The Challenge
- Ensure valuable and confidential customer data is protected
- Help the lean corporate security team uphold security best practices
- Meet all regulatory and compliance requirements
The Solution
- Proofpoint Insider Threat Management
The Results
- Empowers the team to monitor activities in real time and verify risky behaviors before they happen
- Streamlines and automates investigations, enabling faster incident response
- Meets compliance requirements with secure data practices, detailed audit trails, and breach notifications
- Protects against insider threats for both the company and its customers
Its more than 300 employees include lawyers, accountants, fiduciaries, corporate administration and more. The company serves a broad base of private bankers, investment managers and financial advisors.
Given the nature of the services provided by Portcullis, it receives confidential and sensitive information about its clients and/or their businesses. This increases the company’s risk of insider threats.
The Challenge
With the increasing sophistication of cyber crime, the Portcullis team knew that it was critical to strengthen their cybersecurity program. They needed measures that both protected clients’ valuable data and tackled insider threats. To address this, the Portcullis Group of companies established Oyster Security, Pte Ltd. This new subsidiary provided cybersecurity governance and technology risk management services across the board.
Valuable data at risk
Portcullis has a large and broad client base. The company serves successful entrepreneurs, aspiring start-ups, private bankers, investment managers and financial advisors, as well as family offices. With so much valuable and confidential client data stored digitally, Portcullis needed to ensure that all of its clients were protected from risk at all times. These risks included targeted cyber attacks, and malicious or accidental compromise by employees or third parties.
A lean organization
Oyster Security is a small, ten-person IT department, but it’s tasked with a wide variety of responsibilities. The group handles technology implementation and management, data security, and compliance and corporate governance. And with such a varied and growing client base, the team must also uphold data security best practices.
Compliance requirements
Regulation and compliance are a key requirement in the financial services industry. This requires the company to client data confidentiality. And this needs to be done through secure data practices, detailed audit trails and breach notifications. What’s more, adhering to these mandatory regulations and data protection rules can be difficult to follow. Especially without robust tools to detect the earliest indicators of an insider threat.
Vincent Ang, director of IT and security, Oyster Security Pte Ltd.
The Solution
Safeguard valuable data
Proofpoint Insider Threat Management provides comprehensive visibility into user and data activities. This enables the IT team at Oyster Security to detect and prevent attacks that could otherwise put its client data in jeopardy. The team can also monitor risky user activity across privileged and highly technical users. This includes third parties that can open the organization up to potential vulnerabilities. With Insider Threat Management, the team can monitor third-party vendors and contractors with system access to:
- Detect high-risk users attempting to exfiltrate data
- Investigate with context and enable faster incident response
- Use activity replay as a deterrence and prevention tool
Run a lean and highly automated security operation
With the powerful Proofpoint platform, the IT team can monitor activities in real-time and verify any risky behaviors before they happen. It also gives them visibility across cross-functional teams. And overall, it allows the IT team to deliver a reliable and effective cybersecurity program.
Easily meet compliance and governance
With Proofpoint, regulators and senior management can get the assurance they need that Portcullis is meeting a range of compliance and governance regulations. Now they can successfully preserve data confidentiality and implement protective measures. They easily produce audit trails. And they have all the tools they need to manage insider threats.
The Results
The big win for Portcullis is the ability to detect insider threats that would otherwise go unnoticed. Insider Threat Management empowers the team to rapidly investigate and respond. This means incidents can be stopped in the earliest stages.
Oyster Security gains a powerful, easy-to-configure platform. It has a lightweight, intuitive user-mode agent. It also provides comprehensive alert rules with playback. These features allow them to streamline their incident investigations.
“We chose Proofpoint because it is easy to configure and intuitive to use,” said Vincent Ang, director of IT and security, Oyster Security. “What’s more, the comprehensive alert rules with playback enable us to stream and complete our incident investigations faster.”
With Proofpoint, Portcullis and Oyster Security can be confident in their ability to identify and prevent insider threats. They can now streamline investigations and maintain compliance and governance regulations. And they can serve as a trusted advisor, protecting both their business and those of their valued clients.