With the realization that financial institutions needed a security command and control layer, DefenseStorm was launched two years ago. Their mission: to aggregate event data across every cybersecurity tool and the business productivity application a bank uses and link them to controls and processes that allow security analysts to meet the institution’s intended security posture. Sean Feeney, CEO of DefenseStorm, explains, “Many community banks don’t have a large security staff and are essentially augmenting that staff by providing an efficient and easy way to manage the security products they have.”
Firewalls and applications have security tools that provide security information, but there is no one place for this data to be aggregated and analyzed. DefenseStorm gives C-level executives a single command and control platform that provides regular reporting on a quarterly, monthly, or weekly basis, so they have visibility into what’s going on throughout their network security. Feeney says, “There are a lot of point solutions out there, which I think of as cyber silos of data. We bring that all together in one place so C-level management can see what is going on in cyber security.”
DefenseStorm’s solution is a hybrid that manages both ground (on-premise and colo) and cloud security software and apps. This enables DefenseStorm’s clients to switch from a reactive to a proactive security posture.
A lot of community banks are really small businesses. I’m a big believer that the easyto- use UI is the killer features and it drastically improves the way security analysts manage their day
“Having a military background and having gone to West Point, my view is that the DefenseStorm system gives CSOs eyes and ears on the battlefield, so they can see what’s going on across the entire battlefield, not just in one battle in one part of the organization,” says Feeney.
Part of DefenseStorm’s success with banks and credit unions is that they take the bank’s policies, relate them to cybersecurity alerts and incidents, and then report those results to management. For example, letting the bank CSO know that the policy around clicking on outside emails is only being followed ten percentage of the time, but a policy in another area is very comprehensive and has a 95 percent compliance rate. DefenseStorm provides actionable intelligence so the bank leadership not only sees how their cybersecurity program is performing, but can link that to their policies to see how the behavior of their employees is affecting security and whether the policies are effective or being ignored.
In the future DefenseStorm is looking to make cybersecurity management easier and more efficient because there is a lot of pressure on community banking in terms of cost and scalability. These pressures are expected to continue growing, as additional bank regulations are enacted.