Wall Street & Technology is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk Management

11:38 AM
Melanie Rodier
Connect Directly
Facebook
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

To Avoid Data Breaches, Firms Need to Improve Detective Controls

Firms seem to understand the importance of preventative controls, such as having firewalls and access control lists, but they lack a good grasp of detective controls, says Tony Hernandez, managing director at SMART Business Advisory and Consulting.

To boost their chances of preventing costly data breaches , financial firms must improve their detective controls, according to an analyst at SMART Business Advisory and Consulting.

Firms seem to understand the importance of preventative controls, such as having firewalls and access control lists. "But they lack a good grasp of detective controls," says Tony Hernandez, managing director at SMART.

Detective controls include logging, system auditing and intrusion detection, which involves monitoring system files to see whether there is an inordinate number of failed authentication attempts, as well as network traffic, for patterns associated with malicious activity.

Other detective controls include file integrity checking, where specific files are monitored for any changes that have been made to them.

"Firms are struggling with these detective controls, which are being driven by regulatory demands," says Hernandez.

"There's a tremendous amount of volume of data that needs to be captured, and there's a need to see where this sensitive information is, and where it has been accessed. It can't be done manually so there has to be a centralized logging and reporting facility. Getting this implemented can be time consuming but it is very valuable," he explains.

Critically, firms need to proactively monitor and manage their detective controls. "As you reconfigure old systems and bring in new systems, you need to make changes [to your detective controls]. And someone needs to be monitoring them," Hernandez suggests.

"The problem is that these controls are often used reactively, not proactively. So it becomes a forensics tool."Firms seem to understand the importance of preventative controls, such as having firewalls and access control lists, but they lack a good grasp of detective controls, says Tony Hernandez, managing director at SMART Business Advisory and Consulting. Melanie Rodier has worked as a print and broadcast journalist for over 10 years, covering business and finance, general news, and film trade news. Prior to joining Wall Street & Technology in April 2007, Melanie lived in Paris, where she worked for the International Herald ... View Full Bio

Register for Wall Street & Technology Newsletters
Video
All Videos
Trading Floors
Slideshows
Inside Abel Noser's Trading Floor
Inside Abel Noser's Trading Floor
Advanced Trading takes you on an exclusive tour of Abel Noser's New York trading floor, where the agency broker known for transaction cost analysis, is customizing algorithms for the buy side, while growing its fixed income trading and transitions business.
More Trading Floors