GLBA

Gramm-Leach Bliley Act (GLBA) & Federal Financial Institutions Examination Council (FFIEC) for Financial Institutions. The Financial Services Modernization Act of 1999, more commonly known for its authors, Gramm-Leach-Bliley, includes provisions to protect consumers' personal financial information held by financial institutions.

As part of its implementation of the GLB Act, the Federal Trade Commission (FTC) issued the Safeguards Rule under section 501(b), requiring financial institutions under FTC jurisdiction to secure customer records and information. The three main objectives of GLBA 501(b) are to:

  • Ensure the security and confidentiality of customer records and information
  • Protect against any anticipated threats or hazards to the security or integrity of such records
  • ForProtect against unauthorized access or use of such records or information which could result in substantial harm or inconvenience to any customer.tinet

The Federal Financial Institutions Examination Council (FFIEC), comprised of examiners from many different regulatory bodies tasked with GLBA enforcement, has created an Information Security Handbook and an exhaustive set of tests to assess compliance with the Safeguards Rule, including over 20 specifically related to intrusion prevention and detection. The security process recommended by the FFIEC comprises five key areas:

  • Information security risk assessment
  • Information security strategy
  • Implement security controls
  • Security testing
  • Monitoring and updating

Meeting the Compliance Challenge

The Axxera CI System is ideal for helping organizations comply with GLBA. Axxera CI is the most effective and efficient way to implement the best-practice security guidelines from the FFIEC. With Axxera CI, you can establish, enforce, monitor, and manage the security policies you need to ensure compliance and protect your organization from attack.

Axxera CI Supports FFIEC Security Best Practices

As the enterprise security system for your company, Axxera CI provides the following capabilities critical to network security best practices as described by the FFIEC, and necessary for GLBA compliance:

 FFIEC Guideline The Axxera CI 3D Approach
Information Security Assessment: Gather data on assets and threats to those assetsAxxera CI  SIEM passive discovery provides a real-time view of what is on the network and maps those hosts against numerous known vulnerabilities. Axxera Security Consulting can do a Security Assessment and assess any Vulnerability issues on the Network, Applications, Databases etc.
AxxeraSecurityConsulting              AxxeraSIEMProduct              
Security Strategy that includes prevention, detection, and responseAxxera CI  SIEM integrates with 3rd party tools like IPS, IDS, DLP , Email Encryption, Vulnerability tools and compliance technologies to provide best-of-breed technical controls satisfying all three desired control types. Axxera SIEM has a ITIL based ticketing system and its sensors integrate with over 250, 3rd party tools. Tickets can be viewed via Portal and Console.
ManagedFirewall              ManagedIDS                  AxxeraLogMonitoring                   
Monitor access for policy violations and anomalous activityAxxera CI SIEM delivers continuous monitoring for security events, anomalous behavior, configuration changes and policy violations, and vulnerability exposure with 3rd party integration of over 250 Security tools.
AxxeraSIEMProduct                SecurityConsulting               ManagedFirewall                  ManagedIDS                    AxxeraLogMonitoring             
Monitoring of incoming and outgoing trafficAxxera SIEM delivers and integrate with 3rd party tools and  industry leading IPS technologies satisfying FFIEC guidelines.
AxxeraSIEMProduct                 SecurityConsulting                    ManagedFirewall                 ManagedIDS                  AxxeraLogMonitoring                  
Hardening: Minimum system requirements disallowing non- compliant activityAxxera SIEM enables users to implement baseline configuration policies for endpoints, subnets, and networks. The system automates monitoring and enforcement of configuration policy. Axxera SIEM integrates with 3rd party tools and Sensors integrate to covert Security violations into alerts and all alerts will convert to tickets in the Ticketing System then displayed on Axxera Portal and Console for Security Operation Center.
AxxeraSIEMProduct                ManagedFirewall                ManagedIDS                      AxxeraLogMonitoring                   
Security Monitoring: Policy violations, anomalous activity, security eventsAxxera CI SIEM delivers continuous monitoring for security events, anomalous behavior, configuration changes and policy violations, and vulnerability exposure.
 AxxeraSIEMProduct                 ManagedFirewall              ManagedIDS                AxxeraLogMonitoring