Professional Documents
Culture Documents
White Paper
www.cyberbit.com | sales@cyberbit.com
Table Of Contents
The Reserve Bank of India (RBI), has provided guidelines on Information Security, Electronic Banking, Technology Risk
Management and Cyber Frauds. The guideline is intended to facilitate proactive response and management of cyber incidents.
1
The Future of Bank Risk Management”, McKinsey & Company, July 2016
3 | How Can Indian Banks Comply with RBI Cybersecurity Guidelines | www.cyberbit.com
The RBI Guidelines
Overview
Following the announcement in the April 2010 Monetary Policy Statement, a working committee was constituted to change
the measures and outlook from static to a much more proactive and cyber aware approach by modifying policies and
procedures with the current trends. The guidelines provided by Reserve Bank of India focus on speeding implementation of new
developments and emerging concerns in cyber security.
There are several types of risks that must be considered, such as; operational risk, infrastructure risk, data loss or design risk
before adoption, alignment with business and regulatory requirements, methods of delivery, organizational culture and internal
and external threats. Based on these parameters, each technology is assigned a risk level (low, medium, high or very high) in
terms of adoption and usage.
“Empowering SOC involves integrating various log types and logging options into SIEM; ticket management, workflow
and case management, big data repository for natural search, integration of various threat intel and security tools, and
customization based on risk and compliance requirements of a financial institution as per the RBI guidelines.”
Cyber Security Framework in Banks, Reserve Bank of India
4 | How Can Indian Banks Comply with RBI Cybersecurity Guidelines | www.cyberbit.com
The sequence of tasks performed by SOC personnel may vary per incident when implemented by humans, but a defined
workflow for an incident category will always be consistent. Hence, incident response should be automated, either partially or
fully, according the RBI guidelines. At the same time, the cybersecurity skill shortage has fuelled the exploration of simple yet
effective tools that can be used by less experienced SOC personnel. Well-defined automation of repetitive tasks is the best way
to reduce SOC workload.
“It should be realized that managing cyber risk requires the commitment of the entire organization to create a cyber-safe
environment.”
It is also observed, that if you ask SOC personnel about a threat such as SQL injection or ransomware, he/she may be able to
define it by name and nomenclature, but when it comes to explaining micro actions of a threat, there is a lack of familiarity and
detailed knowledge necessary to effectively respond to a cyber threat or incident. This information gap helps the attackers gain
enough of a time advantage to achieve their malicious goals.
Financial sectors can improve their level of preparedness and ability to defeat the adversary by using real simulated trainings
over different attack vectors. Simulation training allows SOC personnel to quickly improve both knowledge and hands-on skills
so that when things get chaotic, they are ready to respond the moment as a live cyber-threat gains foothold in the environment.
At the same time, awareness and knowledge should be inculcated about cyber-attacks, threat vectors and do’s and don’ts of
cyber awareness with the top management and board to keep them on the same page of all nuances and familiarize them for fair
degree of cognizance.
5 | How Can Indian Banks Comply with RBI Cybersecurity Guidelines | www.cyberbit.com
The Cyberbit Cybersecurity Portfolio
SOC 3D Orchestration and Automation
SOC 3D is a security orchestration, automation, and response (SOAR) platform, which enables information security
organizations in to automate and orchestrate the entire incident response lifecycle, reducing time to response by 90% and
tripling the efficiency of the security operation. SOC 3D integrates all sensors, data feeds and tools in the SOC, to create a
single point of control for security operations in financial institutions. SOC 3D provides advanced investigation, reporting and
customized dashboards powered by big data for forensic analysis and reporting.
6 | How Can Indian Banks Comply with RBI Cybersecurity Guidelines | www.cyberbit.com
Cyberbit Endpoint Detection and Response
Cyberbit Endpoint Detection and Response is a detection and response platform made for and used by critical government
infrastructure and defence organizations. Cyberbit EDR solves the most pressing security challenges of detecting unknown and
advanced threats.
Cyberbit EDR - Visualize the entire attack timeline to investigate incidents and get to their root cause within minutes
7 | How Can Indian Banks Comply with RBI Cybersecurity Guidelines | www.cyberbit.com
Cybersecurity for Data Center Control Systems
Financial organizations often employ ICS/SCADA control systems, which provide digital control of physical devices. For example:
to control air conditioning, electricity, elevators and more. These systems have become prime targets for cyber threat actors. For
example: a cyber attacker can easily tamper with air conditioning control systems, increase the temperature in the organization’s
data center and take it out of service. Traditional IT systems are challenged in protecting these environments as they use unique
devices and communication protocols. Cyberbit’s SCADAShield platform helps financial organizations address this new challenge
by monitoring control system network and detecting threats and configuration risks. SCADAShield integrates with other Cyberbit
systems to provide consolidated detection and response across all environments.
SCADAShield - real-time network visualization: device mapping, communication protocols, IT/OT touch-points, and risks
8 | How Can Indian Banks Comply with RBI Cybersecurity Guidelines | www.cyberbit.com
Cyberbit Range
Cyberbit Range is a training and simulation platform that increases security team efficiency and addresses the talent shortage gap
by actively training security teams in simulated attack scenarios. The training involves identifying an issue, spread of an attack,
finding footprints and collaborative effort of resolution and remediation. Controlled through a guided User Interface gives the SOC
instructor the ability to gauge and find pitfalls in skills of a SOC personnel undergoing training.
9 | How Can Indian Banks Comply with RBI Cybersecurity Guidelines | www.cyberbit.com
Achieving Compliance to the RBI Guidelines
Cyberbit understands the challenges of banks and financial organizations and has developed a unified cybersecurity platform
focused on strenghtening the core aspects of a cyber resilience framework and fulfiling RBI guidelines. The following table
highlights key RBI guidelines and how Cyberbit’s products organizations address them:
11 A Cyber Crisis Management Plan (CCMP) should be immediately Cyberbit EDR is built to provide detection of zero day, unknown
evolved and should be a part of the overall Board approved and targeted attacks and responding to these threats post
12 strategy. CCMP should address the following four aspects: (i) detection for achieving recovery and containment.
Detection (ii) Response (iii) Recovery and (iv) Containment. Banks
are expected to be well prepared to face emerging cyber-threats
such as ‘zero-day’ attacks, remote access threats, and targeted
attacks.
17 It should be realized that managing cyber risk requires the Cyberbit Range is a training and simulation platform that
commitment of the entire organization to create a cyber-safe trains security teams at all levels, from junior to executive, in
environment. This will require a high-level of awareness among cyber emergency scenarios, and to gain complete awareness
staff at all levels. Top Management and Board should also have on different threats and attacks. As a result, banks can raise
a fair degree of awareness of the fine nuances of the threats awareness of an attack or threat, including at all levels of staff,
and appropriate familiarisation may be organized. executive management and the board.
Annex 1
2.1 Maintain an up-to-date and preferably centralised inventory of Whitelists can be created and maintained on Cyberbit EDR
authorised/unauthorised software(s). Consider implementing and SCADAShield, to monitor and control use of authorised or
whitelisting of authorised applications /software/libraries, etc. unauthorised software.
13.1 Build a robust defence against the installation, spread, and Serving as the last layer of defence, Cyberbit EDR detects
execution of malicious code at multiple points in the enterprise. installation, spread, and execution of malicious code through
EDR agents installed across the organization.
13.2 Implement Anti-malware, Antivirus protection including Cyberbit EDR performs behavioural analysis and machine
behavioural detection systems for all categories of devices learning on recorded information across different layers on
endpoint and servers. endpoints and servers.
16.3 Enough care is to be taken to capture audit logs pertaining to The audit maintains a trail of all actions for review and
user actions in a system. Such arrangements should facilitate examination.
forensic auditing, if need be.
10 | How Can Indian Banks Comply with RBI Cybersecurity Guidelines | www.cyberbit.com
Point Guideline Achieve Compliance
18.1 Periodically conduct vulnerability assessment and penetration Cyberbit Range supports replication of existing network in
testing exercises for all the critical systems, particularly those the virtual test bed for penetration testing exercises without
facing the internet. compromising on uptime of the actual network during testing.
23.3 Conduct targeted awareness/training for key personnel (at Cyberbit Range can be used by all members of the organization
executive, operations, security related administration/operation for cyber awareness training and practice responding to cyber
and management roles, etc.) crises.
23.3 Evaluate the awareness level periodically. Cyberbit Range stores performance metrics for all trainings
of every trainee or attendee that can be used to evaluate
improvement or downgrade of skills in past and present.
23.5 Establish a mechanism for adaptive capacity building for Cyberbit Range provides a mechanism for adaptive capacity
effective Cybersecurity Management. building. The simulated platform comes with a robust library of
scenarios and the ability to easily develop custom scenarios.
Annex 2
4 The systems that NEED to be put in place as a part of the SOC 3D provides analysis dashboards to identify root causes
Cyber SoC requires the following aspects to be addressed. and classifies each based on categories. SCADAShield
Methods to identify root cause of attacks, classify them into identifies vulnerabilities and root causes in physical control
identified categories and come out with solutions to contain networks including smart grids and air conditioning control
further attacks of similar types. systems and more.
4 Incident investigation, forensics and deep packet analysis need Cyberbit EDR provides incident investigation, forensics and
to be in place to achieve the above. treat hunting.
SOC3D automates and orchestrates the incident investigation
and provides advanced investigation dashboards.
SCADAShield provides deep packet analysis on numerous
protocols to achieve rapid and accurate detection of threats
and their cause.
4 Analytics with good dash board, showing the Geo-location of SOC 3D dashboards show geo-location information. Multiple
the IP’s dashboards are available, for example for mapping ATM
threats and Point of Sale (POS) attacks.
4 Ability to assess threat intelligence and the proactively identify/ SOC 3D and EDR can integrate with subscribed threat
visualize impact of threats on the bank intelligence as an enrichment to provide details and impacts
of a threat.
5 Integration of various log types and logging options into SIEM, SOC 3D can ingest SIEM data and additional logs in multiple
ticketing/workflow/case management, unstructured data/big formats.
data, reporting/dashboard, use cases/rule design
5 Technology for improving effectiveness and efficiency (tracking SOC 3D investigation platform provides multiple KPI
of metrics, analytics, scorecards, dashboards, etc.) dashboards for tracking SOC efficiency.
11 | How Can Indian Banks Comply with RBI Cybersecurity Guidelines | www.cyberbit.com
ABOUT CYBERBIT Ltd.
Cyberbit provides a consolidated detection and response platform that protects an organization’s entire attack surface
across IT, OT and IoT networks. Cyberbit products have been forged in the toughest environments on the globe and
include: behavioural threat detection, incident response automation and orchestration, ICS/SCADA security, and the
world’s leading cyber range. Since founded in mid-2015 Cyberbit’s products were rapidly adopted by enterprises,
governments, academic institutions and MSSPs around the world. Cyberbit is a subsidiary of Elbit Systems (NASDAQ:
ESLT) and has offices in Israel, the US, Europe, and Asia.
sales@cyberbit.com | www.cyberbit.com
APAC Office Israel Office
Temasek Avenue 22 Zarchin St. Ra’anana
Centennial Tower, #21-23 Israel 4310602
Singapore 039190 Tel: +972-9-7799800
Tel: +65.6679.5771