Case Study: Corporate policy and regulatory compliance auditing

Server side monitoring and compliance

Client Description

The Eurobank Group is a financial institution, which operates in 6 European countries. The Eurobank Group has €58.0 billion in assets, with 653 customer service locations across Europe, and 13,162 employees.

Client Background

Eurobank used to adopt server-side monitoring systems to comply with regulations and prevent corporate policy violations. As the company grew, the server infrastructure became increasingly complex. The number of insider threats rapidly increased. It became difficult for Eurobank to audit corporate policies and prevent all possible violations. Furthermore, compliance demands and rules in the banking industry continued to grow due to government policy requirements.

Business Challenge

The bank decided to implement a new security monitoring system allowing them to bring universal coverage to server infrastructures. They can also monitor internal API endpoints and transactions across the entire bank ecosystem. The base requirements for the solution: a) global coverage, b) easy to use, c) cost-effective.

Project Details

  • Client Name: Eurobank Group
  • Location: Athens, Greece
  • Industry: BankingFinancial Institution
  • Partnership Period: February 2016 - August 2016
  • Team Size: 4
  • Team Location: Plovdiv, Bulgaria
  • Services: Dedicated Development TeamMonitoring SolutionDeep AnalyticsArtificial IntelligenceDeep Learning
  • Technologies: Java
  • Project URL: https://www.eurobank.gr/en/group

Evaluation

To assess the ready-built monitoring solution, and, as a consequence, evaluate different choices, we deployed a pilot system whose purpose was to monitor test servers and record all terminal and remote user sessions. All user actions were logged, including privileged account activity.

<strong>Evaluation</strong>
<strong>Solution</strong>

Solution

After a long period of data recording, deep analytics were applied to obtain precise monitoring statistics. The depth of data recorded turned out not to be sufficient to fulfill the compliance targets set by the bank. Thus, a custom solution was needed to be implemented.

Implementation

CodeCoda's team implemented an elegant solution by hooking into all the servers, and having a dedicated set of servers monitors each other. This Java-based solution not only monitors but is also aware of any form of a breach attempt. The unique applied set of signature signing algorithms highlights cases of attempted illegal system entries. All communications are logged and analyzed in real-time, allowing action before any transaction is concluded, or falsified.
Our solution made it virtually impossible for wrongdoers to intrude into the system from the in- or externally.

<strong>Implementation</strong>
<strong>Value Delivered</strong> by CodeCoda

Value Delivered by CodeCoda

With the development of server agents at all the Bank’s locations, the hooking into all communications, the monitoring of teller terminals and remote sessions, and logging all user actions, the Bank could comply with the auditing specifications set out by legislation. To provide more optimal support of the bank’s server architecture, we still develop and implement new features according to their requests. With our solution, the bank has complied with all regulations. There is total control on server infrastructure and attempts to bypass security. A dedicated security team can now comfortably monitor all movements, using Deep Learning to alert for any internal or external breach attempts.