FFIEC

The Federal Financial Institutions Examination Council (FFIEC) requires that financial institutions implement an ongoing security process and institute appropriate governance for the security function, assigning clear and appropriate roles and responsibilities to the board of directors, management, and employees.

Financial institutions must maintain an ongoing information security risk assessment program that effectively:

  • Gathers data regarding the information and technology assets of the organization, threats to those assets, vulnerabilities, existing security controls and processes, and the current security standards and requirements
  • Analyzes the probability and impact associated with the known threats and vulnerabilities to their assets
  • Prioritizes the risks present due to threats and vulnerabilities to determine the appropriate level of training, controls, and assurance necessary for effective mitigation

A strategy should be developed that defines control objectives & establishes an implementation plan. Security strategies should include:

  • Appropriate consideration of prevention, detection, and response mechanisms
  • Implementation of the least permissions and least privileges concepts
  • Layered controls that establish multiple control points between threats and organization assets
  • Policies that guide officers and employees in implementing the security program

AS YOU STRIVE TO ACHIEVE, EXCEED AND MAINTAIN FFIEC GUIDELINES, YOU’RE LIKELY CONSIDERING THE FOLLOWING SOLUTIONS:

Managed Detection & Response

Managed Detection & Response

Our security operations analysts monitor, investigate, and disrupt advanced threats in real time inside the perimeter – across your DNS and Active Directory servers, security devices, endpoints, and email servers.

Vulnerability Management

Vulnerability Management

We use the latest threat-led intelligence, best practices, and leading technologies to scan, detect, and remediate vulnerabilities in your environment – before they can be exploited.

Managed Endpoint Detection & Response

Managed Endpoint Detection & Response

More endpoints mean more threats. Our Managed EDR delivers visibility supported by machine learning and automation to prevent, detect, and remediate known and unknown threats at your endpoints.

Email Protection Services

Email Protection Services

Defend critical business communications against today’s sophisticated payloads and social engineering attacks with our integrated suite of services.

Security Device Management

Security Device Management

Our leading-edge Security Device Management delivers critical functionality to strengthen the defense of users and digital assets in a modern, perimeterless world.

2B MANAGED EDR – WE’VE GOT YOU COVERED

  • Unified Prevention, Detection, and Response

    A single, purpose-built endpoint agent is powered by machine learning and automation.

  • Protection Across Major Attack Vectors

    Our SOC teams detect and respond to attacks across all major vectors, rapidly eliminating threats with fully automated, policy-driven response and rollback capabilities.

  • Broad Visibility in Real Time

    We have complete visibility into your endpoint security environment with full-context and real-time forensics.

  • OS Support

    Our Managed EDR supports Windows, Mac OS, and most Linux platforms with on endpoint agents operating at machine speed.

  • Context

    Manual effort is reduced by automatically stringing together related EDR incidents to create an attack storyline.

MEET YOUR OBLIGATIONS

Discover how 2B can help you meet and maintain your FFIEC Guidelines