Case Study: Corporate policy and regulatory compliance auditingServer side monitoring and compliance
The Eurobank Group is a financial institution, which operates in 6 European countries. The Eurobank Group has €58.0 billion in assets, with 653 customer service locations across Europe, and 13,162 employees.
Eurobank used to adopt server-side monitoring systems to comply with regulations and prevent corporate policy violations. As the company grew, the server infrastructure became increasingly complex. The number of insider threats rapidly increased. It became difficult for Eurobank to audit corporate policies and prevent all possible violations. Furthermore, compliance demands and rules in the banking industry continued to grow due to government policy requirements.
The bank decided to implement a new security monitoring system allowing them to bring universal coverage to server infrastructures. They can also monitor internal API endpoints and transactions across the entire bank ecosystem. The base requirements for the solution: a) global coverage, b) easy to use, c) cost-effective.
To assess the ready-built monitoring solution, and, as a consequence, evaluate different choices, we deployed a pilot system whose purpose was to monitor test servers and record all terminal and remote user sessions. All user actions were logged, including privileged account activity.
After a long period of data recording, deep analytics were applied to obtain precise monitoring statistics. The depth of data recorded turned out not to be sufficient to fulfill the compliance targets set by the bank. Thus, a custom solution was needed to be implemented.
CodeCoda's team implemented an elegant solution by hooking into all the servers, and having a dedicated set of servers monitors each other. This Java-based solution not only monitors but is also aware of any form of a breach attempt. The unique applied set of signature signing algorithms highlights cases of attempted illegal system entries. All communications are logged and analyzed in real-time, allowing action before any transaction is concluded, or falsified.
Our solution made it virtually impossible for wrongdoers to intrude into the system from the in- or externally.
Value Delivered by CodeCoda
With the development of server agents at all the Bank’s locations, the hooking into all communications, the monitoring of teller terminals and remote sessions, and logging all user actions, the Bank could comply with the auditing specifications set out by legislation. To provide more optimal support of the bank’s server architecture, we still develop and implement new features according to their requests. With our solution, the bank has complied with all regulations. There is total control on server infrastructure and attempts to bypass security. A dedicated security team can now comfortably monitor all movements, using Deep Learning to alert for any internal or external breach attempts.