CU news Logo

Your source for the latest technology information of interest to community banks across America. Subscribe to our weekly e-mail newsletter and stay on top of the latest technology trends in Hardware, Software, ATMs, Wireless, Online Banking, Marketing, Security, Internet Access and Call Centers.

February 27, 2017

 


Hardware News

Cisco is coming out with four next-generation firewall appliances aimed at smaller organizations that compete against midrange devices made by Check Point, Fortinet and Palo Alto Networks. The appliances can automate security tasks including assessment, tuning and remediation. Management for the new devices can be handled by the onboard Cisco Device Manager, Management Center appliances for managing multiple devices, and Cisco Defense Orchestrator, its cloud-based policy management tool.

In a related story, Palo Alto Networks unveiled a new purpose-built hardware and virtual next-generation firewall appliances that enable applications and redefine security performance for both threat prevention and SSL decryption. The company says that their boxes will enable customers to safely embrace the cloud and prevent successful cyberattacks across network, endpoint and cloud environments. The new models complement enhancements to the Palo Alto Networks Next-Generation Security Platform PAN-OS operating system 8.0, which includes more than 70 new features that help deliver threat and credential theft prevention, secure cloud enablement, and more. 

~~~

Hardware Section Sponsored by
Millennial Vision, Inc. (MVi)

Back to Top


Software Updates

Building on the work of the Cloud Signature Consortium, Adobe unveiled the first cloud-based digital signature built on an open standard. The company claims that Adobe Document Cloud and Adobe Sign will enable digital signatures in any browser or on any mobile device. It also includes business workflows that can route documents for collaboration or certified electronic delivery, and connect into systems like Microsoft SharePoint. Plus you can send for ‘certified delivery` when you need clear proof that your recipient both viewed and acknowledged a document. Finally, using the Adobe Sign mobile app, you scan printed pages and send for signature or sign from your smartphone or tablet.

The SOCVue Patch Management service automatically scans Windows and Linux endpoints for missing patches for the OS, browser and 3rd-party applications like Java and Adobe. Through EiQ`s SOCVue Portal, you can review, approve and remediate patches with the proper change control processes and reporting. EiQ Networks claims that their SOCVue Patch Management service provides patch scanning, analysis, reporting, and remediation at a fraction of the cost of alternative on-premises solutions that require in-house management, process, and expertise to be effective.

~~~

Back to Top


ATMs/Kiosks

ATM management solution provider ESQ has launched a new app for smartphones and tablets that gives users up-to-date and actionable information about their ATMs. The company claims that their OperationsBridge platform is the only enterprise-grade solution that is multivendor, multitenant, and deployable on any ATM fleet. OperationsBridge Mobile includes an ATM network view that shows:

  • the status of active and inactive ATMs
  • critical failures based on pre-specified thresholds
  • granular transaction volume views
  • average ATM response times
  • cash withdrawal per current account

Even though physical attacks on ATMs have been increasing, there is no central repository for incident reports for attacks on ATMs. ATM deployers have to rely on information coming from the U.S. Secret Service, ATM manufacturers, banks and vendors. The ABA has collected statistics on ATM attacks for a few years with about 60% of 91,000 bank branches in the U.S. voluntarily contributing data. To help track patterns of criminal activity and effect preventative measures, the ABA has added a new feature to its nationwide bank robbery database that allows subscribers to key in ATM crime data, including skimming attacks.

~~~

ATMs/Kiosks Sponsored by
Heritage Industries

 


Back to Top


Wireless World

According to a MEF Mobile Money Report, more than three fourths (78%) of people made a purchase by mobile—which includes digital wallets—in the previous six months, but more than half (58%) abandoned a transaction before checkout. Here are the main reasons from the study that consumers say they abandon a mobile purchase once started:

31% - asked for too much sensitive information

22% - due to connectivity or other technical issues

21% - took too long to complete

Many security experts recommend that you never open a mobile banking app after you have joined a public Wi-Fi network, Plus they point out that while fairly rare, a determined scammer can force-join your mobile device onto a rogue network without your knowledge. You can work around this potential issue by opening “Settings” and turning the “Wi-Fi” switch off prior to launching your mobile banking app in public. While on a cellular connection vulnerabilities still exist, cellular interception is more difficult, requires expensive hardware, and is more noticeable, so it is much less plausible for a scammer to risk attempting to intercept your mobile banking activities during a cellular data connection.

~~~

Back to Top


Security Section

During Black Hat USA and DEF CON 24 in 2016, three-quarters if queried penetration testers claimed they could compromise a target in under 12 hours; 28% took between six and 12 hours and 43% found a way in within six hours. They also revealed that:

  • a direct server attack is the most popular method for breaking into systems (43%), followed by phishing (40%). Drive-by and watering hole attacks are both preferred by 9% of the hackers.
  • 60% use open source tools, 21% their own custom tools, just 10% use commercial tools. 5% opt for private exploits, and 3% for exploit packs.
  • 84% of them use social engineering to obtain information about a target, and 86% use vulnerability scanning to identify potential vulnerabilities.
  • 33% of the respondents say that their target`s security team never spots their presence in their systems.

In terms of preventing attacks, intrusion prevention systems and endpoint security solutions presented the greatest challenge for the respondents (29% and 23%, respectively), while firewalls came in third, and antivirus a distant fourth at 2%.

The overwhelming majority of all critical Microsoft vulnerabilities discovered and fixed in 2016 can be mitigated by simply removing admin rights across an organization, according to Avecto's analysis Microsoft security bulletins. A Microsoft MVP noted that “implementing a proactive defense strategy, starting at the endpoint and building out with least privilege, simple application whitelisting and content isolation will put you in a much stronger position by reducing the attack surface and building secure defensible endpoints.”

~~~

Back to Top


Leaders Roundtable

Security:

Battling Security Fatigue – Working Towards Usable Security

 

 

Onbase by Hyland Software - http://www.onbase.com
Read Steve Comer's comments:
https://www.banktt.com/OnBase.pdf

 

Millennial Vision - http://www.mviusa.com
Read Scott Cowan's comments:
https://www.banktt.com/MVi.pdf

 

NetWatcher - http://www.netwatcher.com
Read Scott B. Suhy's comments:
https://www.banktt.com/NetWatcher.pdf

 

Network Bix USA
 
Network Box - https://www.networkboxusa.com  
Read Pierluigi Stella's comments:

 

MVi
Nintex - https://www.nintex.com
Read Mike Fitzmaurice's comments:
https://www.banktt.com/Nintex.pdf

 

Security Compliance Associates - http://www.scasecurity.com
Read Jim Brahm's comments:
https://www.banktt.com/SCA.pdf

 

SentinelOne - http://www.sentinelone.com
Read Jeremiah Grossman's comments:
https://www.banktt.com/SentinelOne.pdf

~~~

Back to Top


Technology and Marketing

Many people agree that data visualization is a key part of business and marketing decision-making. Some factors to consider when choosing a data visualization product include price, dashboard customization, data analysis capabilities, and ease of use. Here are five top data visualization solutions:

- Tableau

- Sisense

- Dundas BI

- Qlik Sense

- SAP Lumira

~~~

Back to Top


Online Banking/E-Commerce/Website Design

Javelin Strategy & Research released “Digital Account Opening Fails to Deliver a Single-Channel Experience,” which found that over 2 out of 3 successful applicants used online and mobile channels for some stage of the application process to open a credit card application and 60% used these channels to open checking accounts. But digital applications are currently failing to deliver a single-channel experience, especially mobile account opening. About 34% of successful applicants opened and completed the application process online, while the other 66% turned to another channel at some point. Mobile netted only 8% of successful applications with a start-to-finish process. The research firm concludes that with the heightened risk of abandonment every time an applicant switches channels, banks need to work towards an integrated, satisfying, multichannel experience.

Some observers contend that biometrics and behavioral analytics will soon be taking over online and mobile banking logins forever. Case in point: U.S. Bank has set a target of removing passwords “altogether” from the login process, and are currently in the process of laying the groundwork for that implementation in 2017. They currently offer fingerprint authentication and voice verification, and will be looking at facial recognition and pattern matching this year.

~~~

Back to Top


Internet Access

Level 3 Communications, a major Internet backbone provider, is constantly on the lookout for cyberattacks on the network level; in fact, they have linked more than 150 million IP addresses to malicious activity worldwide. Bad behavior patterns have helped Level 3 build algorithms to identity suspicious traffic, but blocking those machines can be problematic. Notifying businesses is often pretty straightforward, but Level 3 has to work with hosting providers in order to reach consumer PCs that have been compromised. Some ISPs will make the effort to contact their subscribers, while others will not. Just about everyone agrees that it will take a collective effort - of ISPs, governments, businesses and consumers - to clean up the Internet and secure today's devices.

Unified Communication (UC) vendors such as Cisco, Microsoft, Unify, RingCentral and many others are rapidly creating, building or acquiring workstream messaging applications. These workstream messaging applications effectively capture (and preserve) conversations across multiple modalities, including voice. Here are some examples:

- Microsoft has developed Teams as a Slack-like workstream messaging application

- Cisco developed Spark for messaging and has already integrated it with Cisco UC solutions

- RingCentral bundles its Office service with its workstream messaging app called Glip

All of these applications share common elements, such as persistent messaging, robust APIs, shared content, and search and discovery.

~~~

Back to Top


Call Centers

GamEffective is a leading workforce performance gamification company that helps organizations engage employees to improve motivation and learning. They claim that their GamEffective platform can drive contact center performance and learning success. The software helps engage and motivate employees by setting goals and tracking their performance in real time. GamEffective provides real-time feedback as well as dynamic goal setting for employees and managers.

~~~

Back to Top

 

Get Our Free Email Newsletter

First Name(*)
Invalid Input

Last Name(*)
Invalid Input

Position(*)
Invalid Input

E-Mail(*)
Invalid Email Address