Mandating Robust Attack Detection, Response, and Recovery

The cybersecurity guidelines issued by the Reserve Bank of India (RBI) in 2016 serve as a stark reminder of the need for robust cyber threat detection and response. Although the RBI released extensive IT security guidelines in 2011, it felt compelled to update its guidance with the “Cyber Security Framework in Banks” (CSF) five years later, because the original advisory didn’t sufficiently address the need for post-breach capabilities. Since we at Acalvio are all about “post-breach”, it’s great to see the central bank for such a large country take a leadership role in mandating effective response capabilities.

Let’s look at the Cyber Security Framework at a high level. The core goal of the CSF is to compel banks to establish adequate capabilities to reliably detect, respond to, and contain threats that have penetrated their defenses. This is clear from the three main sections (annexes) of the CSF:

  1. Baseline security controls, including
    • Real time monitoring
    • Anomalous behavior detection
    • Core controls: configuration management, patching, access control etc.
  2. Establishing a Cyber Security Operation Centre
    • It is important to note that the SOC guidelines specifically call out the use of honeypot services. This is one of the very few specifications of a particular technology by the framework, which speaks to the clear value of honeypot solutions in detecting and responding to advanced threats.
  3. Establishing an Incident Response plan and supporting program
    • The IR plan includes a Cyber Crisis Management Plan (CCMP) which should address incident Detection, Response, Recovery and Containment.
    • Incident Notification: Banks must promptly notify the RBI of all “unusual” cyber-security incidents whether successful or not. The notification can take no more than 6 hours, which means that detection and analysis much take place extremely quickly.
“The systems that NEED to be put in place as a part of the Cyber SoC requires the following aspects to be addressed….Counter response and Honeypot services”
Cyber Security Framework in Banks, RBI, 2016

Acalvio Support for RBI Cyber Security Guidelines

Acalvio’s ShadowPlex solution effectively supports the goals of the Reserve Bank of India Cyber Security Guidelines. Acalvio delivers

  • Fast and accurate event detection, including advanced honeypot services
  • Adversary engagement and forensics
  • Threat response to retard attack propagation

We have carefully reviewed the requirements of the Guidelines, our whitepaper enumerates Acalvio’s support for the RBI CSF controls with extensive detail for each control. It must also be noted that what separates Acalvio from all other detection solutions is operational efficiency at scale. Banks do not have unlimited budgets for implementing cyber security, and the more efficiently they can deploy funds, the more effectively they can build a robust defensive architecture.

Take a look at the whitepaper for the details, or go to the original document from the Reserve Bank of India for the broader picture.