Anadolubank Nederland N.V. aims for optimal data security and
Transcription
Anadolubank Nederland N.V. aims for optimal data security and
Anadolubank Nederland N.V. aims for optimal data security and compliance The company and its products Anadolubank Nederland N.V. (founded in 2007) focuses on business to business, in particular the financing of business transactions. It also provides savings products for individuals. It is the Dutch branch of the Turkish Anadolubank, which has an extensive network in Turkey with 115 offices and over 2200 employees. In its home market, Anadolubank offers a wide and comprehensive range of financial services and products to both business and private customers. Anadolubank Nederland – in possession of a banking license issued by the Dutch National Bank –manages over 70 million euro in capital. It employs about 50 people in the Dutch branch, located in the capital city, Amsterdam. The situation Just like any other bank in the Netherlands, Anadolubank Nederland has to operate under strict Dutch and European laws concerning customer data and privacy protection. In addition, there are the various compliance rules that apply as well. All these things make it essential that the cyber security of the bank is in optimal condition, says Mustafa Kucukaytekin, Information Security Officer at Anadolubank Nederland N.V. He is responsible for the full aspects of information security in the company. This goes beyond ‘just’ the electronic data. “It is first of all a matter of the right awareness among the employees. It must also be an integral part of the corporate culture: workers should have good security as a number one priority. I’m talking about both IT-related issues such as the use of passwords and PIN numbers on mobile devices and how to handle documents with sensitive information.” The core of the IT-systems and the data of Anadolubank Nederland N.V. are run from the primary data center, housed inside the Dutch headquarters itself. A secondary data center is located elsewhere in Netherlands and serves as disaster recovery facility. www.redsocks.eu IT has – as with any other financial services company today – a prominent role in the daily business of Anadolubank Nederland N.V. The cyber security has a corresponding important role, says Kucukaytekin. “A significant threat consists of malware: software that nestles, often unnoticed, into the systems of organisations and that convey sensitive information to cyber criminals. It is the nightmare of every IT department and of every Information Security Officer. We were looking for a solution that went beyond what the traditional cyber security vendors had to offer. So we wanted a system that would be able to also detect possibly deviant data- and IP- traffic submitted by workplaces and that would register the precise origin of these data leaks. And of course, this had to be done all in real time.” The solution Eventually, Anadolubank Nederland N.V. acquired RedSocks vMTD a ‘ virtual version ‘ of the Malicious Threat Detector RedSocks (MTD). It is a product that analyses IPFIX-data (information on network traffic generated by various network devices, such as routers). RedSocks vMTD also checks in real time for the presence of suspicious behaviour caused by malware. The RedSocks vMTD works in VMware-compatible environments and can be scaled up, depending on the need. “We decided to implement the RedSocks vMTD-version as our corporate IT strategy has a strong focus on virtual solutions that run from behind the firewall”, says Kucukaytekin. The implementation Before the actual implementation of the Dutch RedSocks vMTD in the primary data centers of Anadolubank Nederland N.V., there was a so-called ‘Proof of Concept’ installation. Information Security Officer Kucukaytekin: “We implemented PoC at the end of 2015. Through the experiences we had gained during the Proof of Concept programme, and the ease of use of the RedSocks vMTD, we were able to do the live implementation within the relatively short period of two months.” Benefits The virtual RedSocks Malicious Threat Detector is an important part of the range of cyber security measures that Anadolubank Nederland N.V. has taken to protect its customer data and enterprise applications. The vMTD offers the bank the necessary solution for a real time detection of malware threats. It also automatically assures that adequate action is taken against the malicious software. “For us, it is also essential that we can see exactly where, when and how the malware has invaded”, said Mustafa Kucukaytekin. “Should such an incident occur, then we can supply the supervising authorities with the required documentation and reporting. That is actually a demand that the Dutch legislator in the beginning of 2016 implemented in the new law on data leaks. “ The future The virtual RedSocks Malicious Threat Detector is fully operational now in Anadolubank Nederland N.V. As far as Information Security Officer Mustafa Kucukaytekin is concerned, the vMTD will ‘travel’ beyond the Dutch borders: “We have informed our parent company in Turkey of our positive experiences with the RedSocks vMTD. Given that strict data protection legislation is expected to be implemented in Turkish market, we can imagine that the vMTD would be a solution that would also be of interest for our Turkish parent company.” Kucukaytekin has a modest wish list for RedSocks when it comes to additional functionality for the next version of the MTD-solution: “Actually, We can think of only one thing: it would be good if the vMTD would have an even greater integration with well-known brand firewalls. And as far as we are concerned, the RedSocks vMTD should also be installed in the broadband and mobile telecom operator’s backbone that would be a positive development both for me as a consumer and a big step for cyber security”. www.redsocks.eu