By Bob Michaud
Over the past few weeks, we’ve been discussing multi-layered security and how it helps protect your brand and your account holders from fraud. Today, I want to discuss how Q2 protects your brand with our Integrated Operations Center.
You’ve all seen the WeatherTech Pit Crew Commercials where the ninja warriors are protecting your car or truck from the outside elements. The one commercial I remember the most is the Dad fishing on the dock with his son. They are having a great time and are only worried about catching fish on a beautiful day. The WeatherTech commercial ends with “whether you’re spending a day on the dock fishing, or off on another adventure, we want to keep your truck protected. At WeatherTech, we have everything you need to keep your truck looking like new all year long!”
At Q2, we have our own Pit Crew. Our data center is on high alert at all time. After all, we can’t afford to have our system not working. To ensure everything is safe and secure, we have an Integrated Operations Center (IOC) Pit Crew on duty 24 X 7 watch over your environment. They are the ninja warriors protecting your data from outside elements 365 days a year.
In my first blog, we discussed a new type of attack called Credential Stuffing. Our IOC team are on the front lines stopping the credential stuffing attacks using tools such as Web Application Firewalls, Threat Intelligence Feeds, and Vulnerability Scans. They have an arsenal of partners and tools to help them in the war against hackers.
Carmela Pinzone heads this elite group of warriors. I asked Carmela how her team is working to protect your data:
Our goal is to prevent malicious attacks and fraudulent activity before it happens. In the event the IOC detects suspicious behavior in line with a possible attack, they will apply elevated policies and rulesets to the customer’s OLB (Online Banking) environment. These policies may include source geo-location blacklists based on observed traffic patterns and/or rate-limiting policies in the Web Application Firewall (WAF).
The customer will receive notification of a potential attack and periodic updates. Once the attack has subsided, a final notification will be sent that will contain information about the attack traffic and the transactions that took place during the attack period. This data is useful for the customer to determine whether fraudulent activity occurred. We also include a copy of the IC3 complaint that is filed with the FBI.
These are just a few of the ways we protect an FI, but Q2 has a lot of other monitoring and security processes in place, each contributing to ensure we’re operating in a safe environment. We take security very seriously, doing everything in our power to ensure our clients aren’t exposed to risk through our data centers.
This concludes my series of blogs about just some of the ways that Q2 protects your brand and your assets with a multi-layered approach to security by developing your applications with a security-first approach. I hope you’ve enjoyed reading my thoughts—and have learned a little something as well.
Thank you for reading and Happy Cyber Security Month.