Modern financial organizations are commonly hosted in skyscrapers or large commercial buildings, which comprise multiple physical and technological systems (e.g., lighting, heating and air conditioning, access control, elevators, CCTV systems, access control with revolving doors, scanners, video cameras, sensors for infrared, temperature, CO, smoke, etc.), but also many cyber assets such as dense networks for telephone and data communication. Cyber and physical assets are deployed in complex configurations and are difficult to secure both physically and logically. By means of the FINSEC platform we have managed to secure the physical and cyber infrastructures of these buildings. In particular, probes that provide information for the physical and the cyber assets have been deployed, along with analytics components that correlate information about physical and logical assets. For example the tampering of surveillance cameras with the fault of the revolving door system or a smoke alert and a DOS (Denial of Service) attack to the central IP – PBX are automatically correlated. The simultaneous detection of such events triggers alarms to both cyber and physical security officers. Using machine learning for security analytics, the FINSEC system is also able to learn normal behaviours, including cases where the correlations of events for the physical and for the logical aspects are reasonable and normal.
More information about this Use Case can be found in the SECURING CRITICAL INFRASTRUCTURES IN THE FINANCIAL SECTOR course
The innovation of the system lies in the integrated protection of a large number of cyber and physical assets in buildings where financial organizations reside. Likewise, the mining of security knowledge associated with combinations of events on logical and physical assets, is a novel element of the case study.