Financial Services Information Security
Critical Informatics has a proven record of protecting the customer data, financial systems, and networks of financial services organizations. Through our managed cybersecurity services and consulting, we become an extension of our customers’ teams and technologies, targeting three basic goals: data security and privacy, continuity of operations, and regulatory compliance.
Our core Managed Detection and Response (MDR) service provides both the technology and the human expertise to detect, investigate, respond, and recover from IT security threats and intrusions.
Our Information Security Consulting Services help our customers uncover, and then shore-up, cybersecurity threats, gaps, and vulnerabilities. These services provide the basis for monitoring financial information infrastructure and access to Personally Identifiable Information (PII) through a fiscally-responsible Managed Security Service (MSS) and executive IT Security communication strategy.
Sign up for our weekly Financial Services Cybersecurity Briefing to stay up to date on the Information Security news that you need to know.
Managed Detection and Response
Our Managed Detection and Response (MDR) service provides financial service organizations with accurate security monitoring and rapid incident response. We combine unique detection analytics with deep human expertise to detect, investigate, confirm, respond, and recover from a compromise and prevent it from becoming a major breach. Critical Informatics helps Banks, Credit Unions, Registered Investment Advisors (RIAs), Broker Dealers, and Insurance Companies and Agencies meet their mission, in a world of quickly-evolving threats. Purpose-built for highly-regulated networks, our MDR service is designed to facilitate rapid and accurate confirmation of compromised assets while ensuring only incidental access to PII and financial information.
Our algorithms process network event data to identify:
- Statistical anomalies
- Interaction with known malware distribution or criminal command and control sites
- Signature-based events from the intrusion detection Critical Insight Collector
- Correlation of multiple suspicious events
- Significant periodicity in signals
Our machine learning “remembers” every question asked of the data, and this is used to automate those queries that yield results.
Utilizing elastic scalability, machine learning, and advanced data indexing algorithms, we are limited only by the amount of data you can provide to us. We grow as large as we need to be, and we do not lose processing capabilities as we scale. Our machine learning approach allows Critical Insight to become continuously more powerful, accurate and faster as data is ingested and processed.
Our promise to you is to only provide actionable alerts, not false positives. Our security experts investigate each incident to confirm which are true threats. Once confirmed, the analyst prepares and communicates a customized Incident Action Plan (IAP) and interfaces with your staff in a pre-designed incident response process to quickly address the compromise. Incidents are addressed quickly so that actual damage and loss are averted or minimized. This process eliminates false positives and gives you an actionable plan for confirmed threats.
The availability of full packet capture at the collector allows our analysts to “replay” events under investigation for 100% incident confirmation and 0 false positives while ensuring only incidental access to sensitive information. Once an incident has been confirmed, we can go “back in time” and determine if any other compromises occurred prior. We can replay all that happened, often down to the mouse-click.
Contact us to learn more about integrating our MDR Service into your cybersecurity strategy.
Information Security Consulting
Financial organizations are regulated by multiple regulatory bodies and SROs. In the common interest of protecting customer and financial information, firms must comply with a broad set of security requirements. In addition to our Managed Security Services, we offer our financial service clients a full set of cybersecurity consulting services that ensure regulatory compliance. These services include:
- Information Security Assessment
- Wireless Security Assessments
- Financial Systems Penetration Testing
- PCI and GLBA Compliance Assessments
- OCC, FDIC, SEC, and FINRA Rule Compliance
Contact us to learn more about how our Financial Service Security Consulting can help protect your customer and financial data and ensure your organization remains in compliance.
“Critical Informatics served a pivotal role as the City positioned itself to receiving a successful Level 1 Report of Compliance. Critical Informatics brought a passion and professionalism to this project that was much appreciated!”
– Teri Allen, Treasury Manager, City of Seattle
Learn how to navigate the Information Security regulatory environment in Financial Services
Our financial services team is led by our CEO, Garrett Silver.
Garrett Silver, CFA, has nearly 20 years of leading teams and technologies in the financial sector. He has extensive experience protecting customer assets and has overseen the same risk-based decisions faced by Critical Informatics customers every day. Formerly the Divisional CIO of ING DIRECT ShareBuilder, and later Capital One Investing, Garrett oversaw broad technology initiatives, including information security practices, regulatory audits, and third-party management programs. Later, as Managing Vice President of Digital Products, Marketing, and Business Analysis, Garrett sat on the Investment Risk Oversight Committee, chaired the Investment Committee, and performed duties as the Divisional Data Risk Officer. Garrett now brings his technical, management, and financial experience to Critical Informatics, keeping a keen focus on the needs of our customers.
Critical Informatics has successfully completed a Type 1 SOC 2 examination, performed by an independent CPA firm. The examination report is available to current and future customers upon request. We are committed to performing ongoing Type 2 SOC 2 examinations in future years.
Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc.
All other brand names, trademarks, service marks and copyrights are the property of their respective owners.
© 2017 Critical Informatics, Inc. All Rights Reserved.