We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
79,814 News Articles

Bank adopts 'security data warehouse' to fight persistent security threats

Zions Bancorporation has set up a massive repository for proactively analyzing a combination of real-time security and business data in order to identify phishing attacks, prevent fraud and ward off stealthy hacker incursions known as advanced persistent threats.

"This system allows you to start leveraging disparate types of events around the organization, such as patterns of behavior in your network," says Preston Wood, chief security officer at Zions, in discussing how the Salt Lake City bank-holding company, which has over $51 billion in assets, has set up its data-mining analytics for security purposes.

MORE ON SECURITY: Security pros come clean at summit on advanced persistent threats

The foundational tool for Zions, is the Zettaset Security Data Warehouse, based on open-source Hadoop for data-intensive distributed applications. Wood says for him, the approach a huge change because it relies on making security decisions based on mining business intelligence and combining it with security-related event data from security devices.

Today, security analysis more typically relies on what's known as security information and event management (SIEM) tools which can aggregate security and other technical information for a birds-eve view of network activity or detect possible unauthorized actions. Wood says that's fine in and of itself, but it's now possible to go further through correlation of business activities, based on feeds from other sources too.

"It doesn't replace a traditional SIEM, it augments it," says Wood about how the Security Data Warehouse has been put into use at Zions.

A SIEM may have trouble "dealing with massive amounts of historical data," says Wood, but by using the Hadoop framework with core components that can handle "terabytes, even petabytes of information," it's possible to achieve better analysis by combining business and security data. "A SIEM becomes one main feed into the Security Data Warehouse. Improved historical analysis is also resulting," he adds.

Wood says Zions now has "analysts assigned with our security division making decisions off that data." It's becoming a way to do predictive analytics and spot anomalies. It's also increasingly playing a role in understanding customer transactions and behavior for security purposes.

Wood says he's also convinced the Security Data Warehouse approach is making it more possible to detect phishing attempts by analyzing email and other events, "and that allows you to respond more quickly than in the past."

Read more about wide area network in Network World's Wide Area Network section.


IDG UK Sites

The 30 best TV shows on Netflix UK: Our pick of the best programmes you can watch right now

IDG UK Sites

Nostalgia time: Top 10 best selling mobile phones in history

IDG UK Sites

VFX Emmy: Game of Thrones work garners gong for Rodeo FX

IDG UK Sites

Apple 13-inch MacBook Pro with Retina review (2.6GHz, 128GB, mid-2014)