Edit Template

From Secure Development to Advanced Threat Intelligence, Learn how Masav banking did it.

From Secure Development to Advanced Threat Intelligence, Learn how Masav banking did it.

About

Masav (Bank Clearing Center Ltd.) operates the “Debit, Credit and Payment Transfers” system, which constitutes the central payment system in Israel. The company has been operating since 1982 and is a banking corporation owned by Leumi, Poalim, Discount, Mizrahi, and the International banks, providing services to all banks and their customers. The volume of activity at Masav and the uniqueness of its services make it a central axis in the financial activity of the economy. Thanks to its extensive knowledge and experience in the payments field, Masav offers a variety of solutions that cater to the needs of the banks as well as to the needs of small, medium, and giant corporate business customers.

Introduction

Masav, a prominent financial institution, facilitates large-scale transactions daily. As a platform that holds considerable amounts of sensitive financial data and personal information, Masav must ensure that its cybersecurity measures are infallible. Given the rise of sophisticated cyber threats targeting the finance sector, Masav approached Cybecs to evaluate, reinforce, and maintain its cybersecurity posture.

Cybec Direct stands tall as a distinguished partner, supplying cutting-edge digital solutions from their renowned RedRok Suite. This collaboration has meticulously curated and executed the advanced software architecture that underpins Masav’s functions, ensuring an unbeatable combination of operational continuity and security.

Challenge

Masav’s entrenched position in the financial sector made the company a prime target for cyber malefactors, especially considering the vast volume of sensitive data and financial transactions they processed daily.

The organization’s  vital role in a stringently governed financial realm necessitated an unwavering commitment to match, if not outpace, the set security benchmarks.

Solution

In light of the intricate cybersecurity challenges presented by Masav’s vast operations, Cybecs implemented a comprehensive, multi-dimensional approach, addressing both technological and human aspects of cyber-defense:

Prioritizing Secure Development from Start to Finish:

Understanding the nuances of software architecture, especially in the realm of financial operations, is crucial. Cybecs undertook the significant responsibility of embedding the Secure Development Lifecycle (SDLC) within Masav’s operations. This intricate procedure ensured that each phase, right from the inception of a project to its full-scale deployment, was meticulously monitored for security. Cybecs’ experts immersed themselves in detailed code reviews, offering Masav precise insights into potential vulnerabilities and providing actionable recommendations that married both robust security and optimal functionality.

The Power of Comprehensive Reconnaissance:

In the dynamic world of cyber operations, threats can emerge from any direction. Therefore, Cybecs brought to the fore their state-of-the-art tools – ‘Insight’ and ‘Exsight’. While ‘Insight’ delved deep into the recesses of Masav’s internal environment, inspecting configurations, ports, and other critical elements for potential audit weaknesses, ‘Exsight’ mirrored these operations for external systems. It ensured vendor integrations, cloud interfaces, and third-party connections remained uncompromised and watertight.

Advanced Threat Anticipation with Red:

In the modern cyber age, defense is as much about anticipation as it is about reaction. Cybecs’ ‘Red Threat Intelligence Platform’ emerged as a beacon in this landscape. ‘Red’ tirelessly scoured the vast expanse of the web, pinpointing emerging threats and hostile campaigns aimed at financial behemoths. This continuous monitoring provided Masav with invaluable foresight, allowing them to augment defenses proactively, keeping potential attackers at bay.

Simulating Cyber-Attacks through Penetration Testing:

There’s an old adage – “It takes a thief to catch a thief.” In line with this, Cybecs embarked on a series of rigorous penetration tests, emulating real-world cyber-attacks using globally recognized methodologies from OWASP. The gamut of Black Box, Grey Box, and White Box tests were deployed, unearthing potential vulnerabilities in a controlled environment, ensuring no real harm while gleaning critical insights.

Investing in People through Training and Surveys:

Cybersecurity isn’t just a game of machines; it’s also about the human element. Recognizing this critical aspect, Cybecs designed detailed security awareness modules for Masav’s vast staff. Before these sessions, surveys were shared, gauging the existing cybersecurity knowledge levels. Post-training, a second survey assessed the effectiveness of the training, marking the knowledge enhancement and identifying areas for future improvement.

Fortifying the ‘Immediate Transfer’ Service:

Masav’s ‘Immediate Transfer’ service, vital for countless users, demanded an extra layer of protection. Cybecs stepped in, evaluating its architecture from the ground up. By approving and optimizing its design, they ensured each transaction, no matter its size or significance, adhered to the zenith of security standards.

Dynamic Digital Landscape

Overseeing multiple domains – Digital Architecture, Cloud Synergy, and Cybersecurity – Ido leads a substantial team of experts, including developers, engineers, and cybersecurity specialists. Central to Masav’s defense strategy is a premier Security Operations Center (SOC), complemented by auxiliary units that ensure continuous monitoring.

The history of collaboration between the two entities has fortified Ido’s confidence in Cybec. Reflecting upon their association, Sagi remarks, “Adopting Cybec’s solutions, particularly the RedRok Suite, provided a revolutionary shift in our security approach, bringing about profound enhancements within a short span.”

Real-Time Oversight: A Paradigm Shift

The RedRok Suite accorded Masav an all-encompassing perspective into their systems. This suite ensures that both internal processes and external connections, such as vendor integrations, remain secure and invulnerable to breaches.

Beyond defense

mechanisms, proactive approaches are also employed to anticipate and counter potential threats. By continuously scanning and evaluating the broader digital environment, Masav is equipped to strengthen its defenses ahead of any anticipated cyber incidents.

In Ido's words, "Cybec's unique blend of versatility, scalability, and cost-effectiveness is unmatched. Their unwavering commitment to fostering a mutually beneficial relationship solidifies their status as an irreplaceable ally."
Ido Sagi
CISO, Information Security & Cyber Defense Manager, Masav

Elevated Operational Efficiency by 30%

In the month following the integration of Cybec’s solutions, Masav witnessed a staggering 30% elevation in operational efficiency. Yet, beyond the tangible metrics, the true victory was the rejuvenation of the workforce. As Ido, the Cyber Defense Manager at Masav, highlights, “The real merit of this transformation isn’t just in numbers. Seeing the contentment and relief on the faces of my team members, feeling the newfound vigor in our operations – that’s the real reward.”

He further notes, “Introducing Cybec’s solutions into our framework was a conscious effort to alleviate the burdens on our staff. They ought to relish their work, find a harmonious balance between their professional commitments and personal lives. By integrating the right tools, we aimed to provide them that breathing space, that relaxation.”

To those contemplating a partnership with Cybec, Ido extols, “I would wholeheartedly champion the capabilities of their solutions – the innovation, the integrations, and the sheer scalability. The cost-effectiveness of Cybec makes it a suitable fit for businesses of all scales, be it a budding startup or a sprawling global enterprise. And needless to say,” Ido concludes, “the unwavering and genuine partnership Cybec fosters with its clients is truly commendable.”

Build with security in mind

RedRok for stronger Cyber Resilience

Categories