Wall Street soon will unveil its next line of defense against hackers.
A group backed by the biggest banks plans early next month to launch a platform that would allow financial firms to communicate faster about potential cyber breaches, according to remarks to be made at an Internet-security conference Tuesday.
The product — called Soltra Edge — is being rolled out on the heels of one of the largest cybersecurity scares to hit the banking industry in recent memory. Over the summer, unknown hackers accessed contact information for 76 million households and seven million small businesses that have been customers of J.P. Morgan Chase & Co., though the company said no sensitive passwords or Social Security numbers were taken.
The Soltra Edge platform is part of a broader set of tools the industry is using to try to fight hackers. J.P. Morgan Chairman and CEO James Dimon recently said the bank would double spending on cybersecurity in coming years, and Bank of America Corp. Chairman and CEO Brian Moynihan also said that his bank has doubled or tripled its own spending on the issue over the past five years.
The Soltra product also shows how banks increasingly have been sharing information that they once held close to the vest.
“Most firms realized that when they were fighting independently, the bad guys were picking them off one at a time,” said Mark Clancy, who heads Soltra, the partnership between the Financial Services Information Sharing Analysis Center and the Depository Trust & Clearing Corp., that is running Soltra Edge.
While the Soltra platform has been in the works for more than a year, the exact timing of the launch — Dec. 2 — hasn’t been reported previously. Talks initially began after a wave of distributed denial-of-service attacks launched against the U.S. financial industry in the second half of 2012.
“Everyone banded together” after those attacks, said Bill Nelson, chief executive of FS-ISAC, the financial-sector group behind Soltra. “It illustrated how effective information-sharing can be.”
Joining with DTCC, which clears and settles securities trades, FS-ISAC drew funding from 16 banks including J.P. Morgan, Citigroup Inc., U.S. Bancorp and BB&T Corp., to help lead the effort.
Soltra’s goal is essentially to shave precious time off of a bank’s response when they see worrisome Internet traffic that could come from a hacker.
A Soltra spokeswoman said the overall response time could be reduced to a few seconds from an average of seven hours when a bank analyst has to chase down threat information, such as suspicious IP addresses and forms of malware.
The increased collaboration among banks was made possible in part by the anonymity that industry organizations like FS-ISAC provide to the various banks that contribute information.
“Defending against today’s cyber threats and attacks often takes more than any one organization,” said BB&T chairman and chief executive Kelly King in a statement expected Tuesday.
Over the years, information-sharing has surged from “a trickle to a torrent,” Mr. Clancy said. Submissions to FS-ISAC about potential cyber threats have increased to 575 a month from only five a decade ago.
The amount of threat data held by FS-ISAC’s cyberthreat repository has multiplied to 12 million indicators as of Oct. 1, a fivefold increase from a year ago.
In the days following the first reports of the J.P. Morgan hack, many financial firms turned to FS-ISAC, which received 11 suspect I.P. addresses from J.P. Morgan after the breach and anonymously distributed them to the group, people familiar with the matter have said. A pilot version of Soltra was used in spreading the information, according to one of the people.
FROM THE WALL STREET JOURNAL 11/4/14
By Daniel Huang
Emily Glazer contributed to this article.
- 11 Nov, 2014
- Posted by admin
- 0 Comments