Adversaries continue to advance in their sophistication, creativity, and persistence of attacks as they seek to gain access to financial institutions’ valuable assets and data.
Deception changes the game on attackers by providing organizations with a proactive defense designed to derail attacks early, and increase the complexity and cost of an attack. Highly advanced decoys and lures are designed to misdirect attackers, quickly revealing their presence and providing the opportunity to gather advanced forensics on their adversary.
Why Detection is a Priority for the Financial Sector
In-Network Detection
Organizations are shifting from prevention to threat detection & response and are allocating their budgets accordingly.
Reduce Dwell Time
Lack of in-network visibility and threat detection results in high dwell times. The average being 101 days.
High Fidelity Alerts
Security false positives cost companies $1.37 million a year on average.
Insider Threats
58% of attacks on financial institutions are caused by insiders.
BENEFITS
Financial organizations choose Attivo Networks® deception-based threat detection for:
Derailing Attacks
Complicate, slow down, and derail attacks with decoys to detect early in-network reconnaissance and lateral movement. Attractive deception credential, data, and application lures will entice and misdirect attacks into an engagement server where a high–fidelity alert is raised.
Visibility to Lateral Movement
Deceive attackers into revealing themselves during reconnaissance or as they start laterally moving across network services, virtual machines, IP services, and subnets looking for high-value data assets.
High Fidelity Alerts
Actionable alerts are raised based actual attacker engagement. Notification includes the threat intelligence and forensic information on infected systems, attacker activity, and signatures required to act quickly and decisively. NOC integrations are provided for easy threat intelligence sharing and automation.
Proactive Defense
Deception provides the ability to add deceptions that obfuscate the attack surface. Adding decoys and lures that mimic the production environment will make the attacker’s job more difficult, increase their costs, and increase their risk of making a mistake that would reveal their presence.
DECEPTION USE CASES FOR
FINANCIAL INSTITUTIONS
- EARLY DETECTION OF IN-NETWORK THREATS
- DETECTION OF CREDENTIAL BASED ATTACKS
- SWIFT ENVIRONMENT THREAT DECEPTION & DECOY
- SUPPLY CHAIN & 3RD PARTY VENDORS
- VERIFY INTEGRITY & REDUCE ATTACK SURFACE
Early Detection of In-Network Threats
Deception provides early in-network threat detection of external, insider, and 3rd party attacks. Achieve accurate threat detection of reconnaissance and credential theft activities as attackers are deceived into engaging with decoys, deception lures, and bait designed to entice hackers into revealing themselves.
Detection of Credential Based Attacks
Strengthen endpoint defenses with The Attivo Networks ThreatStrike solution, which provides a customizable and nonintrusive deception technology designed to misdirect and detect credential based attacks from infected endpoints, servers, and VMs. Quickly understand which systems have been compromised and set up application decoys to see what credentials are being misused. Extensive native integrations provide seamless integration with major EDR systems for fast deployment, information sharing, and accelerated incident response .
SWIFT Environment Threat Deception & Decoy
Financial institutions can use deception technology to guard against attacks on SWIFT financial messaging software from attacks from external adversaries, insiders, and suppliers.
Deceptive SWIFT credentials will misdirect attackers to detection servers and SWIFT- based application decoys will attract adversaries into engaging. Collectively, these deceptions, will provide fast and accurate alerts of attempt by attackers to load SWIFT malware or send fraudulent SWIFT messages. The deception platform also captures message content to identify the destination accounts used for fraud.
Supply Chain & 3rd Party Vendors
Many financial institutions depend on partnerships to complete financial transactions, reduce costs, and for maintaining compliance. These third-party vendor relationships can often become the weakest link for an institution, with shared security models requiring additional security measures to verify for compliance and reliability.
Deception technology adds detection security controls for validating if shared security models are working and if there are policy violations occurring that could create risk for the organization. Deception can also be useful in M&A environments where the acquired company’s infrastructure could be less advanced and where connected networks need additional visibility and detection.
Verify Integrity & Reduce Attack Surface
Today’s attack surface is rapidly changing and early visibility is needed in order to understand if unauthorized devices are added to a network. This could be in the form of IOT, BYOD, or compromised device.
Deception provides organizations with a view of network changes along with exposed credentials or misconfigured systems. Originally designed to automate the preparation and deployment of deception campaigns, these tools provide valuable insight and control to reduce the attack surface. Additional tools for CVE attack simulation and testing the attractiveness of the deception are also available within the ThreatDefend platform. Deception can also play a valuable role in pen testing.
PARTNERSHIPS
ASSOCIATIONS
FS-ISAC
By teaming up with FS-ISAC, Attivo Networks works closely with the financial sector to facilitate information sharing and a stronger defense against attackers targeting this industry. Attivo actively participates as a member and at its industry events.
Threat Deception Case Studies
Inside the Network Threat Deception
Company
Credit Union Organization
Situation
Customer wanted in-network threat visibility for lateral movement and stolen credentials
Outcome
Deployment of BOTsink and ThreaStrike gave customer early and accurate detection of lateral movement.
Protecting Clients’ Personal Financial Information
COMPANY
Major Bank
SITUATION
Customer wantedprotection of their clients’ valuable personal financial information. They needed to add a security control for insider threats and stolen credential attacks.
OUTCOME
Overall dwell time and associated risk of breach was significantly reduced. ThreatStrike deceptive credentials shifted the odds in their favor that they will not suffer an attack from insider threats or stolen credentials.
Detecting Attackers Quickly and Efficiently with Deception Technology
COMPANY
Fortune 500 Financial Institution
SITUATION
The security team needed a lower-effort and more efficient way of detecting in-network threats.
OUTCOME
Provided early and accurate detection and actionable response to protect intellectual property and sensitive data from ransomware and credential based attacks.
Visibility for Insider Threats
COMPANY
Fortune 500 Financial Institution
SITUATION
This customer was concerned about insider threats, stolen credentials and zero day attacks on their customers’ personal financial information.
OUTCOME
Both the BOTsink and ThreatStrike deceptive credentials shifted the odd in their favor that they will not suffer an attack from unknown malicious code, insider threats, or stolen credentials
Detecting Attackers Quickly and Efficiently with Deception Technology
COMPANY
Hedge Fund
SITUATION
The team needed to prove that their network was secure and that they could reliably detect threats by passing a Red Team penetration test that they had previously failed multiple times.
OUTCOME
The Attivo ThreatDefend Deception and Response Platform was installed, providing visibility into threats and their lateral movement within the network. The platform successfully detected the Red Team and deceived them into engaging.
SPEAK TO A DECEPTION SPECIALIST
Ready to find out what the Attivo Networks solution can do for your organization? Our security experts are standing by, ready to answer your questions.
HIGH RETURN ON INVESTMENT
“We’ve found Attivo to be one of the higher ROI investments that we’ve made. From the perspective of paying for what you get, it’s a lot of bang for your buck. When you buy Attivo, you get the full enchilada, the full capabilities. When you buy their core technology, you get a whole slew of capabilities – they don’t nickel & dime you.”
Perspectives
- Fraudsters Have Always Used Deception. It’s a Key Tool for Cybersecurity, Too
- Cybersecurity in 2018: broader scope of innovation and bigger venture dollars
- Behind the Mask with Aflac’s Director of Security Operations and Threat Management
- Tony Cole Explains Why CISOs Need to Shift Focus to Detection
SPOTLIGHT
Webinar – Deception with a Financial Institution’s Perspective
