Financial Industry Solutions

Financial institutions manage and mitigate risk more effectively with Bit9.

Bit9’s advanced threat protection solutions for endpoints and servers help financial organizations close the security gap exploited by targeted attacks and unknown malware that antivirus solutions cannot stop.

Providing visibility into endpoints and servers and preventing all unauthorized software from running, the Bit9 Security Platform helps investment firms, banks and insurance providers protect customer data and transactions, comply with regulations and avoid costly service disruptions.

How Bit9 Can Help the Financial Industry Achieve Endpoint & Server Security

Bit9 is the only solution that continuously monitors and records all activity on endpoints and servers and stops cyber threats that evade traditional defenses. With Bit9, financial institutions define the software that is trusted to run in their organization, and everything is denied by default. That stops all forms of malware – including targeted, customized attacks that are unique to your organization. With Bit9, you can:

  • Prevent targeted attacks and malicious software that easily evade traditional security solutions
  • Enforce portable storage device controls to enforce read, write and execute policies for both data and software on USB drives and other removable media—blocking ALL unauthorized devices
  • Improve IT system performance by standardizing endpoint configurations
  • Audit and report on all software changes to demonstrate compliance
  • Reduce TCO by lowering the number of support helpdesk calls

Helping Achieve Compliance

By eliminating vulnerable and malicious applications and delivering configuration, change and process controls, Bit9 helps financial services companies achieve compliance with federal regulations, including:

  • Sarbanes-Oxley Act (SOX): manage and audit change and demonstrate controls
  • Gramm-Leach-Bliley Act (GLBA): block vulnerable applications
  • Basel II, ISO 27002: align with process control frameworks
  • FRC/CSOX: control and audit areas that contain critical or sensitive financial data
  • SSAE16/SAS70/ISAE3402: control and audit areas that contain critical or sensitive financial data

2002 Sarbanes-Oxley Act (SOX)

The 2002 Sarbanes-Oxley Act (SOX) requires public companies adhere to a set of standards for financial reporting and corporate disclosure. SOX compliance has placed an enormous burden on companies. Not only does SOX call for the establishment of IT controls over financial systems, but it requires companies consistently evaluate these controls for efficacy. Without an automated solution to control and audit change on financial systems, achieving SOX becomes a time-consuming exercise that pulls valuable IT staff away from critical operational responsibilities.

Simplify SOX Compliance

Even if the reality of SOX feels complicated, the spirit behind it is simple: to secure sensitive data, organizations need to understand exactly what is happening with their financial systems at all times. This cannot be done with a point-in-time snapshot; it requires a systemic approach that allows organizations to achieve compliance without so tightly controlling their financial systems that they are rendered useless.

The Bit9 Security Platform simplifies SOX compliance with:

Visibility:

  • Live Inventory: real-time view of all applications on all systems at all times
  • Baseline Drift: establish baselines to define approved configurations
  • Compliance at a Glance: visually isolate, from as many as 250,000 systems, those out of compliance
  • Audit Trail: track software changes regardless of source or content

Control:

  • Application Whitelisiting: ensure only trusted and approved software is allowed to run
  • Real-time Alerts: instantly know when a system drifts away from your baselines
  • Change-aware Baselines: automatically add approved software to baselines
  • Device control: unauthorized use of personal storage devices can be blocked on a user or device basis

Learn more about the Bit9 Security Platform.

GLBA – Gramm-Leach-Bliley Act

The Gramm-Leach-Bliley Act (GLBA) requires companies defined under the law as “financial institutions” to ensure the security and confidentiality of this type of information. As part of its implementation of GLBA, the Federal Trade Commission (FTC) issued the Safeguards Rule, which requires financial institutions under FTC jurisdiction to have measures in place to keep customer information secure.

The Bit9 Security Platform enhances GLBA compliance with its visibility capabilities.  The ability to audit directories containing financial data as well as controlling and building trust around the software used to work with this financial data is key to maintaining and assessing compliance.  Bit9 also assists in ensuring the compliance and audit of the security policy out to the end-users.

The Bit9 Security Platform enhances compliance of GLBA with its ability to audit directories containing financial data as well as controlling and building trust around the software used to work with this financial data is key to maintaining and assessing compliance.  The platform also provides the only endpoint sensor that continuously monitors and records all activity on an endpoint, server or fixed-function device.

Companies are also required to perform security risk assessments, develop and implement security solutions that effectively detect, prevent, and allow timely incident response, and perform auditing and monitoring of their security environment.

The Bit9 advanced threat protection solutions for endpoints and servers provides real-time file tracking that facilitates a live inventory of all executable files that currently reside on all of your systems as well as any executable that has ever been on a computer regardless of its current status, allowing you to identify high-risk files quickly and accurately.

Bit9 provides controls minimize the risk of malicious, illegal and unauthorized software that can create vulnerabilities and enable targeted attacks by preventing the installation or execution of unauthorized applications and the use of unauthorized portable storage devices. In addition, Bit9 also assists in ensuring the compliance and audit of the security policy out to the end-users.

BASEL II

BASEL II consists of recommendations by bank supervisors and central bankers to improve the consistency of capital regulations internationally, make regulatory capital more risk sensitive, and promote enhanced risk-management practices among international banking organizations.

The Key functional area for Bit9 that enhances BASEL II compliance is built around visibility.  The ability to audit directories containing financial data as well as controlling and building trust around the software used to work with this financial data is key to maintaining and assessing compliance.

FRC (UK) & Bill 198 / CSOX (Canada)

The Financial Reporting Council (FRC) empowers regulatory and audit agencies in the UK to monitor and take action to promote the quality of corporate reporting and auditing as well as enforce the controls that are associated with the security of financial information.

Bill 198 / CSOX empowers the Ontario Securities Commission to develop guidelines to protect investors in public Canadian companies by improving the accuracy and reliability of corporate disclosures made pursuant to the securities laws.  The law was tabled after SOX in the United States and makes it mandatory to have full audit capability on financial information.

The Bit9 Security Platform enhances the ability to control and audit areas within the enterprise that contain critical or sensitive financial data.  It can both audit and report on all software that is responsible for accessing such data while providing complete coverage on any software changes that could lead to undesired access to the data.  Bit9 can also assist with enforcing, controlling, and auditing the financial security compliance policy throughout the organization in order to prove awareness and consumption of the general end user policy.

Statement of Standards for Attestation Engagements (SSAE) Compliance Standard 16

The American Institute of Certified Public Accountants developed the Statement on Auditing Standards SSAE 16 (formerly SAS70). Organizations that successfully complete a SSAE 16 audit have been through an in-depth audit of their control activities, including controls over IT and related processes. The standard allows a company to provide a third-party certification of its internal controls to customers.

The Bit9 Security Platform enhances the ability to control and audit areas within the enterprise that contain critical or sensitive financial data.  It can both audit and report on all software that is responsible for accessing such data while providing complete coverage on any software changes that could lead to undesired access to the data.  Bit9 can also assist with enforcing, controlling, and auditing the financial security compliance policy throughout the organization in order to prove awareness and consumption of the general end user policy.

Threat Advisor: The Convergence of Security and Compliance

View Now

Case Study: Leading North American Bank

View Now