Join us June 8th to hear first-hand experiences from Bain Capital’s VP and CISO, Mark Sutton, in our webinar “Lessons Learned Building Bain Capital’s Insider Threat Program.” Register Now
Bank Hapoalim Case Study
Israel's leading financial group and largest bank has a significant presence in global financial markets. In Israel, the group has over 260 full-service branches, eight regional business centers, and industry desks for major corporate customers.
The bank is outsourcing its IT activities to one of Israel's largest IT firms. In 2004, Israel's Supervisor of Banks enacted Regulation 357, based on both the Basel 2 Accord and the US Sarbanes-Oxley Act. The new regulation required banks to, among other things, maintain a full audit trail based on computerized recordings (logs) of access, transactions and queries performed in their information systems. The logs should include the identity of the person accessing the systems, the place, time and particulars of the transaction, such as the account number accessed and the type of access (i.e. read, update, delete). The records management systems should also warn designated parties within the organization of unauthorized external activities as well as exceptional activities of the various types of users, as defined by the bank management.
Based on the stringent requirements mentioned above, the bank wished to audit the 3rd party access to its servers, as well as introduce a mean of surveillance on the access to its sensitive financial data.
The bank has deployed over 300 ObserveIT server agents on its domestic network, as well as over 10 agents on its international network. With this, the bank has achieved full control on the external access to its most precious IT resources, and met all its regulatory requirements.