OVERVIEW

Adversaries continue to advance in their sophistication, creativity, and persistence of attacks as they seek to gain access to financial institutions’ valuable assets and data.

Deception changes the game on attackers by providing organizations with a proactive defense designed to derail attacks early, and increase the complexity and cost of an attack. Highly advanced decoys and lures are designed to misdirect attackers, quickly revealing their presence and providing the opportunity to gather advanced forensics on their adversary.

Why Detection is a Priority for the Financial Sector

In-Network Detection

In-Network Detection

Organizations are shifting from prevention to threat detection & response and are allocating their budgets accordingly.

Reduce Dwell Time

Reduce Dwell Time

Lack of in-network visibility and threat detection results in high dwell times. The average being 101 days.

High-fidelity alert

High Fidelity Alerts

Security false positives cost companies $1.37 million a year on average.

Icon for insider threats

Insider Threats

58% of attacks on financial institutions are caused by insiders.

BENEFITS

Financial organizations choose Attivo Networks® deception-based threat detection for:

derailing attacks

Derailing Attacks

Complicate, slow down, and derail attacks with decoys to detect early in-network reconnaissance and lateral movement. Attractive deception credential, data, and application lures will entice and misdirect attacks into an engagement server where a high–fidelity alert is raised.

visibility icon

Visibility to Lateral Movement

Deceive attackers into revealing themselves during reconnaissance or as they start laterally moving across network services, virtual machines, IP services, and subnets looking for high-value data assets.

alert icon

High Fidelity Alerts

Actionable alerts are raised based actual attacker engagement. Notification includes the threat intelligence and forensic information on infected systems, attacker activity, and signatures required to act quickly and decisively. NOC integrations are provided for easy threat intelligence sharing and automation.

proactive defense icon

Proactive Defense

Deception provides the ability to add deceptions that obfuscate the attack surface. Adding decoys and lures that mimic the production environment will make the attacker’s job more difficult, increase their costs, and increase their risk of making a mistake that would reveal their presence.

DECEPTION USE CASES FOR
FINANCIAL INSTITUTIONS

Early Detection of In-Network Threats

Deception provides early in-network threat detection of external, insider, and 3rd party attacks. Achieve accurate threat detection of reconnaissance and credential theft activities as attackers are deceived into engaging with decoys, deception lures, and bait designed to entice hackers into revealing themselves.

READ MORE

Detection of Credential Based Attacks

Strengthen endpoint defenses with The Attivo Networks ThreatStrike solution, which provides a customizable and nonintrusive deception technology designed to misdirect and detect credential based attacks from infected endpoints, servers, and VMs. Quickly understand which systems have been compromised and set up application decoys to see what credentials are being misused. Extensive native integrations provide seamless integration with major EDR systems for fast deployment, information sharing, and accelerated incident response .

LEARN MORE

SWIFT Environment Threat Deception & Decoy

Financial institutions can use deception technology to guard against attacks on SWIFT financial messaging software from attacks from external adversaries, insiders, and suppliers.

Deceptive SWIFT credentials will misdirect attackers to detection servers and SWIFT- based application decoys will attract adversaries into engaging. Collectively, these deceptions, will provide fast and accurate alerts of attempt by attackers to load SWIFT malware or send fraudulent SWIFT messages. The deception platform also captures message content to identify the destination accounts used for fraud.

LEARN MORE

Supply Chain & 3rd Party Vendors

Many financial institutions depend on partnerships to complete financial transactions, reduce costs, and for maintaining compliance. These third-party vendor relationships can often become the weakest link for an institution, with shared security models requiring additional security measures to verify for compliance and reliability.

Deception technology adds detection security controls for validating if shared security models are working and if there are policy violations occurring that could create risk for the organization. Deception can also be useful in M&A environments where the acquired company’s infrastructure could be less advanced and where connected networks need additional visibility and detection.

Verify Integrity & Reduce Attack Surface

Today’s attack surface is rapidly changing and early visibility is needed in order to understand if unauthorized devices are added to a network. This could be in the form of IOT, BYOD, or compromised device.

Deception provides organizations with a view of network changes along with exposed credentials or misconfigured systems. Originally designed to automate the preparation and deployment of deception campaigns, these tools provide valuable insight and control to reduce the attack surface. Additional tools for CVE attack simulation and testing the attractiveness of the deception are also available within the ThreatDefend platform. Deception can also play a valuable role in pen testing.

Find out how deception fits within your financial institution’s security stack

PARTNERSHIPS

Teaming up with FS-ISAC, Attivo Networks works closely with the financial sector
ASSOCIATIONS

FS-ISAC

By teaming up with FS-ISAC, Attivo Networks works closely with the financial sector to facilitate information sharing and a stronger defense against attackers targeting this industry. Attivo actively participates as a member and at its industry events.

READ MORE

SPEAK TO AN ATTIVO SPECIALIST

Ready to find out what the Attivo Networks solution can do for your organization? Our security experts are standing by, ready to answer your questions.

HIGH RETURN ON INVESTMENT

“We’ve found Attivo to be one of the higher ROI investments that we’ve made. From the perspective of paying for what you get, it’s a lot of bang for your buck. When you buy Attivo, you get the full enchilada, the full capabilities. When you buy their core technology, you get a whole slew of capabilities – they don’t nickel & dime you.”

Director Security Operations and Threat Management DJ Goldsworthy, Aflac