Cybersecurity in Banking:
Managed Cybersecurity Detection

Banks rely on onShore Security to protect their networks and to provide other cybersecurity services by taking advantage of Panoptic Cyberdefense®: our comprehensive suite of managed security services.

Depending on the extent of your cybersecurity needs, you can choose the right level of Panoptic Cyberdefence for your bank.

Banking compliance officers will especially appreciate the new addition of continuous Compliance Violation Detection as part of Panoptic Cyberdefense, which provides 24/7 vigilance instead of just a once-a-year vulnerability scan.

Security Is a Process, Not a Product

If software and hardware could prevent every security threat, there would be no intrusions, hacking, malware, or ransomware – yet there is news about new attacks almost daily. Why?

Security is a process, not a product. The most effective cybersecurity operations require 24/7 monitoring with a Security Operations Center (SOC), separation of true security threats and information from the benign, and immediate response. That’s why onShore has developed the Panoptic Cyberdefense suite of managed security services, now available for banks at three levels.

Built Upon a Long History

Built in 2004 by some of the most experienced cybersecurity professionals in the industry (protecting public ISP networks since 2000), Panoptic Cyberdefense maximizes visibility throughout your network, providing you with the strongest possible system of defense.

Panoptic Cyberdefense is built on the powerful big data solution, ELK Stack (Elasticsearch, Logstash, Kibana). ELK Stack’s flexible data analysis toolset provides onShore security analysts with sophisticated visualization for faster, more efficient threat identification. It’s a more targeted approach that allows onShore to pass on the efficiency to onShore clients in the form of lower costs.

And because it’s part of the security incident and event management (SIEM) system onShore built, there are no costly SIEM licensing fees—scaling down the costs without scaling down the security.

Continuous Compliance Violation Detection

Panoptic Cyberdefense alerts you if anyone on your network violates your cybersecurity policy. Traditionally, compliance violation identification is limited to a CVE scan (offered separately by onShore) performed as part of a cybersecurity policy or compliance requirement. Panoptic Cyberdefense continuously monitors for both compliance violations and failed login attempts, meeting the stricter criteria of new compliance standards with reporting that satisfies the needs of both auditors and executives.

How Panoptic Cyberdefense Works for Banks

onShore cybersecurity experts first get to know your network—inside, at the perimeter, and in the cloud—to establish baselines and thresholds and be ready for response. Next, onShore proposes the right level of Cyberdefense for your organization.

Level 1:

Managed Detection & Response (MDR)

True threats (high value alerts) need to be separated from your network’s high volume of benign traffic, and require immediate attention. Outsourced MDR is onShore’s entry-level service that offers this peace of mind without the cost or hassle of operating a Security Incident & Event Manager (SIEM). Pricing starts at $995/mo. Learn more >

Level 2: MDR + Network Detection and Response

When you need something in addition to alerts and reporting, onShore offers the addition of NDR along with a dedicated cybersecurity expert that proactively hunts for early signs of threats and quickly takes aggressive action to mitigate them.

onShore Security's MDR+NDR service is the most advanced form of detection service available today, operated by one of the most experienced cybersecurity teams in the country. Your dedicated onShore MDR cybersecurity expert gets to know the entirety of your network, monitors the edge, lateral network movement, and everything in between – whether you're on the onShore platform, which was built to satisfy the security needs of banks, or your own platform. More >

Level 3: Security Orchestration

Getting a complete picture of your cybersecurity posture requires Security Orchestration, an enhancement to Panoptic Cyberdefense Levels 1 and 2, with the addition of the highest-level security operations center (SOC) services.

Security Orchestration gets you the highest level of security by organizing multiple systems and informing cybersecurity policy and larger business concerns. More >

Cybersecurity Starts with Leadership

The effectiveness of each Panoptic Cyberdefense starts with Cybersecurity Leadership, which is why onShore Security also offers a suite of cybersecurity audits, creation of governance, risk and compliance (GRC) policies, and outsourced CISO services.

The most basic cybersecurity audit is the onShore Security Maturity Assessment, which is available free, for a limited time, to banks with 50 or more employees. More >

  • Features:

  • Flat-fee Monthly Pricing
    No event nor storage-based pricing. No reason to hold back on full log ingestion.
  • SOC2 Type II Audited
    All of our systems, data center, and processes (service and internal) go through annual controls audits by a 3rd party. Our SOC2 report is made available under NDA.
  • Panoptic SIEM®, ELK Stack-Based, license-free
    The Panoptic ELK Stack-based SIEM is our advanced, purpose-built SIEM for analyzing and reporting security data.
  • Panoptic Sensor® IDS, license-free
    Always deployed in HA pairs, bare-iron or VM, the onShore Security Panoptic Sensor® is one of the most advanced IDS network sensors in the industry, with direct-driver memory access for real-time processing. Basic version excludes full packet capture.
  • 24/7 Threat-Level Alerting Everywhere
    Detect on-premise, in the cloud, on virtual workloads, even SaaS applications.
  • Threat, Anomaly, and Compliance Detection
    Detection isn't just monitoring for automated alerts.
  • Log and Event Correlation
    Correlation rules are built across disparate data.
  • Analyze Any Log, End-point Protection, SNMP, or API Data
    We can customize parsers for almost any log or output source.
  • Network-level Ingestion and Correlation
    SNMP, device health, port changes, traffic metrics, and netflow data help with anomaly detection.
  • CVE Scan Ingestion and Correlation
    CVE scan correlation allows for risk-aligned detection.
  • 12-Month SIEM, Log, and Incident Off-Site Retention
    All log, session, alert, and ticket data are retained off-site for 12 months by default.
  • Proprietary Signature Updates
    Our own 15-year signature set is updated continuously.
  • Banking Signature Updates
    We maintain banking-specific signature sets.
  • Community Signature Updates
    We collaborate with the cybersecurity community.
  • SIEM Reports
    SIEM reports aggregate the alerts and correlated security data and deliver it to you in an easily understood and communicated format.
  • Firewall Report
    We provide reporting for blocked and filtered content, threat detection, geo-activity, and bandwidth graphing.
  • Panoptic Sensor® Full Packet Capture IDS
    Up to 2 days of lookback session data. Sensors always come in HA pairs and are connected to switch span ports.
  • Multiple 40G Ports
    Multiple network segments can connect to a single sensor HA pair. Packet aggregators can be used in larger networks where span ports can be overwhelmed.
  • Ingress, Egress, Lateral, and Virtual Network Segments
    No traffic is missed so APTs are thwarted early in the kill-chain.
  • Network Anti-malware
    Malware detection at the network level provides valuable security data and adds an additional layer to endpoint detection.
  • Network Behavior Analysis
    Deeper knowledge provides useful insights and reduces false-positives.
  • Host Profiling
    Hosts are tracked and mapped against DHCP for historical profiling. Producer/consumer ratios and micro-segmentation triggers are tracked for anomaly and exfiltration detection.
  • DNS Sinkholing and Orchestration
    Integration with NexGen firewalls allows blacklisted traffic to be analyzed.
  • Shared-key Decryption
    Hosts with ingress traffic can share keys for full passive https decryption and detection.
  • Primary Security Analyst
    Your analyst knows you and your network.
  • Proactive Threat Hunting
    Security engineers mine your network data, investigating anomalies.
  • Incident Response
    We take defensive action 24hrs/day.
  • Inform Security Policy
    Detection checks for compliance to close the loop on policy development.
  • 12-Month SIEM, Log, Incident, and Tagged PCAP Off-Site Retention
    All log, session, alert, tagged full packets and ticket data are retained off-site for and upgraded 12-months.
  • Security Orchestration
    We provide assistance in bringing together all cybersecurity efforts.
  • Monthly Security Briefing
    This briefing provides an understanding of the activity and its relevance.
  • Threat Landscape Reporting
    Industry and individual threats are curated and reported on in our briefings.
  • Credential Exposure Reporting
    Darkweb scans are preformed for credential eposure and reported on in our briefings.
  • Board Reporting and Presentation
    Directors and upper management gain confidence on cybersecurity posture.
  • Reporting to IT Committee
    As needed additional reporting and analysis.

  • MDR
    onShore’s Panoptic MDR cybersecurity service includes alerting, analysis, and response for detected events without the cost or hassle of operating your own SIEM or SOC.

  • MDR + NDR
    onShore’s Panoptic MDR + MDR cybersecurity service includes alerting, analysis, and response for detected events and adds full packet capture IDS, advanced sensor functions, and a dedicated Security Analyst.

  • Security Orchestration
    onShore Security's Security Orchestration adds a monthly security briefing and report with high-level summary data on events and activity as well as on the threat landscape.