"I can very quickly and efficiently move threat intel to our TruSTAR member Enclave so member banks have access to those IOCs and can act."
— Alvin Mills, Vice President of Information Technology at TBA
Founded in 1885, the Texas Bankers Association (TBA) is the nation's oldest and largest trade association in banking. Current membership includes roughly 420 community banks in Texas. TBA advocates for community banks by offering professional development, legislature support at both at the state and federal level, and premier product and service offerings. In recent years, TBA has increased its efforts on cyber security, and built a dedicated IT security staff to help its banks and the industry to reduce cyber risk. As part of its cyber security effort, TBA partnered with TruSTAR and launched a cyber security information sharing and threat intelligence platform for its members in 2019.
TruSTAR, acquired by Splunk, recently spoke with Alvin Mills, TBA’s Vice President of Information Technology and Security to learn why the organization selected TruSTAR as its intelligence management platform for data-centric security automation.
How did TBA manage intelligence prior to partnering with TruSTAR?
We didn't and realized that threat intelligence management was something that we needed to solve for our community banks. Prior to TruSTAR, our banks were pretty much on their own to get threat intel from whatever sources they could. A lot of them were, and still are, members of an ISAC in financial services. We were seeing that access to threat intel was often via a tsunami of daily emails, and the intel wasn’t always relative to our community banks. They needed to spend their time trying to figure out what intel they could use to act on and address their cyber threats.
Were there other challenges that led TBA to implement TruSTAR?
We needed to give our community banks the ability to collaborate around threat intelligence. To solve this, we implemented TruSTAR for our members and set up a Slack group for community bankers. This allows TBA members to go to one place for information sharing and collaboration and get threat intelligence through TruSTAR.
Another challenge for our member banks is the need for automation. I hear from bankers all the time that they're so busy and wear many different hats. They're not only security but also IT, and they’ve got a very full plate just striving to stay compliant. There are a lot of regulations in banking and financial services. It's critical that we help them build automation to help better manage their time.
How does TruSTAR solve your challenges?
TBA’s opinion is that threat intel should not have a cost applied to it, so we've offered TruSTAR at no additional costs to our member banks to participate in threat intel sharing. TBA gets threat intel from several sources, and that helps us get the member banks involved with sharing threat intel. Historically, there has been a hesitancy with sharing information, and members want to do it anonymously. The TruSTAR platform allows that kind of anonymous information sharing with the redaction feature.
TruSTAR offers a single platform for our members to access threat intel. They can go to one place to access IOCs and intelligence reports without having to dig through their email to get that information. The other great thing about TruSTAR is that it integrates with pretty much any tool to help build the automation our bankers need. There are integrations already built for many of the security tools that our members are using, and if there isn’t one, TruSTAR is more than willing to help build custom integrations through managed connectors.
Can you tell us more about how TBA is currently using TruSTAR?
Internally, my focus is on sharing threat intel to our member Enclave. For example, if I receive a phishing alert, I can very quickly and efficiently move that threat intel to our TruSTAR member Enclave so member banks have access to those IOCs and can act. We are seeing more and more member banks utilizing TruSTAR’s email report submission and Phishing Triage features. I also use the TruSTAR Chrome and Slack integrations daily. TBA also gets threat intel from the International Association of Certified ISAOs (IACI) and we make that available to our members in TruSTAR.
What’s the future of TBA as it relates to threat intelligence sharing and management?
We’re looking forward to launching the Texas Bankers – Information Sharing and Analysis Organization (TB-ISAO) later this year to bring all our cyber security services and platforms together for our community banks. TruSTAR will be a key component of that effort so that members can continue to easily share intel and access vetted indicators.
Operationalized intelligence sharing to eliminate the need for manual review processes and ensure delivery of relevant threat intelligence
Improved visibility across teams and tools with TruSTAR integration partners and custom managed connectors
Click here to learn more about becoming a TruSTAR sharing group partner.