We’re excited to launch our newest premium set of offerings, Q2 Security Insights. We developed this offering in response to an ever-evolving security landscape and our customers’ desire for greater visibility into security data related to their Q2-hosted platform. Q2 Security Insights makes a set of real time events available to financial institutions — via Security Information and Event Management (SIEM) integration — to give them a deeper understanding of the traffic patterns and threat intelligence, along with awareness of the overall security landscape to help illuminate what needs to be done to further protect their environment.
An Evolutionary Process
The development of Q2 Security Insights is part of our journey to deliver actionable insights to clients through our unique and innovative distributed cloud architecture.
Banks and credit unions are constantly facing challenges from an emerging threat landscape. On the outsider threat side, the frequency of DDoS (distributed denial of service attack) rose 22% in 2022 and credential stuffing (where bad actors use login information from one online service to access additional online services) accounted for 34% of all login attempts in just the first three months of 2022. That means, of the roughly 34,000 log ins per minute Q2 supports, one third are bots trying to bypass our security controls.
On the insider threat landscape, 39% of all breaches begin with an insider (about half of which are accidental), ransomware attacks are up 62%, and nearly a quarter of account signups are for fraudulent purposes.
So financial institutions are facing constant pressure from bad actors testing for vulnerabilities and exploiting credentials that are stolen and misused. The net result is that a whopping 74% of all breaches start from privileged credential abuse.
When considering security, we focus on four main components:
- Protect our customers’ sensitive data
- Protect our customers from a service disruption
- Protect our customers from a security incident
- Protect Q2’s intellectual property
At Q2, we’ve spent a lot of time thinking about security and designing security posturing that not only protects our customers but differentiates us in the market. We’ve implemented many of these tools, which defend against the emerging threat landscape. The next step in our evolution is sharing more visibility with our customers.
How It Works
Q2 Security Insights gives us the ability to easily integrate with our customers’ hosted SIEM tools. In layman's terms, SIEM is a collection of data we receive from multiple sources when users try to log into our platform. The data is curated and used by our security operations center (SOC) to make real time-decisions about whether traffic or logins are suspicious and/or malicious. Our Security Incident Response Team (SIRT) then determines what action to take.
We understand that, in a multi-cloud environment, our customers’ security teams may be concerned that their security could be compromised — or may at least have a desire for more oversight of the controls and mitigation performed on their behalf. Q2 Security Insights allows us to share all of the information we gather as part of SIEM with our clients — giving them insight into what we’re doing on their behalf.
There are three components to the new security offerings: Q2 Edge Traffic Export, Q2 Threat Feed Export, and Q2 SIRT Threat Bulletin.
With Edge Traffic Export, customers receive a stream of all web requests made to a Q2 hosted environment and a stream of all flagged security events (e.g., blocked IP address, rate-limit, etc.). This gives their security teams insight into how we’re performing, which they can ingest into their security tools and leverage across other products with other vendors and in other environments.
Q2 protects a wide range of products beyond just online banking. This means that customers of the Q2 platform don’t just benefit from the protection of one customer or one specific product, but the collective intelligence across a distributed cloud ecosystem of financial services.
Threat Feed Export shares the curated data used by our SOC teams (mentioned above) with customers so FIs can use it to help defend threats against their non-Q2 hosted digital assets. We’re using the power of community and an aggregated view of everything that’s happening across all of the online banking environments so our customers can make more informed, mature and better educated decisions.
Think about the power this represents: We have more than 20 million users, which gives us visibility into emerging threats that is exponentially greater than any individual customer would see.
With the SIRT Threat Bulletin, the Q2 Security Incident Response Team regularly monitors financial news and security events and curates them into a single bulletin distributed twice monthly. The newsletter may also include internally published blog posts from Q2 security team members and/or information on industry news as it relates to the Q2 platform. (Note that the SIRT Bulletin will not replace critical security updates [e.g., zero-day response], which will be always delivered as soon as they are released to the organization’s designated security contact.)
What’s unique and different about Q2 Security Insights is that it extends across all of our lines of business. Meaning, it’s not just a digital banking product, it’s also applicable to off-platform products such as Gro, ClickSWITCH, and Centrix.
The Evolution Continues
We’ve been able to develop these new premiere product offerings because of recent architectural changes that we’ve made over the last couple of years that have made sharing the data and information technically feasible. But Q2 Security Insights is just one of several initiatives underway. We will continue to work to provide the most robust security solutions available and to find ways to share our insights and security best practices because we believe that sharing this data deepens and strengthens our customer relationships while empowering the security teams we partner with to create a safer Internet for everyone
If you are interested in learning more about Q2 Security Insight, contact your customer success manager.