From SIEM to Security Intelligence – Banking

The Business

The customer is a high profile international bank servicing a diverse customer base with an equally diverse set of products across corporate and commercial banking, trade finance and treasury. Due to the geopolitical region it serves, the bank operates in a high-threat environment where effective IT threat management is a critical capability beyond simply demonstrating compliance. The bank serves customers across a number of industries including oil and shipping, manufacturing, construction, education and healthcare.


As a mid-sized bank with under 10,000 employees but serving a very large and diverse customer base the bank finds itself managing a very complex application and system environment. This combined with the very nature of the region in which they do business creates a constant level of external and internal threat from fraud, data theft, and system sabotage.

The bank invested in a SIEM solution to help manage this threat but soon after realized that it lacked the necessary analytics and risk-monitoring capabilities for detecting insider and advanced external attacks. Furthermore, the bank’s CISO had a serious blind spot over his key business applications and systems that were the very target of threats about which he was concerned.

The Securonix Solution

Faced with the prospect of building out its own analytical capabilities on top of the SIEM solution, the bank chose to deploy Securonix on-top of their existing SIEM as a “security intelligence” layer. This Securonix Cyber Threat Intelligence solution leverages the existing SIEM for data collection while using Securonix’s advanced detection and monitoring capabilities that the bank desperately needed beyond the network perimeter to critical applications, systems, and users.

Client’s Solution Tour

Core use cases deployed:

Advanced Threat Detection

Securonix aggregates security events and analyzes these events for indicators of advanced threats. By using behavior based analytics, the Securonix solution identifies abnormal and suspicious events. By tagging security events with risk scores and aggregating security events for identifying high risk users and systems, the Securonix solution provides security analysts with a limited set of high risk events.

Continuous Risk Monitoring

Securonix calculates the risks associated with each fraudulent event and aggregates the risk from a user and device level, enabling the security team to focus on the highest risk users and devices.

Privileged Account Monitoring

Securonix monitors for suspicious or non-authorized changes performed by privileged accounts on the bank’s internet facing devices and creates alerts in real time.

Cyber attacks from malicious sources

Securonix uses Threat Intelligence information from multiple third party threat intelligence sources to identify attacks from known malicious sources that are continuously attacking the bank’s environment for client and sensitive data.

Geo-Location Based Account Monitoring

Securonix detects account compromise or misuse by monitoring the changes in geo-location information associated with account access over short periods of time.

Effective Case Management for Risk Routing and Risk Mitigation

In addition to risk intelligence, Securonix provides a complete Case Management facility whereby once threats are identified they are automatically routed to the appropriate person.