by CIO Staff

ME Bank ups the security ante

Dec 01, 20112 mins

In a bid to increase the security of its customers’ internet banking facilities, ME Bank, a bank for industry super funds and union members, has replaced its previous technology provider with Sourcefire’s next-generation intrusion prevention solution, Sourcefire 3D.

According to ME Bank information security manager, Lachlan McGill, the new technology secures its entire Web-facing applications. Earthwave, a managed security service provider, manages the system for ME Bank, providing round-the-clock detection monitoring and rule activation, ensuring that immediate action is taken to block any malicious activity.

“With up to 130,000 customers accessing our internet facilities at any given time, the solution provides an automatic and integrated process of discovering risks, policy non-compliance, potential vulnerabilities and threats — determining their impact on the business and taking the appropriate action to defend the network,” McGill said.

Today’s networks are highly dynamic and the number and types of applications and systems continue to grow. However, despite the fact networks are increasingly dynamic, many security systems remain dangerously static and do not understand the context of the networks they protect — leaving administrators to sort through a growing number of alerts and alarms to determine which are relevant, let alone a real risk.

“Outsourcing the management of its external intrusion prevention system to Earthwave provides ME Bank’s IT department with the peace of mind that all its web-facing applications are being watched 24×7,” said Sourcefire ANZ regional director, Chris Wood. “It also provides the team with greater capacity to monitor its own internal network and other business-critical projects.”

ME Bank also installed Sourcefire’s real-time network awareness technologies to passively monitor its local area networks and deliver real-time comprehensive network intelligence, including network visibility, network behaviour analysis and IT policy compliance.

“As with all Australian banks, we have to adhere to mounting compliance and security obligations,” McGill said. “Because the new system is highly configurable, our internal IT department was able to set very precise alerts and rules, allowing the bank to meet all necessary industry requirements while also providing user-friendly access to the highly detailed reports we are required to submit when audited. We can quickly and easily produce a wide number of reports, varying from operational risk reports for the executive team to technical reports that adhere to regulatory standards.”