeting regulatory and corporate compliance requirements to security trend analysis, said Randall Gamby, a security architect at a large insurance firm. For example, with the proper policies in place, a SIM can help alert an organization to data leaving the corporate domain and enforce policies such as encryption of personally-identifiable information sent outside the organization, he said.
A SIM also helps with "risk dashboarding" by providing a view into how well the company is doing with regards to meeting compliance requirements, Gamby said. "You can also test whether the remediation steps you're taking are effective," he added.
One area where SIM technology needs to improve, however, is in the integration of identity information, Gamby said: "SIMs are about events and systems. SIMs by default don't include the people information, so you're only half way there."
In addition, SIMs may not always be pervasive across a large, distributed enterprise, which means they might not provide a complete view into an environment, he added.
The SIM market has seen a lot of consolidation, but it's still awash with vendors, including ArcSight Inc., Intellitactics Inc., EMC's RSA Security division and Q1 Labs Inc.
John Kindervag, a senior analyst at Cambridge, Mass.-based Forrester Research Inc., said SIM technology has morphed from its original purpose of security threat response into primarily a compliance tool. The PCI Data Security Standard is the main driver in the SIM space, he said.
"You can use the tool to show the status of the effectiveness of the technical controls you've put in place," Kindervag said. "It's for validation and reporting purposes more than threat response."
For SNB, the SIM from TriGeo provides audit trails to meet compliance requirements for Gramm-Leach-Bliley, the Sarbanes-Oxley Act and other regulations. Briscoe said TriGeo, which targets the midmarket, was the right fit for the regional bank, which has $2.7 billion in assets and about 450 employees. She likes the support the company provides; if she needs to build a customized report, TriGeo has been responsive in helping her.
SNB also uses TriGeo's USB-Defender product to prevent use of non-corporate issued USB devices in the enterprise. "The only USB drives you can use here are the ones that we purchase," Briscoe said. "It's encrypted on the fly. Use it while you're here and anything else you can't plug into my network."