BANKING / SYMANTEC GIVES THAILAND GOOD REPORT

Thai banks adopting risk management tools

DON SAMBANDARAKSA

Thai banks are adapting quickly to new regulations related to risk management and are catching up with financial markets in places like Singapore and Malaysia, according to Jeffrey Hoo, regional compliance and security field director for Symantec, which recently released its latest IT Risk Management report.

"Thailand [is] actually at the forefront of regulation and the banks here in Thailand have moved very quickly in the area of risk management," Hoo commented.

He said that companies are facing greater risk and complexity from files and applications residing everwhere from notebooks and PCs to storage servers and mainframes.

According to the Symantec IT Risk Management report, there is a clear correlation between security and compliance.

"Firms with the fewest [compliance] deficiencies reported the most reduction in IT security threats. In other words, when you do security well, it leads to compliance," he said.

Today, the biggest challenge for IT compliance is poor visibility when different departments do not know what the others are doing, according to the report. A close second is resource constraints as few organisations are blessed with a budget for dedicated security personnel.

Symantec recently announced Security Information Manager 4.5, an appliance that collects and prioritises security information, identifies and resolves security incidents, demonstrates compliance through reports and logs, and measures the effectiveness of security controls.

It works by combining the Symantec Deepsight knowledge-base of incidents with data fed into it from the organisation's firewalls, servers and applications through the use of event collectors.

An event collector is a piece of software that runs on the firewalls, identity management servers, application servers, anti-virus servers, web servers or any of over a hundred different common devices and applications in today's corporation.

For example, if the anti-virus server identifies a virus, it will send an event to the Security Information Manager. Then, based on information from Deepsight and the way other boxes and servers are configured, it will help prioritise the incident.

In some cases, the virus will have almost no effect on the organisation because of the way the network or servers were configured. In other cases, the virus outbreak would have a severe affect.

More importantly, because the collectors only send out incident data without exposing the actual organisation's data, it allows organisations to outsource their security and security incident management while keeping confidential customer information within the organisation.

The outsourced security manager can then deal with the incidents and put in patches without having to have full access to the systems. It also means that organisations can adopt an in-between model and outsource security without outsourcing their entire IT systems.

The system has rule sets regarding CoBIT or ISO standards, and can automatically see if common servers, are configured in accordance with these best practices.

Hoo pointed out that the Security Information Manager draws information from Symantec's global network that contains millions of sensors.

The Security Information Manager has a built-in trouble ticketing system, or can integrate with many help desks and generate incident tickets automatically.

Symantec in Thailand is aiming the Security Information Manager 4.5 at the banking and telecommunication sectors first, as these sectors are suffering from too many monitoring screens to look at.

Bangkok Post

Last Updated : Sunday April 08, 2007