March 15, 2017
COLUMBIA, Md. – March 15, 2017— EventTracker, a leader in security information and event management (SIEM), today announced that its SIEMPhonic managed security services can help financial institutions comply with New York state’s newly-established requirements, enacted in response to increasing cybersecurity threats posed to information and financial systems. The New York State Department of Financial Services (DFS) Cybersecurity Requirements for Financial Services Companies (23 NYCRR 500) took effect on March 1, 2017 in an effort to protect customer information, as well as the IT systems of regulated entities. Institutions have 180 days, or until Oct. 1, 2017, to comply with certain aspects of the regulation.
Financial services organizations licensed and/or regulated by the New York State DFS are now required to assess their specific security risk profile and design a program that addresses the organization’s risks, as well as file an annual certification that confirms compliance with the regulations.
Cybersecurity expert A.N. Ananth, CEO of EventTracker, thinks New York might be among the first, but similar regulations are likely to spread to other states. Ananth also sees a role for managed security services providers (MSSPs) to aid financial institutions in implementing a cybersecurity program that can identify and assess internal and external cybersecurity risks, detect and respond to cybersecurity events, and fulfill applicable regulatory reporting obligations.
“Complying with the mandate can be prohibitively expensive for small and mid-size banks, credit unions, and financial organizations. Many can’t afford to hire a CISO – even a fractional or interim CISO – or assign the internal resources to fulfill the mandate of ‘making risk management the core of your security decisions,’” said Ananth. “That’s where MSSP services fill the skill and budget gap. Technology alone is about 15 percent of the solution. Expert analysts and robust, disciplined, and documented processes, the core of the services we are offering, are the remaining 85 percent.”
Research analysts at Gartner agree. “Organizations struggle to deploy, manage and use an effective combination of expertise and tools to detect threats, especially targeted advanced threats and insider threats,” said Gartner in a report. 
several educational resources including:
- Regulation Overview
- Solution Brief
- Q&A Webinar
- Free Incident Response Plan Template
- Deadline Infographic
Follow this link for a complete list of New York’s cybersecurity requirements.
Key components of the New York cybersecurity requirements addressed by EventTracker technology and solutions include:
- Conducting penetration testing and vulnerability assessments
- Monitoring of assets and creation of audit trails
- Providing updated technical training of cybersecurity personnel
- Ensuring third parties and vendors are secure and securely accessing your data
- Securely destroying unnecessary data
SIEMphonic, EventTracker’s flagship service, combines SIEM technology, intrusion detection, vulnerability scanning, flow analysis, and HoneyNet capabilities with a fully managed security service. The result is a complete cybersecurity solution that delivers SME businesses the outcome they are seeking—effective cybersecurity at an attractive price point, including managed detection and response (MDR). Key capabilities include:
- 24×7 managed security services
- EventTracker 8 SIEM platform
- Threat intelligence
- HoneyNet deception technology
- Behavior analysis
For more information on EventTracker, visit https://www.eventtracker.com/
EventTracker’s advanced security solutions protect enterprises and small businesses from data breaches and insider fraud, and streamline regulatory compliance. The company’s EventTracker platform comprises SIEM, vulnerability scanning, intrusion detection, behavior analytics, a honeynet deception network and other defense in-depth capabilities within a single management platform. The company complements its state-of-the-art technology with 24×7 managed services from its global security operations center (SOC) to ensure its customers achieve desired outcomes—safer networks, better endpoint security, earlier detection of intrusion, and relevant and specific threat intelligence. The company serves the retail, hospitality, healthcare, legal, banking and financial services, utilities and government sectors.
EventTracker is a division of Netsurion, a leader in remotely-managed IT security services that protect multi-location businesses’ information, payment systems and on-premise public and private Wi-Fi networks. www.eventtracker.com. Twitter: @logtalk.
Deb Montner, Montner Tech PR
 Gartner, ” Market Guide for Managed Detection and Response Services,” Gartner, Toby Bussa, Craig Lawson, Kelly M. Kavanagh, May 10, 2016.