NASDAQ Breach: Lesson for Banks

Experts Say Real-Time Forensics Can Help Detect, Prevent Incidents
NASDAQ Breach: Lesson for Banks
Could real-time forensics have helped uncover the NASDAQ breach sooner?

It's unclear how long cyberhackers breached and prowled NASDAQ's network and systems. According to NASDAQ, the investigation continues. In a statement posted to the company's website, NASDAQ says, it "was honoring the U.S. Government's request to delay notification, but when a story ran in the media on Saturday, February, 5, 2011, regarding a hacking incident at NASDAQ OMX, we immediately decided, in consultation with the authorities, that we must inform our customers."

Industry experts wonder whether the use of real-time forensics might have detected or even prevented this incident. The Wall Street Journal reported that NASDAQ hacks were reported in October and November to the Securities and Exchange Commission. But nothing about when the systems were first accessed or how often they were visited has been released. Director's Desk, a NASDAQ subsidiary that offers Web-based tools to executives and board members, seems to have left the gap hackers exploited.

NASDAQ goes on to say that no evidence suggests customer information or any of NASDAQ's trading platforms were compromised.

Today, most financial-services providers and banking institutions do not uncover points of compromise until days or weeks after a leak or breach occurs, says Peter Schlampp, vice president of product management for network-forensics firm Solera. Real-time network forensics is the only solution, he says, but the technology has been slow to take off. In the NASDAQ case, as well as others, Schlampp says real-time forensics would have prevented the breach and the investigation from dragging out.

Evolution of packet-capture technology, which basically tracks packets of information as they travel over the Internet, is pushing mainstream adoption of real-time forensics.

"Packet capture is now at a place where a bank can easily deploy it, use and make an inexpensive investment in it," Schlampp says.

Role of Forensics

Doug Johnson, vice president of risk management policy at the American Bankers Association, says many banks use forensics during post-breach investigations. "Network forensics after a significant data breach on the part of financial institutions is common place," he says, "both to assist in determining the nature of the breach as well as helping build mitigation measures to harden the network against future, similar breaches." He says regulatory agencies also recommend forensics as a part of a bank's continuous risk-review process.

But the real-time piece is lacking, says Josh Corman, research director of security analyst firm The 451 Group. Most banks and credit unions are vulnerable in the same way NASDAQ was. "Most 'security' practices make too many assumptions," Corman says. Agreeing with Schlampp, he says real-time forensics would have provided transparent views of traffic, which would have immediately raised suspicion.

Banking institutions need that information "to support prompt and agile response during attacks," Corman says. "Better visibility. More instrumentation. See more, sooner."


About the Author

Tracy Kitten

Tracy Kitten

Former Director of Global Events Content and Executive Editor, BankInfoSecurity & CUInfoSecurity

Kitten was director of global events content and an executive editor at ISMG. A veteran journalist with more than 20 years of experience, she covered the financial sector for over 10 years. Before joining Information Security Media Group in 2010, she covered the financial self-service industry as the senior editor of ATMmarketplace, part of Networld Media. Kitten has been a regular speaker at domestic and international conferences, and was the keynote at ATMIA's U.S. and Canadian conferences in 2009. She has been quoted by CNN.com, ABC News, Bankrate.com and MSN Money.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.