BTech 451

An Implementation of Behaviour Profiling and Threat Detection in a SIEM Platform

Through the centralised SIEM (Security Information and Event Management) platform, ASB is collecting and storing a high volume and variety of information assets – system and security logs. Given the ever increasing sophistication of cyber-attacks, such as that seen with Carbanak, ASB is keen to explore and develop new forms of processing these assets to develop and enhance our security intelligence. This is expected to provide for informed and accurate information security decision making and investment, threat discovery and process optimisation practices. Through these practices ASB is looking to strengthen its security posture through, for example, revealing user relationships, dependencies and behaviours that can be profiled and monitored to provide early indicators of a potential advanced cyber-attack or identify that an event of concern has occurred.

ASB Bank

ASB Bank was first established in 1847, known at the time as Auckland Savings Bank and is now owned by Commonwealth Bank of Australia. ASB provides a range of financial services such as retail, rural and business banking, as well insurance services through its subsidiary Sovereign and investment and securities services through ASB Securities. ASB employs over 5,000 people across New Zealand and is considered a leader in technology innovation. The bank has had success by being the first to introduce innovative services and features to the people of New Zealand, including:


  • 1997 - Internet banking
  • 1998 - Open branches seven days a week
  • 1999 - Online share trading on both New Zealand and Australian markets
  • 1999 - Mobile banking via ASB Mobile

  • 2003 – Ability for customers to opt-out of paper statements
  • 2003 – Introduce 2-factor authentication for Internet Banking (NetCode)
  • 2006 – PDA and browser based banking
  • 2012 – ASB payments via Facebook (iOS, Android and Windows phone)
  • 2012 – Dedicated retail App

    • ASB also employs a full-time information security team as well as a full time operational security team. In my time at ASB thus far, I have had the opportunity to work with and learn from members of these teams in order to achieve the objectives of this project.

    Resources

    Date Description
    22 April Introductory Seminar Slides
    20 July Mid-Year Seminar Slides
    8 June Mid-Year Report
    27 October Final Seminar Slides
    27 October Final Report

    Log

    Date Description
    Semester 1 Progress Log
    Semester 2 Progress Log

    People

    • Aniket Mahanti
    • Academic Mentor

      University of Auckland

      Senior Lecturer

      a.mahanti@auckland.ac.nz

    • Ryan Cotterell
    • Industry Mentor

      ASB Bank

      Head of Information Security

      ryan.cotterell@asb.co.nz

    • Malcolm Allen
    • Industry Mentor

      ASB Bank

      Information Security Consultant

      malcolm.allen@asb.co.nz

    • Dr Sathiamoorthy Manoharan
    • BTech Co-ordinator

      University of Auckland

      Senior Lecturer

      mano@auckland.ac.nz