38 JANUARY / FEBRUARY 2017 In 2000, the notion of having a third party watch a bank’s network was brand new, yet as early as 2004, the Indiana Bankers Association brought the concept to member banks through the endorsement of Infotex as a Preferred Service Provider. Now this concept has become industry norm, and Infotex has led the field in developing intrusion prevention and intrusion detection services. Infotex has been a managed security service provider (MSSP) since 2000, with the primary purpose being to show community banks how to effectively monitor and manage technology risk. Dan Hadaway, Infotex’s managing partner, has been effective in letting banks know this risk can be found in network traffic or in event logs from servers, firewalls and other critical assets. The MSSP services provided by Infotex – that is, being the entity that “watches the watchers” – allow banks to segregate duties between information technology and information security. Infotex teaches banks how to create an incident response process, that assists the bank’s management team in the recognition of an incident and the tracking of it as it proceeds. In addition, Hadaway provides free monthly webinars (my.infotex.com/the-2016-it-governance-tour), keeping banks updated on the latest issues involving information security and information security officers. Because Infotex is also an audit firm, systems are deployed in a compliant manner. Not only does being an auditor make Infotex a better MSSP; being an MSSP (the recipient of its own regular audit reports) makes Infotex a better auditor. Back in 2005, Infotex began offering the ability to consolidate and watch event logs in real time, a service which led to the development of the security information and event management (SIEM) product. This product is customizable to the client’s needs. For community banks, being able to adapt to customers’ needs is a differentiator, and Infotex can provide the same flexibility to banks. This managed service, based in a security operations center, allows Infotex-certified professionals to monitor the bank’s network and critical asset logs in real time, 24x7x365. In addition to monitoring information, an Infotex deployment team will work with the bank’s staff to consolidate all critical logs from the bank’s network and provide training on which logs to watch and when to watch them. Meanwhile the SIEM system filters through the log “noise” to identify the one-in-one-million actionable event that needs attention. The recent cybersecurity assessment tool has many facets, which Infotex has been covering for several years, including all the requirements of Domains 2 and 5, as well as the entire “threat intelligence” process that is required by the assessment tool. Infotex is staffed with CISSPs, CISAs, CRISCs* and consultants with multiple other certifications and has been in the Federal Financial Institutions Examination Council’s technology service provider examination program since 2009. This knowledge and experience has allowed Hadaway and his team at Infotex to stay current on today’s threats and assist in the completion of the many cybersecurity regulations that have been announced over the recent years, including the cybersecurity assessment tool mentioned previously. Hadaway leads several of the educational sessions provided by the IBA, including the facilitation of the IBA Cybersecurity Conference. For more information about Infotex and its services, contact Rod Lasley at the IBA at rlasley@indianabankers.org, or Dan Hadaway at dlh@infotex.com. HB Let an Expert Assist You Customize your cybersecurity needs '-774 GIVXMƤIH MRJSVQEXMSR W]WXIQW WIGYVMX] TVSJIWWMSREP '-7% GIVXMƤIH MRJSVQEXMSR W]WXIQW EYHMXSV '6-7' GIVXMƤIH MR VMWO ERH MRJSVQEXMSR W]WXIQW GSRXVSP Article author Rod Lasley Vice President - Products & Services Indiana Bankers Association rlasley@indianabankers.org Infotex is a Preferred Service Provider of the Indiana Bankers Association and an IBA Diamond Associate Member. PSP SHOWCASE
RkJQdWJsaXNoZXIy MTg3NDExNQ==