US Banks Get Serious on Security Information Sharing

The US financial services industry is finally getting tough on cybercrime, with the announcement of a new body to be tasked with developing threat intelligence products.

Soltra is the result of a joint venture partnership between the Financial Services Information Sharing and Analysis Center (FS-ISAC) and The Depository Trust & Clearing Corporation (DTCC).

It will focus on developing “software automation and services that collect, distill and speed the transfer of threat intelligence from a myriad of sources to help safeguard against cyber attacks.”

The new body’s first product, Soltra Edge, is already being tested by organizations and will be ready later this year, the firm said.

It’s explained as follows:

“The solution has been designed to scale to support thousands of organizations and distil large amounts of data into actionable intelligence that is easy to understand and use. It leverages open standards including Structured Threat Information eXpression (STIX™) and Trusted Automate eXchange of Indicator Information (TAXII™).”

Soltra CEO, Mark Clancy, argued that currently threat intelligence is provided manually to financial services organizations from disparate sources and as such takes several hours to interpret.

“With Soltra Edge, one organization’s incident becomes everyone’s defense,” he added in a statement.               

“The solution will enable clients to send, receive, and store cyber security threat intelligence in a streamlined and automated format, enabling these firms to deploy safeguards against a potential cyber attack.”

The news comes in the same week that one of the top financial regulators in the US, New York State Department of Financial Services chief, Benjamin Lawsky, expressed his fears that technical vulnerabilities in the system would lead to “an Armageddon-type cyber event.”

In the UK, the British Bankers Association (BBA) seems to be having the same idea when it comes to information sharing.

This week it announced a new initiative, the Financial Crime Alerts Service (FCAS), which will pull real-time data on various threats from government agencies and law enforcers and send it to participating financial institutions.

However, it’s not been met with universal approval. Alan Carter, head of cloud services at security firm SecureData, claimed the project ignores smaller firms.

"Obviously banks and finance are important enough to command the highest levels of protection, but this needs to be the start of something similar systems that's delivered – not just to banks and the large organisations that can afford it - to smaller businesses and industries as well,” he said.

"It shouldn’t be an exclusive club and it ignores the needs of smaller industries as smaller businesses who don't have the skills, education, access to data or financial clout to mimic services like as this, which is all provided by government departments.”

What’s Hot on Infosecurity Magazine?