NH Investment & Securities Case Study

Jun 13, 2016

BongYeol Yang

The winds of change are blowing in the IT field of the securities industry. Introducing cutting-edge IT technologies from big data, artificial intelligence (AI), open banking, and the cloud to blockchain technology, now it is taking a step forward in the financial technology innovation, leaving incomplete security systems and outdated infrastructure behind. Let's meet the IT executives of major securities companies and hear about their new technology introduction plans and recent achievements. The first interviewee is Baek Jong-woo, Chief Information Security Officer (CISO, Managing Director) of NH Investment & Securities, who is hunting for scam bank accounts using big data technology.

“By using big data to automatically search for suspicious accounts in real-time, the accuracy of scam accounts detection has been increased. It also significantly saves time.”

Jong-woo Baek, chief information security officer (CISO, managing director) of NH Investment & Securities at the NH Nonghyup Foundation office in Yeouido, Seoul, on the 13th, told us the results of the recently built big data-based scam accounts monitoring system.

On the 9th of last month, the NH Investment & Securities Information Protection Department, led by Managing Director Baek, built the industry's first big data-based scam accounts monitoring system. With this, 4 scam accounts have been identified and caught in the past month.

NH Investment & Securities' scam accounts monitoring system is an upgraded version of the fraud detection system (FDS) built in 2014. Ahead of other securities companies, NH Investment & Securities has focused on integrating big data technology into the existing system. It was certain that there was a limit to practically detecting abnormal trading only with FDS. “Most cases of using scam accounts are such as that a transaction occurs suddenly from an inactive account, or that an automatic online or offline withdrawal is made immediately after deposition at a random ATM. We need to construct the big data platform to analyze scam account networks.” Baek said.

"At that time in 2014, with the Financial Investment Association, six securities companies gathered to implement an FDS by purchasing a solution together, but big data technology was not included in the proposed solution," he said. “We were already certain that big data technology would play a larger role in the future and started to build our own solution.”

NH’s monitoring system applies 30 to 40 of its own rules and 10 scenarios that reflect the characteristics of scam accounts to the vast amount of collected data. If a suspicious account is identified, it sends a notification message to the operator. The operator checks and transmits the scam account information to the Korea Federation of Banks and related institutes. Then the Korea Federation of Banks requests the associated financial institution for confirmation and then takes measures such as suspension of payment.

This big data-based scam account monitoring system has significantly reduced costs of time and manpower. While the existing FDS analyzes 400,000 cases per day, this monitoring system can analyze more than 700,000 cases per day. The scope of data collected has also been broadly expanded from the internet banking transactions to all account transactions at each branch, CDs and ATMs, and suspicious account activity detected by the KFTC (Korea Financial Telecommunications & Clearings Institute), and accounts with temporary withdrawal suspension. The detection method has also been diversified. Not only does this require the 2-factor authentication step before transfer but also checks the main transaction log and history simultaneously. “In the past, 2 personnel had to monitor 300 to 500 suspicious accounts manually. But it was, of course, difficult to see them all day long. Now, thanks to the automated system, it requires only one person to check for an average of 70 cases per day, which takes an hour or two,” he explained.

Enterprise-wide support made it possible to introduce such advanced technology before others. One billion won has been invested in the monitoring system. From this month, it also started to develop an integrated monitoring system that can analyze correlations between log data generated by various security solutions together. Director Baek said, “Personal data breach and illegal transactions in the financial sector undermine the public trust in the financial sector. It is a non-negotiable choice that we made a large investment to overcome this situation and improve our reputation.” “By launching our new SIEM system in early December, we are expecting to prove more enhanced security posture.”

clickyj@dt.co.kr

Read the original article here: http://www.dt.co.kr/contents.html?article_no=2016061402100658759001

On the 14th, Answer (CEO Park Jun-Hyung) announced that it had completed a big data platform project for SK planet (CEO Seo Jin-woo). SK planet has now deployed a security incident detection and triage system by using a log management solution and WORM (Write Once, Read Many) storage. It solves compliance issues for the Personal Information Protection Act, the Information and Communications Network Act and the Electronic Financial Transactions Act. Answer deployed Logpresso platforms to five internet data centers operated by SK planet. Logpresso is a solution that stores logs in WORM disks that cannot be forged or tampered with, and supports audits, incident investigations and responses. Numerous event logs collected from heterogeneous systems are analyzed and integrated into a single UI, which ensures the confidentiality and integrity of the original log. It also supports real-time event analysis and forensic log analysis for follow-up. It is possible to detect system log events and to set thresholds such as real-time notification servers, networks, and operating systems. The CEO of Answer said, “Demand for big data security solutions will increase not only in big data platforms but also in the fintech industry, including simple payment. We are focusing on securing new customers in related fields in the second half of this year.” <Reporter Kim In-soon> insoon@etnews.com Read the original article here: [https://www.etnews.com/20150914000221](https://www.etnews.com/20150914000221)

2015-09-14

KB Kookmin Bank Case Study

KB Kookmin Bank announced plans to launch its own unified cyber security platform. Work began on the platform with IBM in the second half of last year and live service is scheduled to start after pilot operations are concluded early next month. KB Kookmin Bank announced on the 26th that it will create a next-generation security platform, the KB Unified Cyber Security Platform, a continuous and comprehensive integrated monitoring system for security threats that is scheduled to open in May. Currently, humans cannot analyze the numerous security data generated by security systems in real-time. There is a need to improve the current security platform by developing an integrated monitoring system for individual solutions. This is not just a problem for KB, but has been a genuine concern of the entire financial sector. In line with these needs, KB’s unified cyber security platform is being built to respond to increasing external threats by collecting and analyzing abnormal signals generated from heterogeneous security solutions and identifying correlated threats in real-time in one platform. KB unified cyber security platform can collect and correlate security data in its entirety and uses a plug-in technology to modify the system and dashboard. An integrated dashboard and a web system are configured as well, which enables correlation analysis of policy enforcement status and threat behavior by user-defined search. The framework supports the correlation of anomalies and manages policy enforcement through data analytics from heterogeneous security systems. A KB employee said, “In addition to features provided from existing ESM (Enterprise Security Management), it can comprehensively respond to insider threats as well as network-based external threats with the correlation analysis.” The platform provides machine learning capabilities, which offers a significant improvement over the limitations of existing rule-based detection, and automates security threat detection through self-learning. KB explained that it is now possible to predict anomalies such as DDoS attacks, abnormal communication, and system failures. In particular, it provides consistent visibility of the enterprise for security policy enforcement and incident response for executives and security analysts. With this, it is expected to respond to breaches in a timely manner, and strengthen information security controls. This unified cyber security platform is differentiated from the existing platforms in that C-level executives, including the CEO, can see the enterprise security posture like a security analyst in the field. In the past, engineers had to analyze logs generated from endpoints, servers, and networks first. But with KB's unified cyber security platform, executives can easily see them on a single, unified screen. This type of platform that staffs as well as executives can easily use to check the security posture is unprecedented in the finance sector. “Information security matters as it can threaten the existence of the company. But it is an invisible and often unknown issue unless you are an expert. Many companies have been making a lot of effort to increase the security awareness of their employees, but the reality is that we are experiencing a lot of difficulties,” said a KB spokesperson. "If the accessibility to the data is improved through our system, it will naturally improve the awareness of the importance of security among our employees," added a KB spokesperson. KB Kookmin Bank has also built a system for collecting and analyzing threat data that can be synchronized with the Korea Internet & Security Agency (KISA) and the Financial Security Agency database. It also centralized the administration of the entire firewall policies and monitoring of resource usages and operational status. KB Kookmin Bank said that its unified cyber security platform represents a new security paradigm and will improve the information security environment and enable rapid response against new cyber attacks. Last July, KB Kookmin Bank held an RFP briefing session for the “Unified Cyber Security Platform” and the budget was announced at 3.82 billion won including hardware, software, and professional services. After that, KB selected IBM as the main service provider. <Reporter Choi Minji> cmj@ddaily.co.kr Read the original article here: https://www.ddaily.co.kr/news/article/?no=168208

2018-04-26

Logpresso launches Korea's first enterprise-level cloud SIEM service

Logpresso Cloud is the first SaaS-based Cloud SIEM service offered by a Korean vendor. This service allows comprehensive monitoring and automated threat response across existing on-premise infrastructure, as well as a wide range of SaaS, PaaS, and IaaS solutions utilized by many businesses in their daily operations.

2024-09-20