Anadolubank Nederland N.V. aims for optimal data security and

Anadolubank Nederland N.V. aims for optimal data
security and compliance
The company and its products
Anadolubank Nederland N.V. (founded in 2007) focuses on business to business, in particular the financing of business transactions. It also provides savings products for individuals. It is the Dutch branch of the Turkish Anadolubank,
which has an extensive network in Turkey with 115 offices and over 2200 employees. In its home market, Anadolubank offers a wide and comprehensive range of financial services and products to both business and private customers. Anadolubank Nederland – in possession of a banking license issued by the Dutch National Bank –manages
over 70 million euro in capital. It employs about 50 people in the Dutch branch, located in the capital city, Amsterdam.
The situation
Just like any other bank in the Netherlands, Anadolubank Nederland has to operate under strict Dutch and European
laws concerning customer data and privacy protection. In addition, there are the various compliance rules that apply
as well. All these things make it essential that the cyber security of the bank is in optimal condition, says Mustafa
Kucukaytekin, Information Security Officer at Anadolubank Nederland N.V.
He is responsible for the full aspects of information security in the company. This goes beyond ‘just’ the electronic
data. “It is first of all a matter of the right awareness among the employees. It must also be an integral part of the
corporate culture: workers should have good security as a number one priority. I’m talking about both IT-related
issues such as the use of passwords and PIN numbers on mobile devices and how to handle documents with sensitive
information.” The core of the IT-systems and the data of Anadolubank Nederland N.V. are run from the primary data
center, housed inside the Dutch headquarters itself. A secondary data center is located elsewhere in Netherlands and
serves as disaster recovery facility.
www.redsocks.eu
IT has – as with any other financial services company today – a prominent role in the daily business of Anadolubank
Nederland N.V. The cyber security has a corresponding important role, says Kucukaytekin. “A significant threat consists of malware: software that nestles, often unnoticed, into the systems of organisations and that convey sensitive
information to cyber criminals. It is the nightmare of every IT department and of every Information Security Officer.
We were looking for a solution that went beyond what the traditional cyber security vendors had to offer. So we
wanted a system that would be able to also detect possibly deviant data- and IP- traffic submitted by workplaces and
that would register the precise origin of these data leaks. And of course, this had to be done all in real time.”
The solution
Eventually, Anadolubank Nederland N.V. acquired RedSocks vMTD a ‘ virtual version ‘ of the Malicious Threat Detector RedSocks (MTD). It is a product that analyses IPFIX-data (information on network traffic generated by various
network devices, such as routers). RedSocks vMTD also checks
in real time for the presence of suspicious behaviour caused
by malware. The RedSocks vMTD works in VMware-compatible
environments and can be scaled up, depending on the need.
“We decided to implement the RedSocks vMTD-version as our
corporate IT strategy has a strong focus on virtual solutions that
run from behind the firewall”, says Kucukaytekin.
The implementation
Before the actual implementation of the Dutch RedSocks vMTD
in the primary data centers of Anadolubank Nederland N.V.,
there was a so-called ‘Proof of Concept’ installation. Information Security Officer Kucukaytekin: “We implemented PoC at the
end of 2015. Through the experiences we had gained during the
Proof of Concept programme, and the ease of use of the RedSocks vMTD, we were able to do the live implementation within
the relatively short period of two months.”
Benefits
The virtual RedSocks Malicious Threat Detector is an important part of the range of cyber security measures that
Anadolubank Nederland N.V. has taken to protect its customer data and enterprise applications. The vMTD offers the
bank the necessary solution for a real time detection of malware threats. It also automatically assures that adequate
action is taken against the malicious software. “For us, it is also essential that we can see exactly where, when and
how the malware has invaded”, said Mustafa Kucukaytekin. “Should such an incident occur, then we can supply the
supervising authorities with the required documentation and reporting. That is actually a demand that the Dutch
legislator in the beginning of 2016 implemented in the new law on data leaks. “
The future
The virtual RedSocks Malicious Threat Detector is fully operational now in Anadolubank Nederland N.V. As far as Information Security Officer Mustafa Kucukaytekin is concerned, the vMTD will ‘travel’ beyond the Dutch borders: “We
have informed our parent company in Turkey of our positive experiences with the RedSocks vMTD. Given that strict
data protection legislation is expected to be implemented in Turkish market, we can imagine that the vMTD would be
a solution that would also be of interest for our Turkish parent company.”
Kucukaytekin has a modest wish list for RedSocks when it comes to additional functionality for the next version of the
MTD-solution: “Actually, We can think of only one thing: it would be good if the vMTD would have an even greater
integration with well-known brand firewalls. And as far as we are concerned, the RedSocks vMTD should also be installed in the broadband and mobile telecom operator’s backbone that would be a positive development both for me
as a consumer and a big step for cyber security”.
www.redsocks.eu