LogRhythm helps to mature security operations of Central Banks in Asia Pacific

Central banks play an important role in facilitating economic and financial stability in their respective countries. Broadly speaking, they do this by establishing monetary policy to achieve low and stable inflation, developing the financial system infrastructure, and regulating the financial sector.

In today’s digital-first economy, many central banks have taken the lead in accelerating digital transformation for the banking and financial sector — and for good reason. A robust digital banking ecosystem ensures that customers benefit from a seamless, convenient, and safe banking experience at their fingertips, while banks optimise their processes and workflows to save costs and maintain compliance.

Digital banking has its fair share of risks in the form of cyber vulnerabilities for banks and financial institutions. As such, central banks today have the added responsibility of safeguarding the security of the financial ecosystem, on top of their original mandate.

The Challenge

Financial sectors are more vulnerable than ever. Criminals flock to where the money is. Financial sectors are thus prime targets for cyberattacks, given their access to sensitive data and capital. In fact, a study by Boston Consulting Group revealed that financial institutions are 300 times as likely to be a target of a cyberattack than other sectors.

With the proliferation of online banking and other digital financial services, banks and financial institutions today have to contend with a threat surface area that continues to expand, as they add more digital touchpoints, and onboard more third-party vendors to fulfill their digital banking needs. This leaves them more vulnerable to exploitation from opportunistic cybercriminals. Already, banks and financial institutions — especially those handling high volumes of digital financial transactions — are reporting more incidents of cyberattacks and data breaches.

For example, the Reserve Bank of New Zealand saw its data systems — a third-party file sharing service used to share and store sensitive information — breached illegally earlier in 2021. Likewise, in 2018, the Bank of Thailand reported that computer systems of its two major banks were hackedwith corporate and personal banking information of over 120,000 customers leaked.

Such cyberattacks may result in devastating consequences, involving financial loss, service disruption, and reputational harm. Worse still, cybercriminals can access the wider financial ecosystem through a breach in one institution, leading to widespread damage. This is why, now more than ever, building cyber resilience for the financial ecosystem should be a priority for central banks.

The Solution

How LogRhythm plays a role

To deliver on the promise of a secure financial system, central banks today need to conduct risk assessment and risk management for the banks and financial institutions within the country. This involves assessing vulnerabilities, risks, and threats, as well as setting standards and providing guidance for these entities.

LogRhythm helps to collect, manage, and analyse log data that generates across devices, systems, and applications. The data collected is mapped to the relevant guidelines and controls set by the central bank, reducing the effort needed by individual organisations on setting up and correlating multiple, identical alarms across frameworks. With LogRhythm, organisations can comply with any requirements more efficiently and effectively.

Strong track record of partnerships with central banks

LogRhythm has partnered with several central banks in Asia Pacific to mature their security operations, and ensure the security of their broader financial ecosystem.

Case 1 – Central Bank #1 in SEA

A central bank in Southeast Asia established a risk management policy, which sets guidelines for risk frameworks, governance structures, policies, and procedures, to ensure that financial institutions in the country can properly manage their cyber-risk exposure.

LogRhythm helped the central bank to map its controls to the bank’s risk management policy requirements, allowing the central bank to easily comply with established regulations within a short time frame. Since deploying LogRhythm SIEM, the central bank was able to shorten its threat investigation process significantly, reducing its mean time to detect (MTTD) and mean time to respond (MTTR) from weeks to mere hours.

In doing so, LogRhythm replicated such efforts for other financial institutions in the country which needed to do the same, without any additional downtime and complexity to the compliance process.

Case 2 – Central Bank in wider APAC

In another case, a central bank in Asia Pacific was establishing a security operations centre (SOC) and needed user-friendly tools to help its team get started. It chose LogRhythm as its solution provider because LogRhythm provided both security information and event management (SIEM) and security orchestration, automation, and response (SOAR) solutions within the same platform, allowing analysts to have a closed loop when handling incident management.

Leveraging LogRhythm, analysts achieved full visibility over their IT landscape via a live, user-friendly dashboard, allowing them to detect suspicious activity on the network and manage any security incidents that arise quickly.

In addition, LogRhythm also worked with the bank’s risk management unit, which implemented a risk management policy to identify, assess, monitor, and report potential operational risks relating to cybersecurity and threat management. In this case, LogRhythm helped assign controls to the central bank’s regulatory compliance framework, streamlining the compliance process.

Case 3 – Central Bank #2 in SEA

Another central bank in Southeast Asia needed an all-in-one platform that deploys SIEM, advanced user and entity behaviour analytics (UEBA), network monitoring, and security orchestration, automation, and response (SOAR) solutions altogether. They turned to LogRhythm, and combined all functions into a single pane-of-glass view for full visibility over the entire network.

By leveraging a single platform, the team easily:

  • Collects and manages log data with the SIEM function
  • Manages security incidents with the SOAR function
  • Monitors for any packet capture and collects network traffic and data that passes through their network via the network monitoring function
  • Analyses abnormal user behaviour, and use peer group analysis to understand anomalous user behaviour among peers to prevent insider threat via the advanced UEBA function
On top of that, LogRhythm worked closely with the central bank to map log data to individual controls of each risk management regulation, under its regulatory compliance framework. This simplified the regulatory compliance and reporting process greatly, allowing the central bank to instead focus its attention and resources on scaling its digital solutions and services to meet customer’s banking needs.

Taking security to the next level

The digital opportunity is ripe for the banking and financial sector. As we move forward, LogRhythm is committed to partnering with central banks in Asia Pacific and their markets to mature their security operations, and transition from compliance readiness to true security, risk-based organisations. 

The long-term goal is for all organisations to put in place formal monitoring and response processes, implement targeted automation of investigation and mitigation workflow, in addition to having consistent security operations practices.

Ultimately, central banks have the unique opportunity to lead their markets to transition to this new digital future, and it is crucial that they make the shift in a way that enforces trust and security.


About LogRhythm

LogRhythm helps security teams stop breaches by turning disconnected data and signals into trustworthy insights. From connecting the dots across diverse log and threat intelligence sources to using sophisticated machine learning that spots suspicious anomalies in network traffic and user behavior, LogRhythm accurately pinpoints cyberthreats and empowers professionals to respond with speed and efficiency.

With cloud-native and self-hosted deployment flexibility, out-of-the-box integrations, and advisory services, LogRhythm makes it easy to realize value quickly and adapt to an ever-evolving threat landscape. Together, LogRhythm and our customers confidently monitor, detect, investigate, and respond to cyberattacks. Learn more at logrhythm.com.

Explore LogRhythm Case Studies

Comments are closed.