The San Francisco Police Credit Union (SFPCU) provides a wide range of financial services to first responders, including law enforcement, fire protection, emergency medical, and other personnel who protect Bay Area citizens. A non-profit financial cooperative, SFPCU operates five branch offices plus online services to serve its 32,500 members.
Business Trigger: Compliance with GLBA and NCUA
Like other credit unions, the SFPCU has to comply with Gramm-Leach-Bliley Act (GLBA) financial privacy regulations and National Credit Union Association (NCUA) guidelines, including Part 748 guidelines for safeguarding and preventing unauthorized access to member information. SFPCU internal audits identified the crucial need for a security information and event management (SIEM) system.
“In the beginning, we were looking specifically for log management systems,” explains Victor To, SFPCU Director of Network Security. “We looked at a number of solutions and then our partner, Dataway, recommended McAfee Enterprise Security Manager. The monitoring, correlation, alerting, and reporting capabilities met all of our internal auditors’ requirements.”
Solution Focus: Partners in Security Management with Dataway and McAfee
SFPCU is partnered with Dataway, a global managed services provider specializing in network security services and headquartered in San Francisco, California. Dataway implemented and manages SFPCU’s McAfee Enterprise Security Manager via Dataway’s San Francisco Network Operations Center. McAfee Enterprise Security Manager consolidates, correlates, and prioritizes approximately 1,000 security events per second generated from approximately 350 devices, spanning firewalls, routers, severs, and other network devices, which are all part of SFPCU’s network. McAfee Enterprise Security Manager calculates baseline activity for all aggregated information across SFPCU—in real time—and alerts Dataway of potential issues before they occur. At the same time, McAfee Enterprise Security manager analyzes that data for patterns that could indicate a larger threat. It also enables Dataway security professionals to refine policies for SFPCU over time as knowledge is accumulated, and as annual audits require.
McAfee is the only vendor that Dataway turns to when their customers need security management.
“We partner with McAfee because it has the best security management solutions in the market, hands down,” explains Jason Lawrence, Dataway Sr. Network Security Advisor. “The speed of the system and the fact that it was built from the ground up to make intelligent, real-time correlations sets it apart from other solutions. It has proven its worth to us and our clients.”
Dataway’s expertise also played a role in the Credit Union’s decision to go with a SIEM solution. “SFPCU, like most credit unions, just doesn’t have the manpower to oversee and continuously finetune security management at this level ourselves,” notes Mr. To. “Dataway is much more than a reseller. We consider Dataway an extension of our own security management team.”
“We looked at a number of solutions and then we discovered McAfee Enterprise Security Manager. The monitoring, correlation, alerting, and reporting capabilities met all of our internal auditors’ requirements.”Victor To,
Director of Network Security,
San Francisco Police Credit Union
Business Results: Passing Compliance Audits with Ease
Before fully implementing the SIEM solution, passing the annual GLBA and NCUA audits was a painful, time-consuming process for SFPCU, in large part because SFPCU had no easy way to monitor access to member information or alert administrators to unauthorized access. Easy-to-use customized and prebuilt dashboards and reports accessed from a single McAfee Enterprise Security Manager screen greatly facilitate SFPCU’s compliance audits as well as improve response time.
“Detailed reports, audit trails, and the ability to drill down from the dashboard help us interpret the data faster, so we can take appropriate action immediately,” explains To. “We run automated reports regularly, but we also create ad hoc reports as needed.”
For example, at an auditor’s request, a Dataway administrator can run a report showing all failed login attempts across multiple systems, or all systems that have had login attempts from multiple sources.
“We have been very pleased with our McAfee security management solution, managed by Dataway, and we expect to do even more with it in the future, such as enterprise security manager for virtual desktop infrastructure as well as endpoints,” concludes To. “It provides true, realtime situational awareness that helps us identify critical threats, respond appropriately, and comply with regulations as they evolve. Our organization supports first responders. McAfee and Dataway are our security first responders.”
San Francisco-based credit union for the Bay Area’s First Responders.
Approximately 350 network devices across five branch offices, managed by service provider Dataway.
Dataway, San Francisco, CA