Case Study: Planters Bank Boosts Security with Managed Detection and Response

By Bruce McClure

In today’s evolving threat landscape banks face considerable pressure to improve security and meet compliance obligations while also controlling costs. This is certainly the case at Planters Bank, an FDIC-insured community bank with 13 locations across Kentucky and Tennessee. With assets totaling more than $1 billion, Planters Bank offers a wide range of consumer and business banking services, but the organization must continually adopt a forward-thinking mindset to deliver innovative yet secure financial services.

Planters Bank’s information technology team manages, secures and monitors a diverse infrastructure that includes workstations, servers, firewalls, ATMs and network infrastructure comprised of switches, routers and Wi-Fi access points. The bank uses a layered defense strategy to protect bank and customer information — an approach that protects various bank systems by monitoring for threats and anomalous activity. In addition, Planters works diligently to satisfy legislative compliance requirements found in the Federal Financial Institution Examination Council guidelines, as the FDIC insures the bank and oversees compliance.

Leverage Cybersecurity Best Practices with a Security Operations Center

A key factor in our successful cyber hygiene maintenance was the decision to holistically monitor infrastructure. We sought to establish a security operations center (SOC) that aggregated telemetry from various systems and allowed analysts to review data, find anomalies and indicators of compromise, and identify potential threats. An SOC has also become a linchpin for meeting FDIC obligations concerning log monitoring and analysis. Unfortunately, establishing a SOC is anything but easy — it can require costly infrastructure such as security information and event management system (SIEM) software, threat intelligence information feeds and security analyst headcount to provide 24×7 monitoring, none of which we had in-house.

Determine the Right SOC Model

There are multiple ways to gain the capabilities of a SOC, including affordable approaches. At Planters Bank, we evaluated three options: (1) creating an in-house SOC, (2) using a managed security service provider, or (3) using a managed detection and response (MDR) service.

After extensive research, our team decided that an in-house SOC would be cost prohibitive in terms of both required staff and necessary technology. We then evaluated the managed security service provider (MSSP) model but found MSSP offerings lacked the depth of monitoring and threat detection expertise an SOC requires. In our experience, MSSP vendors tend to be generalists that are best suited for project work and tasks like updating firewall rules. While an MSSP could have provided some of what we needed, we foresaw a high probability our own team would still spend considerable time and resources triaging security alerts.

We searched further for alternatives and discovered SOC-as-a-service offerings that combine the capabilities of an SIEM with intrusion detection, vulnerability scanning and incident response. The MDR approach provided a necessary force multiplier for our IT team.

How MDR Augments Your IT Team

Our MDR partner, Arctic Wolf, did not eliminate the need to have skilled IT security staff on hand, but instead let us maximize the capabilities of our IT team. Rather than dedicating staff to concerns such as tuning an SIEM and reviewing event logs all day, we can focus on IT projects that improve the bank’s overall operations and security. Our MDR partner maintains the staff that hunts for threats in our environment and alerts us when something significant occurs. This has truly amped up our cybersecurity and IT game.   

Planters Bank previously had limited visibility into our environment but — thanks to our MDR service — we now have a comprehensive view of our infrastructure, a better understanding of our security posture, and dashboards and reports that provide a clear picture of what takes place. Arctic Wolf’s MDR service flags vulnerabilities and areas for improvement along with the steps needed to achieve that progress. The extensive reporting includes custom reports for business or compliance needs, which can be shared with other executives to show the strides we’ve made in terms of our overall security posture and how we continuously work to improve it.

Equally beneficial, the MDR service allows us to “prune our technology stack” and eliminate superfluous tools that no longer add value. Likewise, we’ve turned off some internal monitoring infrastructure that failed to benefit our team. Now, our MDR solution lets us quickly retrieve historical data, so we no longer waste time digging through logs. We simply make requests to our MDR partner, and they deliver the data we need.

MDR Services Free IT to Facilitate Growth

As an IT leader, one of my challenges is figuring out which investments will provide optimal return. This involves considering projects to deploy new financial services technologies, as well as projects to determine how best to manage cybersecurity risk and meet compliance obligations. MDR allows me to not only improve security and compliance but also strategically redeploy headcount to the projects that improve the bank’s top and bottom line. Adopting some of these best practices has helped Planters Bank continue on our growth path without over-investing in security headcount.

An optimal SOC-as-a-service should meet today’s needs and scale as your financial institution evolves. It must accommodate your existing on-premises environment, as well as monitor your existing cloud environment. While I encourage organizations to explore any and all offerings, scrutinize your traditional MSSP security vendors carefully as they may not be the best option to monitor new cloud applications requiring in-depth threat expertise.

Bruce McClure is vice president, manager of information systems, Planters Bank. He has extensive experience in information technology and security in major organizations and has served as a leader and member of top performing technical teams committed to systems improvement, security and growth for the past 17 years. During his time at Planters, McClure has introduced information asset management, risk management, audit and compliance policies, security awareness training, and formal incident investigation procedures, as well as spearheaded a number of other initiatives to ensure the bank’s ability to remain secure in any situation.

  • Sign Up

  • Categories

  • Archive

Software: Kryptronic eCommerce, Copyright 1999-2019 Kryptronic, Inc. Exec Time: 0.069916 Seconds Memory Usage: 3.799858 Megabytes