USM platform includes fi ve essential security capabilities, including asset discovery, vulnerability assessment, intrusion detection, behavioral monitoring and security information and event management, and is powered by threat intelligence from AlienVault Labs and its Open Th reat Exchange. OTX is an open-threat intelligence community that allows Ephrata National Bank’s IT security team to collaborate with and act on threat intelligence shared by members of the community. As a result, the bank is able to remain vigilant against known forms of malware, and can eff ectively detect, analyze and re-spond to threats in their environment. “AlienVault USM has so much functionality built in with re-ports and alerts that are ready to use,” says Information Security Offi cer Tim Doty. “Other SIEM devices require a dedicated person to run them, but it takes only a couple of hours a week to monitor my network with AlienVault. It’s just so much more useful out of the box.” After understanding what threat phishing emails were, Doty developed a training program for bank employees that sent out mock phishing emails to help them spot phishing attacks. At fi rst, he was able to trick approximately 25 percent of his own employees into turning over their user credentials; however, now that they know what to look for, that percentage has dropped to zero. Additionally, to fend off malvertising, Doty blocks all ad-vertising on employee computers, and if one ever gets infected, he wipes the entire machine. Another regional bank facing similar challenges is Community State Bank in Lamar, Colo. Th is bank protects its systems with an IT security team of just two people. As a frequent target of phishing emails to bank employees, the Community State Bank has found that uninformed employees are the biggest threat to its security. In order to properly monitor and defend its networks, and to aid in its compliance eff orts, the bank turned to AlienVault for its security informa-tion and event management solution. With AlienVault, the team of two at Community State Bank is able to correlate security events, analyze threats, detect in-truders, test for vulnerabilities on its web and mobile sites and much more. Furthermore, the bank’s Information Technology and Security Offi cer Kirk Crespin conducts quarterly trainings for employees on diff erent aspects of security to keep them aware of the latest threats. In addition to helping banks achieve FDIC and FFIEC com-pliance, AlienVault USM provides hundreds of built-in com-pliance reports for managing PCI-DSS, ISO, SOX, HIPAA, GLBA, NERC CIP and GPG13 programs. Th ese reports are automatically updated as asset and vulnerability assessment data changes, allowing small banks to quickly customize them based on their own compliance priorities. Due to the tremendous opportunity for theft, malicious hackers will continue to target members of the fi nancial services industry. All banks, regardless of size, are poten-tial targets. But because large banks may have the security infrastructure to fend off these hackers, smaller banks, often with limited staff and resources, are more entic-ing targets. Consequently, regional banks must consider adding aff ordable, integrated security tools that can make their teams more eff ective and help them better defend their organizations from today’s advanced cyberattacks. Jake Mosher is senior product marketing manager at AlienVault. For more information, visit www.alienvault.com. COMPLIANCE MATTERS: REGULATORY HIGHLIGHTS FOR THE BOARD BY KRIS STEWART S erving on the board of directors for a fi nancial institu-tion can be a rewarding responsibility. Today, with the speed of change in technology and the ever-increasing regulatory requirements, a director’s role in oversight and governance as a member of the board has never been more critical. When board members and executive leadership fail in their governance function, it can have far-reaching conse-quences for the institution. Staying informed about the in-dustry is critical. Board members, motivated to fulfi ll these demanding responsibilities, must stay abreast of the evolving regulatory requirements. NEXT MONTH: Make Your Website Work Strategic Planning Regulators examine a fi nancial institution’s compliance man-agement system to help ensure that the organization is operat-ing safely and compliantly. Board member training is a critical element of a well-run compliance management system. Th e Consumer Financial Protection Bureau makes this point in the “CFPB Supervision and Examination Manual”: Education of an entity’s board of directors, management, and staff is essential to maintaining an eff ective compliance pro-gram. Board members should receive suffi cient information to enable them to understand the entity’s responsibilities and the commensurate resource requirements. A fi nancial institution’s compliance offi cer will design the institutional-specifi c training for the board; given the pace of change in the industry, directors should be proactive in seeking an understanding of the changes coming. Here’s a preview of a few of the regulatory activities that directors should be aware of as they help chart the course for their institutions: CFPB’s rulemaking agenda and “Supervisory Highlights” : Directors should be knowledgeable of the CFPB’s rule-making agenda, which the agency publishes twice a year.