• A Case Study in Finance

Customer Case Study: Armed™ Powered By UDT – Finance

CLIENT – INDUSTRY VERTICAL

Large, well-distributed Community Bank – Banking/ Financial Services Industry.

CLIENT SUCCESS STORY

One of United Data Technologies (UDT)‘ clients, a well-known Community Bank, experienced what was, and is, a common IT security issue in organizations of many sizes—i.e. misconfiguration of internal user accounts resulting in significant susceptibilities. A large percentage of distributed organizations in all industries, including this UDT financial services client, experience user accounts being incorrectly, or unwittingly, added, deleted, and their access permissions being erroneously set up or changed. This phenomenon is frequently a result of neglect or carelessness, but not intentional. However, cybercriminals have often leveraged these inadvertent security vulnerabilities to attack data and systems. Even if these actions are not initially malicious, cybercriminals constantly “hunt” financial institutions and others with secure, highly regulated, sensitive customer, financial and other critical data for opportunities to steal that data or hold organizations for ransom.

UDT’s financial services client was confronted with one of these situations of administrative abuse. This client is mid-sized but has a reasonably large administrative and systems staff. It also utilizes contractors to augment its internal team that support specific line-of-business applications and other technologies. Contractors were and are given access to the client’s applications and accounts in test environments through a governance process, including an internal information technology committee, and according to organizational policy—all in support of compliance with Gramm- Leach-Bliley Act (GLBA) Act banking regulations. In this specific case, UDT’s banking client, which had at the time a robust Microsoft cyber-defense architecture for its systems and customer data, made a high-level identification of a potential vulnerability through Microsoft Azure Advanced Threat Protection (ATP). Azure ATP initially identified a misconfigured administrative account for UDT’s client’s core production IT framework for external contractors – not for the test environment wherein contractors were and are approved through the bank’s governance process – as the source of the vulnerability. This dangerous susceptibility could easily have resulted in an attack on customer data and technologies if not quickly rectified.

UDT, a Microsoft Gold-competency Partner, with significant experience in numerous Microsoft platforms and the ATP solutions, with deep certification in Microsoft Security, was engaged by the financial services client’s Chief Information Officer and IT team to further investigate the issue. UDT initiated its unique ARMEDTM Powered by UDT Governance-as-a-Service (SaaS) solution to interact with, and augment, the banking client’s Microsoft services. ARMED was able to further isolate the issue and provide a very detailed detection, cleansing, and, going forward, hardening of critical systems through a unique combination of professional services and a SaaS “single pane of glass,” which consolidates Microsoft Security and other related protection and remediation services. In the case, the applications were of UDT’s ARMED solution for Microsoft Azure Advanced Threat Protection (ATP) and Microsoft Office 365 (Microsoft 365) ATP.

CO-SELL OPPORTUNITY

United Data Technologies (UDT) is a Microsoft Gold-competency Partner. ARMEDTM Powered by UDT is a unique solution to the company – representing UDT’s intellectual property – that is designed specifically to work with, and add significant additional layers of detection, isolation, remediation and process design, for Microsoft Security solutions. ARMED combines unique, patent-pending professional services and technology that supports, enhances and adds to Microsoft Advanced Threat Protection (ATP) for Microsoft Azure (Azure ATP), Microsoft Office 365 (365 ATP), and Microsoft Windows Defender (Windows Defender ATP). UDT can bundle the ARMED Governance-as-a-Service professional services and SaaS platform with the Microsoft tools, or provide it as an addition/supplement to these platforms on the basis of previous subscriptions.

PROOF POINTS – ARMED POWERED BY UDT FOR MICROSOFT AZURE ATP AND MICROSOFT OFFICE 365 ATP

1. UDT’s Community Bank client’s security incident initially identified as potentially malicious in Microsoft Azure ATP.

2. UDT’s team, in collaboration with the CIO of the institution identified situation, determined that admins from an external contractor organization were erroneously provided access to the bank’s core processing system and customer data with privileged security.

3. With the ARMED process and technology, the CIO and IT Team and UDT, were able to extend Azure and Microsoft 365 ATP to stop the vulnerability from continuing to occur, to force the erroneous accounts to be deactivated, and notify the CIO through the single pane of glass of all actions taken and continued remedies.

4. ARMED then extended the Microsoft ATP solutions to validate activity on core system and consumer banking accounts and do a “deep dive” on whether any abuse had occurred on the unauthorized accounts.

5. It was formally documented that outside contractors should not have had access to these systems and that the accounts that were created were not approved through the bank’s IT committee and policy. ARMED is both a process and a set of prescriptive and remediation technologies to bolster Microsoft ATP services, including policy development and tuning. Through that end-to-end process, the bank’s CIO and UDT documented expressly that all contractors should only have access to regulated test environments, and they further hardened the security approval process.

6. ARMED also codified key events to monitor (a comprehensive incident response process) for privileged accounts and immediate escalation.

7. All of the processes documented through ARMED and the bank’s CIO and internal team were aligned to specific requirements and governance outlined in GLBA Act regulations.

8. Had cybercriminals gained access to the bank’s entire production-level / live financial environment, billions of dollars in assets, including customer accounts, could have been compromised.

9. Principally, if publicized, the incident could have created a huge loss of credibility loss with the bank’s customers, which, while critically important for any organization, it is even more essential to banking institutions, and furthermore to community banks. With ARMED, UDT was able to detect,
protect and remediate the issues with the bank’s team in a timely-enough fashion to avoid this unfavorable outcome.

Click here to view original report.