Address SWIFT Customer Security Controls Framework with CyberArk

July 17, 2017 David Higgins

The Society of Worldwide Interbank Financial Telecommunication (SWIFT) provides a community of global financial institutions the ability to exchange sensitive information relating to international financial transactions. This vast network—over 11,000 customers across 200+ countries—has become an attractive, high-value target for cyber attackers, as evidenced by high-profile breaches including the infamous Bangladesh Central Bank heist. By capturing legitimate SWIFT operator credentials while employing increasingly sophisticated hacking techniques, attackers continue to pilfer hundreds of millions from banks around the world.

Protecting these credentials from reaching the hands of criminals is an essential step in preventing future attacks. To that end, SWIFT’s Customer Security Programme has established a secure framework and baseline of accountability for customers of SWIFT. This framework has a strong emphasis on privileged account security. Mandatory and advisory security controls must be implemented across the community, and organizations must prove compliance with these regulations by January 18, 2018.

The SWIFT security framework is comprised of 27 controls based on three overarching objectives, and there are about five months remaining to prove compliance. Fortunately, CyberArk customers can address a majority of these controls. CyberArk provides the capabilities needed to meet requirements around securing the organization’s environment, knowing “who” and “what” has access to critical systems and applications as well as detecting and responding to high-risk activity in operator sessions. Following is a high-level look at how CyberArk can help organizations to meet these core objectives:

Secure Your Environment: Risk comes from outside and within—determined, malicious “outsiders” and careless or disgruntled “insiders.” Either can wreak havoc on a financial institution. Unmanaged privileged credentials and accounts are the common vulnerability in both cases. The CyberArk Privileged Account Security Solution can protect and control access to critical systems and infrastructure within a local SWIFT environment. By removing local administrative rights and using CyberArk Endpoint Privilege Manager, organizations can provide users with non-administrative access and on-demand session elevation when needed based on defined policies. Multiple layers of built-in security serve to protect all privileged account operator credentials, including passwords and SSH keys (which may be used to access critical UNIX/Linux operating systems).

Know and Limit Access: The CyberArk Privileged Session Manager enables organizations to isolate, monitor, record and control privileged sessions on critical systems. The solution acts as a jump server and single access control point enabling organizations to have a “secure zone” to protect the local SWIFT infrastructure. Real-time privilege session monitoring enables security teams to detect suspicious activity as soon as it occurs and remotely terminate the session to minimize any potential damage. Additionally, searchable audit logs and session recordings are stored in a tamper-proof vault to prevent privileged users from editing or deleting their history. Security and audit teams can easily review these recordings and audit logs to locate the exact moment an event occurred and gain a clear understanding of the scope and severity of an incident.

Detect and Respond: Attackers target and compromise legitimate, trusted credentials within the network. This makes detecting their abuse a serious challenge when attempting to detect credential theft attacks. Many institutions also struggle to pinpoint attempts to bypass enforced controls by internal or external threat actors. To help overcome these challenges, CyberArk Privileged Threat Analytics implements detection capabilities around the abuse, misuse and theft attacks on privileged credentials. When combined with the CyberArk Privileged Account Security Solution, CyberArk can flag high-risk, anomalous activity within local SWIFT environments with a fully detailed and searchable audit trail of privileged activity.

To learn more about how CyberArk can help your organization to prepare for the January 2018 SWIFT security framework compliance deadline, check out the webinar replay ‘Fast Track to SWIFT Compliance


Previous Article
Circumventing Application Whitelisting and Misplaced Trust
Circumventing Application Whitelisting and Misplaced Trust

Application whitelisting has been an advantageous technique to harden an organization’s endpoints against m...

Next Article
The NotPetya Global Pandemic – CyberArk Labs Analysis
The NotPetya Global Pandemic – CyberArk Labs Analysis

In May 2017, WannaCry took advantage of an exploit in the Windows operating system to usher in a cyber secu...