Orient Commercial Bank (OCB)

Safeguards its virtual servers from APT and zero-day threats

Overview

Orient Commercial Bank (OCB) was established in 1996. With nearly 200 trading units in 132 transaction points across Vietnam, OCB is an industry leader in Vietnam’s financial services market. In 2017, OBC attained Moody’s Basel II rating, the highest level of rating for commercial banks in Vietnam.

As the pioneer in digital banking service, OCB is the first bank in Vietnam to offer integrated omni-channel banking services, providing seamless transaction experiences for end users across all channels and devices. As a result, OCB was recognised by IMF as the Most Innovative Digital Bank Viet Nam 2018 and the Best New Omni Channel Platform.

Challenges

OCB has been undergoing rapid digital transformation over the years. In March 2018, OCB launched the OCB OMNI application, an omni-channel digital banking platform that allows users to switch between devices during a single transaction. With OCB’s online and offline channels integrated, customers have the flexibility of making a transaction on its website and complete the process at a physical branch or on its mobile app. The move made OCB the first integrated bank in Vietnam.

The banking sector has traditionally been one of the top targets for cyberattacks. Threats can range from low-level phishing (via email, SMS, and websites) to advanced persistent threats (malware infections, targeted attacks, zero-day, and vulnerability exploits). And in OCB’s quest to have elevated cybersecurity a top operational priority, then bank wants to be prepared for all of them.

"Trend Micro gives us the right proactive security solution for our virtual infrastructure while minimizing the impact on our systems’ performance."

Mr. Du Xuan Vu
CIO, Orient Commercial Bank (OCB)

Why Trend Micro

As a global leader in cybersecurity solutions, Trend Micro is a well-known brand in the local market. The company provides cybersecurity technologies to many financial organizations across the world, including Bank Saint Petersburg, State Bank of India, Softbank Japan, Mitsubishi UFJ Financial Group, and many more.

In addition, Trend Micro offers a comprehensive suite of on-premise and SaaS solutions protecting the endpoints, network, and servers in any given organization. The company is also known for its tireless innovation throughout its 30-year history.

Solutions

OCB deployed two key solutions – Trend Micro™ Deep Security™ full Enterprise capabilities and Trend Micro™ Deep Discovery™ Analyzer, to protect its virtual servers from zero-day vulnerability exploits, unknown malware, and other unforeseen threats.

Deep Security is an advanced server solution that provides smart security. Optimised for the virtual environment, Deep Security uses a comprehensive set of policy-enforced security controls to automatically shield virtual machines from cyberattacks and vulnerabilities, stop malware from spreading in the server environment, and detect any unauthorised system changes. It also applies virtual patches to servers, protecting them from any vulnerability-based attacks, even before an official patch is released.

Deep Discovery Analyzer (DDAN) extends the value of Deep Security by providing custom sandboxing and advanced analysis. As a result, better detection can be achieved. Custom sandboxing analysis works by creating virtual images that mimic OCB’s system configurations, drivers, installed applications, and language versions and executes a suspicious file in a safe “sandbox” to determine if it is malicious. This reduces the timeconsuming task of manually analyzing suspicious files, enhancing productivity and detection over time.

What's Next

Having deployed Trend Micro’s two cybersecurity solutions, OCB is able to protect the virtual servers in all of its 132 branches—as well as its customers—from known and unknown malware, zero-day vulnerability exploits, and other criminal threats with increased detection accuracy and without any disruption to its operation.

In addition, OCB is able to centrally manage its security operations through a unified platform, simplifying security tasks, accelerating detection time, and reducing incident response time and remediation costs.