Financial Services

Can Your Security Keep Up with You?

The financial services industry is a recognized leader in IT innovation, but many organizations are failing to scale up their security measures to deal with the ever-growing risks involved.

Due to the large amounts of money at stake, hackers are looking to exploit any weaknesses—not only in your IT network and system infrastructure, but also in your core banking systems (CBS), Internet banking applications, ATMs, and point-of-sale (POS) terminals.

With governments turning up the regulatory heat on banks and financial services companies, coupled with the demand for mobile banking applications, it’s time for financial organizations to rethink their cybersecurity and compliance strategy.

Experts in Protecting Financial Systems

For over a decade, Positive Technologies has been conducting security and compliance assessments for dozens of leading banks around the world, giving us unique insights into the practical challenges involved in securing these types of systems.

Our security researchers are continually in the field learning about the latest threats and banking systems in order to keep our customers ahead of emerging dangers.

Our security specialties provide in-depth analysis to financial organizations including penetration testing, development of CBS hardening guides, secure software development lifecycle (SSDL) consulting, and security and compliance assessments of ATMs, POS terminals, banking applications, and even SAP.

Our comprehensive approach to security for banks and other financial institutions includes:

Penetration testing:
- Identifying existing vulnerabilities, showing ways to exploit them, and measuring your staff’s level of security awareness to demonstrate how hackers could circumvent your existing security mechanisms or persuade users to sidestep security policies
Online banking security assessments:
- Gray-box web application security testing for online banking system analysis from the perspective of an intruder with no access to the application (no user-level access)
- White-box web application security testing including analysis of web application source code and architectures
ATM security assessments:
- Preliminary ATM audit to obtain general information on the system, analyze the main system components, identify hardware and software versions, test network communications and protocols, and scan for vulnerabilities
- Security assessment of ATM hardware and software components includes finding known and zero-day vulnerabilities and developing exploit tools to verify vulnerabilities and demonstrate possible attacks
SSDL сonsulting:
- Our Secure Software Development Lifecycle (SSDL) consulting service helps organizations introduce the procedures necessary for secure application development, including infosec training, security policy and risk assessment development, how to write secure code, code review and audit methods, deployment, and incident response

Resources

Case Study—Zitouna

Case Study—Societe Generale

Case Study—Intesa Sanpaolo

Banking Security and Compliance

System-Wide Security with MaxPatrol

Cybercriminals will use any crack they can find to crawl in and attack your organization. So you need to be able to see into all your systems—not only a few. MaxPatrol is a single solution that provides black-box and white-box identification of vulnerabilities and configuration defects within all your applications, databases, network, and operating systems, including your CBS, online banking portals, and ATMs.

The technical checks built in to MaxPatrol rapidly gauge your level of compliance with standards including PCI DSS, ISO (27001:2005, 27002, 27011:2008), and SOX. You can also easily add your own custom checks for compliance with internal corporate standards or those mandated where you do business.

Let MaxPatrol automate your quarterly PCI DSS assessments of all perimeter systems and applications involved in payment card transactions, so you can fix vulnerabilities and generate Approved Scanning Vendor (ASV)–compliant reports.

Video

January 5, 2015

Application Security: Banking’s New Frontline

The Verizon 2014 Data Breach Investigation Report (DBIR) identified web application attacks as the number-one threat to the financial sector. Not a surprise really, given the rapid development cycles and large number of applications used by most banks. What should you do when your developers lack the advanced knowledge required to defend your applications from vulnerabilities and exploits?

PT Application Firewall and PT Application Inspector deliver a comprehensive, modern answer to today’s application security challenges. With features not found in other solutions, Positive Technologies products make it possible for financial institutions to protect both their internal- and external-facing applications from attacks, stop fraud and leaks of sensitive data, and prevent the collapse of networks and services.

The risks are high. You need a partner who knows banking and financial services data security. You need Positive Technologies.

News

April 4, 2019 Positive Technologies: attackers can access personal data and other sensitive information in every online bank

March 18, 2019 Positive Technologies: healthcare institutions received more attacks than the finance sector in 2018

May 21, 2018 New Positive Technologies Report: How Hackers Rob Banks

All news →