FFIEC's DDoS Guidelines: An AnalysisNeustar's Rodney Joffe on New Guidelines for Banking Institutions
The FFIEC just issued new guidelines on DDoS risks to U.S. banking institutions. What is the substance of these guidelines, and how must banks and credit unions respond? Rodney Joffe of Neustar offers advice.
Joffe, senior vice president and senior technologist and DDoS solutions vendor Neustar, says these new guidelines are a milestone - he has never seen government agencies address DDoS risks so thoroughly with regulated entities. And the timing of release, he believes, is no coincidence.
"[The statement] obviously comes about as a result of the attacks we saw [on banks] two, two-and-a-half years ago," Joffe says. "But it has nothing to do with those attacks per se. It has to do with the fact that the federal government really got a wake-up call, as did the private sector, during that set of DDoS attacks. And they've now decided that the sector most likely to be sympathetic and responsive to this ... is the financial sector."
In an interview about banking regulators' new statement on DDoS, Joffe discusses:
- Why the FFIEC chose now to issue guidelines;
- The substance of expectations for banking institutions;
- How banks and credit unions should assess and mitigate their risks.
As SVP & Senior Technologist at Neustar, Joffe is responsible for defining and guiding the technical direction of the company's Neusentry security offering as well as heading the company's cybersecurity initiatives. Joffe joined Neustar in 2006 after the acquisition of UltraDNS Corporation, a directory services company, he founded in 1999. Prior to founding UltraDNS, Joffe was the founder and CTO of Genuity, one of the largest Internet Service and Hosting Providers in the world.