MMBS Case Study

Citadel secure Melton network

The Melton Building Society is based in Melton Mowbray, Leicestershire. Established in 1875, the Society provides mortgage & savings products, and has over 40,000 members.

The Melton has always understood the importance of keeping its client’s details safe and prioritises their data and cyber security both on and offline.

The rapid advancements in technology over recent years has changed the way the Melton operates, this, alongside the growth in the number of services offered to customers and internally to staff, are just some of the factors that have increased the size of its networks and made them much more complex.

Why Was Citadel Needed?

Mindful of the complexity of their network, the Society conducted an internal penetration test to assess how well their network security measures coped against internal attacks through their entry points. The results revealed that, while well protected, under certain circumstances, a  number of potential elements posed a possible security risk. The issues that were identified, although resolvable, could easily return and instead of having to rely on a 24 X 7 programme of ‘patching’ problems as they appear, the Society decided to look at their network security from a different angle to see how they could address issues with a long-term, continuous solution.

“Citadels mission was to help the Melton Mowbray Building Society understand the noise in their network”

What Was Implemented?

Citadels job was to set up a system which worked as CCTV inside the Melton network, watching for malware and unusual events. Using a next generation approach  a structure was implemented to monitor all activity on the network with specific focus on potentially vulnerable points and manage the large amount of activity running through the whole network. Part of our task was to make sense of the activity and events occurring in an easy to understand manner for both the IT department and other key decision makers within the building society.

Protect and Defend

Citadel worked with the team at the Melton to implement a strategy to cover all bases of both their internal and external security.

With the assistance of SonicWALL SuperMassive, Citadel configured all components in line with the strategy. Using two separate devices, Citadel configured the appliances to sit in the head office and segregate the network into ‘zones’ to control the local and departments and distributed sites in finer detail.

Having two SuperMassive firewalls gave the Melton the precise view of their network that was required. From here Citadel organised the structure of the hardware to use next-generation software to defend the internal perimeter as well as the external.

Implementing specific controls on the firewalls gave the Melton improved visibility on activity within the network on both traffic and applications.

The controls included particular monitors that detect and protect potential vulnerable points in the network including servers and high value hardware.

Host intrusion detection was added to the system to probe for any software or files not belonging within the network.

To support the detection system and network controls, a specialised management platform was integrated to provide the network administrators a unified and secure program. The global management allows for administrative, troubleshooting and policy management adjustments across all appliances on the Melton’s network, freeing up time the IT team would have usually spent in administering each device separately.

Application traffic coming through multiple firewalls

Understanding the Noise

The growing and increasingly complex network meant the Melton needed something to make sense of the huge amount of data generated from the security systems. On average, attackers can stay dormant within a corporate network for 200 days due to missed signs from security devices and often human error, and more complicated networks only increases the time to detection.

With thousands of events recorded per day, the data generated from the security devices would be far too much for anyone to keep track of and therefore the potential to miss. Operational intelligence was needed to accumulate the data and generate reports automatically.

With thousands of processes taking place every minute, an efficient reporting system was just as important to Melton’s network security as the new security features themselves.

Operational Intelligence

To meet these demands, Citadel came up with a selection of next-generation alerting and reporting systems specifically designed for big data. With Melton’s sophisticated network, they specified a programme and solution which was bespoke rather than an off a shelf product.

The solution provided by Citadel was Splunk, a sophisticated program to analyse and inform on network generated data. The program was configured to analyse all traffic and activity on all the hardware within the Melton’s network and make sense of the events.

Summery dash board showing hours, amount of traffic (GB), unique application, threats block and users.

Having the ability to call on big data analytics was just the first purpose for Splunk. Citadel implemented an action plan for the program with an alerting system for key contacts on the Melton’s network.

The advanced plan alerts designated staff from the IT department as well as key decision making at the Melton, as well as the team over at Citadel.  Alerts are based on specified criteria, to determine the most appropriate group of individuals to alert.

The use of Splunk within the Melton has freed up time spent by the IT department as well as providing more accurate results. The program acts as a watchful eye over the entire network, reporting on unusual activity.   By analysing the data in real time, Splunk is able to determine the scale of the risk, and mitigate false positive alerting.

List of real-time and escalated events

The Finished Product

The increase in global cyber threats over the past few years has seen the IT department at the Melton move from IT support role, to encompass much more responsibility in the form on cyber security. With an ever growing network and workload, Citadels work was essentially to make the network more secure but at the same time easier to manage.

By implementing next-generating technology in the form of internal firewalls and operational intelligence, the Melton can now sleep easy knowing their machines and systems are well protected. Every attempted breach of the network, will alert the IT department within minutes.