"Honeynets are different from threat intelligence and it is something you should do as a layer of defense," Ananth told conference attendees.

Credit Unions have been getting regulation, guidance and tools from multiple authorities and understand how to comply with examiners. However, bad actors still seem to be winning the war on cyber. Why? asked Scott B. Suhy, CEO of NetWatcher, a 24×7 network and endpoint security monitoring service.

In his presentation, Suhy suggested economics could be part of the problem. "The reality is that many credit unions can't aord to hire security analysts (they couldn't nd them if they could aord them) and cannot aord expensive solutions."

Another part of the answer might be the ease in which a bad actor can successfully attack an organization that just use basic security protections (firewall, anti-virus etc.) and do not continuously monitoring for a more advanced attack leveraging more advanced tools such as SIEM, NIDS, HIDS, and threat intelligence.

Les Flammer, managing partner of the vantage group spoke with Mark Bennett of Checkpoint, their partner, about how sophisticated malware and zero day attacks avoid detection and are difficult to defend. They pointed to a Kasperksy Labs report, which revealed 320,000 new pieces of malware uncovered every day.

Flammer detailed how current generation malware is continually evolving and becoming increasingly stealthy. Signature-based detection, although necessary, is insufficient. He added, new attackers have successfully evaded first generation of sandboxing techniques. The latest sandboxing technologies have offered some promise but attackers have now become increasingly effective at evading detection.  Worse yet, sandboxing interrupt business workflows or are late to notify that an infection has already occurred.

"The malware only gets detected after it has successfully compromised the system and then they isolate that system." Flammer advised.

"Legacy approaches to this problem cannot keep up," Flammer said. A product from Check Point called sandblast, a second-generation sandboxing, defends endpoints with real-time advanced protection technologies.

Installing a web application firewall provides another layer of protection according to Randy Hays, director of North American sales at managed security services provider Network Box USA, which provides enterprise-level security solutions

Web application attacks caused a third of all breaches, according to Hayes in his presentation. Credit unions must protect Web servers because the organization not only stands to lose data directly, but the server also connects to other data in the network.

A traditional firewall protects the network; a WAF protects web servers and web applications. "It applies a set of rules to an HTTP conversation. Generally, these rules cover common attacks such as cross-site scripting and SQL injection," Hays said. "We're looking for HTML, XML, cookies, JavaScript, ActiveX, those types of protocols. Because that's where the bad guys have found ways to introduce malware and get around the system."

Why does a CU need it? "If you have a web and you do business on the web or interact with the web, which credit unions do for online banking, you need very specific protection for that," Hays explained.