Letter from the President

Posted on March 4th, 2010
In 1974, the year before I graduated from my alma mater, Georgia Southern University, I was sitting in my Economics class and was suddenly startled to hear my professor declare that “Recessions are good.” He went on to explain by saying that when the economy is growing, the focus of business management is generally toward revenue and profit growth. However, during times of economic difficulties, the focus tends to turn toward examining existing business processes on a much more granular level, because businesses are forced to consider the need to prioritize and maximize efficiencies wherever possible.
 
I am happy to say that 2010 marks my 35th year of having the pleasure of helping financial institutions, like yours, achieve its goals. There have been many ups and downs over the years, but 2009 will remain infamous as the worst period for the financial services sector that I can ever remember. And while the current year will also be a time of difficult maneuvering, my sense is that there is currently a heightened level of awareness, priority setting, and focus on the core beliefs of the financial institutions that will, if nothing else, enhance your ability to execute plans and successfully achieve 12-month goals.
 

Gladiator Technology’s success in our particular segment of this market, information security and regulatory compliance, continues to grow steadily. With the current escalating scope of potential types of fraud and threats, coupled with the various regulatory agencies’ ever-increasing expectations of managing risk effectively, the need for our company’s expertise and services has never been greater. 

Emerging Technology Series ˜ Gladiator RTA: A Year in Review and What the Future Holds

Posted on March 4th, 2010
by Ryan Spanier, Senior Information Security Engineer

Gladiator developed its Raw Traffic Analysis (RTA) Service in 2009 to help combat the growing threat that malware poses to our clients. The fact is the detection and prevention of malware infections has become critical to the security of information systems and financial services. Malware is no longer just a nuisance; now it steals passwords and account information, siphons-off funds from bank accounts, and takes full control of unsuspecting systems for financial gain. Malware has also evolved to the point that solely protecting systems with Anti-virus (AV) and intrusion prevention products is ineffective. This arena is where Gladiator’s RTA Service excels.

Six Months Later – A Customer Service Check-up

Posted on March 4th, 2010
by DJ Goldsworthy, Information Security Manager
 

Nearly six months ago, Gladiator published an article detailing several key initiatives that we were undertaking to enhance customer service. The crux of the plan was the restructuring of our customer support operations, primarily by adding more engineers to our support staff and streamlining support by implementing a tiered support model and focusing on case escalation. The truth is, we have made a lot of other very positive changes in addition to those mentioned above. I will not bore you with all the details, as it is more likely that you are interested in the results of the changes, such as how they have affected support case response times and have helped ensure that when you contact Support you get to the person with the right experience in order to solve your problem quickly and effectively. Those are a few of the things that we have strived to deliver to our clients.

So, let’s examine how some of our key customer service benchmarks measure up as compared to where we were six months ago:

The Compliance Corner ˜ Managing RDC Risk through Exception and Trend Analysis

Posted on March 4th, 2010

by Jackie Marshall, Director of IT Regulatory Compliance

A provision of the January 2009 FFIEC guidance on risk management of Remote Deposit Capture (RDC) includes a focus on implementing high standards for qualifying merchants and due diligence in assessing merchant contract compliance on an annual basis.  These standards also support KYC and BSA/AML objectives.  A strong methodology for merchant qualification is the cornerstone of a financial institution’s (FI’s) successful RDC program.  However, another related provision of the guidance that builds on this foundation is not as well understood – that is the expectation for ongoing analysis of merchant deposit activity.

Gladiator ITRC Live Webcast Series 2010

Posted on March 4th, 2010
The Gladiator IT Regulatory Compliance Department is pleased to announce the schedule for the LIVE WEBCAST SERIES 2010 as follows:
  •  It Takes a Village…Information Security Officer, Customer, and Employee Responsibilities for Protecting Non-Public Information (NPI)  (March 16th and 25th)
  • Proceed with Caution…Social Networking Risk Management Strategies  (June 10th and 15th)
  • They Asked for What?! Understanding Examiners/Auditors Expectations for IT/Information Security management  (August 12th and 17th)
  • Meeting IT Regulatory Compliance Challenges of 2010/2011 (November 10th and 16th)

Please contact us at education@gladtech.net if you have any interest in registering for a webcast or visit us at www.gladiatortechnology.com.

Security Risks in the Age of Social Networking Sites

Posted on March 4th, 2010
by Karen Crumbley, Product Manager
 
 According to research conducted by the Pew Internet and American Life Project for 2009, 46 percent of the adult population uses some type of social networking site. Not surprisingly, there have been significant increases in the use of social networking sites among financial institutions (FIs) for marketing purposes. For example, Bank of America uses its Twitter account to respond to customer issues. If someone is “tweeting” about Bank of America, then the Customer Service department is alerted and can respond immediately. The benefit is in being proactive with customers who are unsatisfied, thus enhancing the customer’s experience. Additionally, social networking placed on FI websites allows the customers to have a convenient, direct communication line to the FI. So, when the bank wants to educate its customers or let them know about great rates or new products, they have a way to notify consumers instantly.
 

Unfortunately, along with the benefits associated with using today’s popular social networking sites also comes very real security risks. If your FI is considering using this communication tool for the purpose of its website, then be aware that implementing this technology should be done carefully and include an overall strategic plan.

Items that should be considered when using branded social networking sites include the following: 

Ask Matt Series

Posted on March 4th, 2010
by Matt Riley, CIO of Gladiator Technology
 
 Question: What is the basic outlook for the cyber-security arena in the New Year? Should my financial institution anticipate that many of the threats seen in 2009 will continue to be prevalent in 2010?
 

Answer: To answer your question, let’s begin by examining what happened last year. Overall, 2009 was another active year in the cyber-security arena. Threats continued to evolve faster than Anti-virus (AV) vendors could churn out signatures, rendering traditional AV solutions only 70% effective. Hackers continued to prey on the human element of trust though phishing campaigns. 

Company Announcements

Posted on March 4th, 2010

Spotlight ~ Enhancing and Evolving the Gladiator Vault

by Ben Murphy, Senior Manager, Information Security
 
We at Gladiator are currently brainstorming regarding ways to enhance our customer portal, the Client Vault. Our goal is to improve upon the way our clients are able to interact with us in order to better meet their objectives. Clients already send us millions of events from their networks every day, and we would like to put all that data to use in the most effective way possible.
 
 In order to gather your client input, we have set up a suggestion box at ideas@gladtech.net. Please take a moment to let us know what you think. We would be interested in your response to these types of questions as we redesign our customer portal:
 
  •  What sort of tools would you like us to offer?
  • Is there some high-level “dashboard” information you would like immediately accessible? What would that look like?  
  • Would you want to design and publish your own graphs and reports in addition to what we have created?  
  • Would you like more access to ongoing studies in our Security Research department? ideas@gladtech.net. Thank you and we look forward to hearing from you.

You tell us! If you have any ideas regarding services we could offer, or better ways to deliver the results of services we are already providing to you, please let us know at ideas@gladtech.net. Thank you and we look forward to hearing from you.

 

Welcome Aboard to New Employees 

by Cathy O’Hara, Newsletter Editor

Brian Nix is the newest addition to Gladiator’s Security Operations Team, fulfilling the role of an Information Security Engineer focusing upon delivering security monitoring and management services. Brian comes to Gladiator with a strong background in IT support services within the financial services arena, having worked in an IT administrative roll at a community bank for over 4 years. During that time, he developed an extensive background with VMware, ATM management, core banking applications, and a wide range of computer and network support functions. Welcome aboard, Brian!

 

 

 

 

 

Upcoming FREE ProfitStars® Webinars

Posted on March 4th, 2010

Gladiator is pleased to offer FREE webinars through ProfitStars throughout the year.  Upcoming events planned for 2010 include:

The New Information Security Officer: Meeting Today’s Challenges  (March 25th at 2 pm CT)

Dealing with Today’s Threats  (March 30th at 1:30 pm CT)

Combating Cash Management Fraud: The New Defense that can Save Your Institution’s Reputation  (March 31st at 2 pm CT)

How You Can Benefit from a Virtualization Solution  (April 15th at 10:30 am CT)

To request more information regarding FREE ProfitStars webinars or to register for an event, please visit www.ProfitStars.com/webinars/calendar/.

See You Soon at the 2010 ProfitStars® Educational Conference

Posted on March 4th, 2010

We hope that you are planning to attend the annual ProfitStars Educational Conference March 9-12th 2010 at the Venetian Hotel in Las Vegas, Nevada.  This year’s theme is “Minimizing Challenges – Maximizing Opportunities” and the conference is packed with hard-hitting knowledge, opportunity, and strategy that you won’t get anywhere else!

Come to this event to:

 Attend important educational sessions (some of which may help you earn CPE credits)
•  Hear industry experts speak on a variety of relevant and “hot” business topics
•  Attend a Gladiator Forum on Tuesday at 1pm to share ideas, give us feedback, and explore the possibility of forming a Gladiator User Group
•  Attend the ProfitStars Technology Showcase exhibit to check out the most up-to-date product advances
•  Expand your networking base as you exchange ideas and knowledge with peers


Ask Matt Series ~ Fact or Fiction: How Well Do You Know Your Security?

Posted on November 25th, 2009

Question:  There are many so-called “security facts” that I hear about, but how do I know if they are truly facts or simply myths? 

Answer:  Many times it can be difficult, indeed, to distinguish between what are actually true security facts and what is pure fiction.  Let me touch upon a few common statements below to help you decipher the truth.

♦ Using Microsoft Windows Server Update Services (WSUS) is sufficient for a sound enterprise patch management strategy.
X FICTION: Although using WSUS is the preferred patching tool, it still does not address patch updates for third-party applications that reside on every desktop and almost every server system.  Attackers are now targeting the browser, more specifically, the third-party applications that run in the browser, such as Adobe Flash, Apple’s QuickTime, and Windows Media.  WSUS only provides updates for Microsoft products, so you need to find a tool that can assist in managing and updating non-Microsoft applications in your environment.

Emerging Technology Series ˜ Windows 7: A Security Perspective

Posted on November 25th, 2009

As many of you know, Microsoft has released its newest workstation operating system: Windows 7.  Along with a new look, this operating system has many new features that could help make your organization more secure, and that could possibly be a reason to upgrade your network.  Here are a few of the main security improvements found in Windows 7:

• AppLocker – AppLocker allows administrators to define policies to allow or forbid users to run applications on their machines.  This feature replaces software restriction policies currently in group policy.  Policies can be defined for directories, program authors (such as Microsoft), program names, etc.  The most secure use of AppLocker can forbid users from running all programs by default.  Then administrators can create a white list of applications that can be run by users, thereby preventing unknown applications from running (such as malware or games, etc.).  AppLocker policies can be applied in an “audit only” fashion initially, so that administrators can determine the exact effect the policies would have if they were enforced.  AppLocker can be configured on an individual Windows 7 workstation through Local Security Policies, or applied using Group Policy in Windows Server 2008 R2.  More resources:

AppLocker executive overview (http://technet.microsoft.com/en-us/library/dd548340%28WS.10%29.aspx)
Configuring AppLocker video (http://technet.microsoft.com/en-us/windows/ee412246.aspx)

Previous Articles

What You may be Missing – Third Party Application Patches

Posted on November 25th, 2009

The Compliance Corner ˜ Determining Suitability and Due Diligence Activities for RDC Customers

Posted on November 25th, 2009

Compliance Center Is Here!

Posted on November 25th, 2009

Welcome to The Shield

Thank you for taking the time to visit the Gladiator Technology newsletter. The latest articles are posted to the left, and you may click on "Continue reading" to see a full article. Take some time to look around in "Categories" and "Archives" to check out some of our previous information postings.

We invite you to visit our main web site at www.gladiatortechnology.com