To provide a secure, future-proof banking environment and relieve IT personnel of time-consuming security tasks so they can focus more on innovation.
Improved security postureand a much wider security view with IBM QRadar
Increased productivityof IT staff with most first-line tasks performed in the IBM SOC
Heightened proactivityfor more thorough security threat analysis
Business challenge story
Effective security and IT innovation
For Raiffeisen, keeping all security-related activities in-house is neither efficient, nor effective. With an explosion of data and threats, it’s hard for in-house security staff to keep up to date. This was the first challenge Raiffeisen faced. Freeing up time for IT innovation was the second challenge. “With the vast majority of Raiffeisen’s IT department focusing on developing and implementing new products and services, it would be a pity to put that continuous innovation on hold due to the massive burden of keeping up to date with the latest evolutions in security,” Jean-Luc Martino, CIO, notes. “It is far more worthwhile to leave the biggest chunk of the work to those partners who have gathered years of expertise and knowhow, something we simply cannot build up as a company on our own.”
For more effective and efficient security and to free up time for IT innovation, Raiffeisen made the strategical decision to outsource security monitoring to specialized players. “That way, we unburden our IT staff, freeing them up so we can involve them in our project process instead. Of course there’s also a learning curve within Raiffeisen, to become familiar with the new structure and way of working, but we’re confident it will pay off. We would never be able to build up the same level of security expertise on our own that we find with our partners,” says Jean-Luc Martino.
Harvesting and correlating logs to detect security breaches in real time
Raiffeisen started a tender process to acquire a SIEM system and find a partner to help them manage the system. IBM won the call for bids, to which several different competitors had initially responded. IBM was not a complete unknown to Raiffeisen. The bank’s new core banking platform, which was launched four years ago, has IBM infrastructure ‘under the hood’. Also, in the context of cybersecurity, IBM was already involved in Raiffeisen’s network security through delivering Intrusion Detection and Prevention (IDS-IPS) services to Raiffeisen from its Security Operations Center (SOC).
IBM delivered its Security Intelligence Solution IBM QRadar SIEM and manages this system for Raiffeisen in its Luxembourg SOC. This IBM center is co-operated with Sogeti and equipped to meet the stringent compliance requirements of Luxembourg’s financial sector. IBM monitors the Raiffeisen IT environment using QRadar’s analytical capabilities, which leads to real-time, 24/7 harvesting and correlating of logs to detect security breaches. After a thorough pre-selection, only truly relevant incidents are sent back to the Raiffeisen IT and security staff. That means IBM excludes, among other things, false positives from the incident overview.
Staying ahead of the curve
The new detection capabilities offered by IBM QRadar SIEM help Raiffeisen to improve its security posture, as IBM QRadar offers a much wider security view than the IPS-IDS. IBM QRadar provides Raiffeisen with a more complete overview of what’s going on in their IT environment, since the solution uses a variety of sources to monitor and analyse the security environment. In the new security set up, IPS-IDS is just one of the many sources IBM QRadar ingests for correlation and analysis of Raiffeisen's security posture.
Secondly, IBM QRadar is delivered as a managed service which frees up time for Raiffeisen IT staff because most first-line security tasks are performed in the IBM SOC, by external security specialists. Raiffeisen only has to focus on the relevant security threats the IBM SOC has already filtered out of the bunch – and act on those. IT personnel is relieved from many time-consuming routine tasks, like sifting through massive amounts of security data, searching for suspicious events and identifying incidents that might pose a real threat. This also brings forward a new benefit: Raiffeisen security staff is able to take on a more proactive role. They now have the time and facts on hand for more thorough security threat analysis.
The project has been up and running as of June 2017. Jean-François Mairlot from IBM Security, who was closely involved in the project, shares some of his first experiences with the cybersecurity services provided to Raiffeisen: “On some one hundred million collected logs, a few hundred security offenses were detected by the SIEM system and were analyzed by our Security Operations Center. Of these potential offenses, a few dozen were ultimately sent back to Raiffeisen for more thorough analysis. I’ll leave it to you to calculate the sheer amount of time that is won internally at Raiffeisen.”
With IBM QRadar SIEM, Raiffeisen is able to further innovate for the future based on a secure IT environment. This is significantly important, considering the ever-growing number of cybersecurity threats in the financial services industries, characterized by far-reaching waves of digitalization and disruption. Jean-Luc Martino: “Banks must stay ahead of the curve and keep investing in security. With open banking platforms, tighter regulations and a more complex world in general, security will remain a challenging domain. This is why it is fundamental to work with the right partners, and benefit from their expertise.” Furthermore, the ways in which people collaborate to create value are radically changing, and the rate at which they expect innovative, user-friendly and secure solutions is increasing. “Outsourcing SIEM frees up staff that can fully focus on bringing innovation to Raiffeisen’s clients. It is my belief that within five years, it will be really hard for us to imagine what it was like before we chose to team up with IBM.”
As the first cooperative bank in Luxembourg, Raiffeisen focuses on its home market with its three business lines which are retail banking, corporate banking and private banking. Although every client is different, they all share the same concern for a secure banking environment. Just like any other financial services player, Raiffeisen cannot afford to underestimate the importance of the right security policy. It was this need for security that necessitated day-to-day Security Information and Event Management (SIEM).
Being at the front line of innovation is very important to Raiffeisen. Of its 600 employees, 55 work in the IT department and report to Jean-Luc Martino, CIO at Raiffeisen: “Delivering new services and products being one of our strategic goals, we specifically allocate about 80% of our development force to projects and evolution required by our business and the underlying regulations.”
- QRadar SIEM