Alvin Mills

Alvin Mills
VP of Information, Technology & Security

Taking TB-ISAO to the next level

Texas Bankers Information Sharing and Analysis Organization adds IACInet member benefit

The value and benefits our members receive from [the IACInet] partnership are truly remarkable.”

global network mapWhat a wonderful journey it’s been for me since I started with TBA back in early 2019. It’s not often we get to build our “field of dreams,” but I suppose I was in the right place at the time. I was fortunate to meet a handful of community bankers early on who pointed me in the right direction. It also helped that I had previously served as CISO for a large wholesale lending bank and spent 30 years of my career in cybersecurity. I knew early on the challenges my peers in cyber and IT were facing, and was determined to help in any way possible.

Challenge: Threat intelligence

One of the earliest challenges was getting the right threat intelligence to our community bankers in a timely and effective manner so they could take action on that intelligence. That may sound a little cliché, and it is. TBA’s CEO, Chris Furlow, had really set the wheels in motion by signing an agreement with TruStar before I was hired. Back then, TruStar was “it” when it came to threat intelligence. Furlow and I looked at it and asked, “Now that we have it, how do we get it into the hands of our bankers?”

We had several conversations with some large, global information sharing organizations that wanted to expand their membership at the time, but we wanted to build something exclusive for our community banks in Texas. We also agreed that there shouldn’t be additional costs for community banks to use TruStar. Since then, Splunk purchased TruStar and we continue to utilize their community portal at no additional cost to our banking community. We currently have 291 users and 110 banks participating in Splunk/TruStar. Simply put, it’s a threat intelligence portal that allows our banks to get all the intel they need to take action, such as blocking indicators of compromise.

Challenge: Communication and collaboration

Another big challenge was giving the banks a way to communicate and collaborate within the Texas banking community outside of emails on cybersecurity topics and other information. It really wasn’t an issue getting the information, but it was the volume and the tsunami of emails coming from all over the place. One time I counted that I was getting information from 19 different sources — and a lot of it was duplication. So, we set up a Slack group that has grown to over 380 community bankers engaged daily in sharing information on cybersecurity, technology fraud and service providers. It has grown so much in popularity that other teams at TBA are using Slack as a way to communicate with bankers in other areas outside of cybersecurity and IT.

We have a very close-knit group of bankers facing the same cyber threats and risks, and it’s very evident through our peer-to-peer collaboration portal (Slack) that they all want to help each other address these risks.

Putting it all together: IACInet

Another key component that we added is IACINet (malware information sharing platform). This launched our ISAO to the next level. The value and benefits our members receive from this partnership are truly remarkable. It is another great example of how all these technology and information-sharing platforms work together to address risks occurring at our community banks.

Many banks reported a particular phishing scam that appeared to spoof bank email addresses. That information was reported into our Slack channel, which was then reported into our Splunk/TruStar platform and then submitted to IACINet for deep analysis. Within hours, our community banks had information that they could then act on to prevent the security event from occurring in their own environments.

Utilizing IACINet, our community banks get:

  • Global security threat intel and defensive measures information sharing Actionable Intelligence “engine.”
  • Daily security situational awareness advisories, alerts and reports, vulnerability reports, cognitive security advisories and cyber legislation, law and regulatory compliance advisories and reports.
  • Daily Intelligence Metrics Report — Files processed, hacking alerts processed, potential stolen credit cards observed, credential pairs observed, dark websites observed, encrypted file transfers observed and paste malware files observed.
  • Email Domain Monitoring Report — Email domain monitoring for IACI collaborative partners.
  • High-Confidence Dynamic Malicious IP Blocklists (Adversaries Malicious Activities) — 24/7 access generated by IACI sensors, IACI collaborative partners (member shares), OSNIT and CSING intelligence collection current active IPs, inactive IPs, IPs by geo-type/country, research organizations, Amazon and Google (malware IP scans), top active offenders (> 500 attempts) and daily metrics report.
  • Credential Pair and Keyword Monitoring — Monitoring thousands of open-source (OSINT) and closed-source (CSINT) sources.
  • Proactive ransomware detection and monitoring service.
  • Proactive Intelligence Cyber Defense Automated Service — Creates blocklists to help defend against many of the most prevalent types of ransomware.
  • Fraud Detection and Monitoring — IACI infiltration of fraud communities (identify and alert). Primarily used by IACI financial services collaborative partners.
  • Utilized IACI Analyst Ability to Infiltrate Fraud Communities — Watch fraud actors trade credit card details as well as other information that helps facilitate fraud markets. Using a BIN or hashed value of a credit card, the IACI fraud system alerts immediately if seen and provides contextual information about the fraud actor such as how much fraud was observed, potential card loss, etc.
  • 24/7 accessible web-based tools — Email domain monitoring report, pastebin mirror, BIN/IIN search, hash value checker, IP blacklist checker, hostname to IP address, IP address to hostname, MEGZ.NZ identification and metadata tool.
  • Security Resilience Library/Repository — Single point-of-access to intel, best practices, white papers and project documentation.
  • Cyber Exercises — Participation opportunities and support (design, development and facilitation).
  • IACI Intel Investigative Analysts — Threat hunting/monitoring, analysis of dark web sources and suspected bad actors, analysis of member-provided suspected malicious IP addresses and potentially malicious emails, malware code, log files, script development (connectivity to, and enrichment of, shared information data with IACI’s resources and data sets).
  • Discounted Security Services — From IACI strategic partner members.

It’s hard to believe sometimes how this has all worked out and we continue to onboard banks all the time. If your community bank would like to receive more information on our cybersecurity services, please don’t hesitate to reach out to me at [email protected] and feel free to visit our ISAO at texasbankers.com/tbisao.

Biz2X ad