Adversaries continue to advance in their sophistication, creativity, and persistence of attacks as they seek to gain access to financial institutions’ valuable assets and data.
Deception changes the game on attackers by providing organizations with a proactive defense designed to derail attacks early, and increase the complexity and cost of an attack. Highly advanced decoys and lures are designed to misdirect attackers, quickly revealing their presence and providing the opportunity to gather advanced forensics on their adversary.
Organizations are shifting from prevention to threat detection & response and are allocating their budgets accordingly.
Lack of in-network visibility and threat detection results in high dwell times. The average being 101 days.
Security false positives cost companies $1.37 million a year on average.
58% of attacks on financial institutions are caused by insiders.
Complicate, slow down, and derail attacks with decoys to detect early in-network reconnaissance and lateral movement. Attractive deception credential, data, and application lures will entice and misdirect attacks into an engagement server where a high–fidelity alert is raised.
Deceive attackers into revealing themselves during reconnaissance or as they start laterally moving across network services, virtual machines, IP services, and subnets looking for high-value data assets.
Actionable alerts are raised based actual attacker engagement. Notification includes the threat intelligence and forensic information on infected systems, attacker activity, and signatures required to act quickly and decisively. NOC integrations are provided for easy threat intelligence sharing and automation.
Deception provides the ability to add deceptions that obfuscate the attack surface. Adding decoys and lures that mimic the production environment will make the attacker’s job more difficult, increase their costs, and increase their risk of making a mistake that would reveal their presence.
Deception provides early in-network threat detection of external, insider, and 3rd party attacks. Achieve accurate threat detection of reconnaissance and credential theft activities as attackers are deceived into engaging with decoys, deception lures, and bait designed to entice hackers into revealing themselves.
Strengthen endpoint defenses with The Attivo Networks ThreatStrike solution, which provides a customizable and nonintrusive deception technology designed to misdirect and detect credential based attacks from infected endpoints, servers, and VMs. Quickly understand which systems have been compromised and set up application decoys to see what credentials are being misused. Extensive native integrations provide seamless integration with major EDR systems for fast deployment, information sharing, and accelerated incident response .
Financial institutions can use deception technology to guard against attacks on SWIFT financial messaging software from attacks from external adversaries, insiders, and suppliers.
Deceptive SWIFT credentials will misdirect attackers to detection servers and SWIFT- based application decoys will attract adversaries into engaging. Collectively, these deceptions, will provide fast and accurate alerts of attempt by attackers to load SWIFT malware or send fraudulent SWIFT messages. The deception platform also captures message content to identify the destination accounts used for fraud.
Many financial institutions depend on partnerships to complete financial transactions, reduce costs, and for maintaining compliance. These third-party vendor relationships can often become the weakest link for an institution, with shared security models requiring additional security measures to verify for compliance and reliability.
Deception technology adds detection security controls for validating if shared security models are working and if there are policy violations occurring that could create risk for the organization. Deception can also be useful in M&A environments where the acquired company’s infrastructure could be less advanced and where connected networks need additional visibility and detection.
Today’s attack surface is rapidly changing and early visibility is needed in order to understand if unauthorized devices are added to a network. This could be in the form of IOT, BYOD, or compromised device.
Deception provides organizations with a view of network changes along with exposed credentials or misconfigured systems. Originally designed to automate the preparation and deployment of deception campaigns, these tools provide valuable insight and control to reduce the attack surface. Additional tools for CVE attack simulation and testing the attractiveness of the deception are also available within the ThreatDefend platform. Deception can also play a valuable role in pen testing.
By teaming up with FS-ISAC, Attivo Networks works closely with the financial sector to facilitate information sharing and a stronger defense against attackers targeting this industry. Attivo actively participates as a member and at its industry events.
Customer wantedprotection of their clients’ valuable personal financial information. They needed to add a security control for insider threats and stolen credential attacks.
Overall dwell time and associated risk of breach was significantly reduced. ThreatStrike deceptive credentials shifted the odds in their favor that they will not suffer an attack from insider threats or stolen credentials.
Fortune 500 Financial Institution
The security team needed a lower-effort and more efficient way of detecting in-network threats.
Provided early and accurate detection and actionable response to protect intellectual property and sensitive data from ransomware and credential based attacks.
Fortune 500 Financial Institution
This customer was concerned about insider threats, stolen credentials and zero day attacks on their customers’ personal financial information.
Both the BOTsink and ThreatStrike deceptive credentials shifted the odd in their favor that they will not suffer an attack from unknown malicious code, insider threats, or stolen credentials
The team needed to prove that their network was secure and that they could reliably detect threats by passing a Red Team penetration test that they had previously failed multiple times.
The Attivo ThreatDefend Deception and Response Platform was installed, providing visibility into threats and their lateral movement within the network. The platform successfully detected the Red Team and deceived them into engaging.