By Bill Hogan
Cybersecurity professionals are constantly working to thwart sophisticated attacks with a robust security strategy of detection and prevention across their networks. For financial institutions, this is especially true. A recent study has found that the financial services sector is attacked 65 percent more than any other vertical, with more than 200 million records breached in 2016.* As cyberattacks become more frequent, executives have increased spend on cybersecurity solutions.
But financial institutions suffer attacks of such large volume and capabilities that simply adding more one-off security solutions to the stack will not be sufficient to detect and respond to data breaches. Rather, in addition to implementing network and perimeter defenses, financial services firms have to provide context to this technology, generated by real-time threat intelligence.
How Threat Intelligence Helps
What is threat intelligence? It’s the collection and analysis of data, collected from both local and global sources, to inform and define the threat landscape related to your specific business. In order to protect critical information and functions, you have to understand the threats to which your networked devices and resources are susceptible. This is where threat intelligence comes in.
You can perform a variety of important functions by analyzing the data produced across your network and systems:
- Find the most efficient, effective way to protect your information
- Better determine which of your data and devices are at the highest risk
- Learn the most popular attack vectors targeting these resources
- Filter out false positives
Ideally, all of the pertinent threat intelligence available to the financial services industry would be combined with high-tech security solutions to ensure the end of data breaches. However, this remains impossible, as much of this data cannot be effectively correlated or acted upon by the variety of security tools deployed across your network. While it is widely understood across the financial services industry that threat intelligence is necessary, banks and other institutions do not only need threat intelligence. They need actionable threat intelligence.
Too Much of a Good Thing
A wealth of data is available to give financial institutions information about cyber risks. However, just as with cyberattacks, the sheer volume of threat intelligence creates a problem in and of itself, as this data does not always come in an easily decipherable format. Rather, each bit, byte and packet must be assessed and formatted in a way that insights can be understood and acted upon in a reasonable amount of time. In addition, much of it is redundant, may not apply to your circumstances or, far too often, is of questionable value. Correlating, sorting, deduplicating and filtering this information often takes more time and resources than are available.
In addition, this quantity of data can lead to potentially important intelligence being overlooked, while false positives can consume valuable resources. According to a recent survey, even as organizations employ greater security solutions, 74 percent say that security events and alerts are often ignored as staff cannot keep up with the enormous volume.* Additionally, cybercriminals are building automation into malware and other cyber threats to make them smarter, more effective and efficient, and harder to detect. Which means that the viable response time to attacks is getting shorter.
Automating Threat Intelligence
As financial institutions try to stay a step ahead of cybercriminals, threat intelligence can have an enormously positive impact. However, just as criminals have automated the process of finding vulnerabilities, financial institutions now must focus on the automation of threat intelligence to inform security updates as quickly as possible. Automating threat intelligence will ensure that important security alerts or events rise to the top, thereby optimizing security resources with the most up-to-date information on what is occurring within your network and outside of it.
As well as prioritizing events, effective threat intelligence should include machine and deep learning that can be scaled across an entire integrated security system, rather than to isolated security platforms. A single integrated security framework allows granular visibility into your entire distributed network and enables you to automate a coordinated threat response across your entire security infrastructure.
This creates what is known as a security fabric approach. It gives security teams visibility into all areas of the network including user and IoT endpoints, applications, cloud environments, access points, core resources and beyond. Each security tool deployed within the fabric contributes and shares actionable threat intelligence with one another in real time. This fabric of information connects one suspicious event with other alerts that verify an attack, then recommends or implements coordinated remediation. As an example, a security alert at the network level can cause signatures to be updated and distributed to the endpoint and edge devices, rogue devices to be isolated, and new access rules to be distributed to segmentation firewalls.
Greater Security for All
As security solutions have had to adapt to the volume and variety of sophisticated cyber threats, they have begun to include machine learning, AI and robust threat intelligence. To leverage the insights from these tools, financial services firms need to have an integrated security architecture in place. The intelligence coming from this architecture can take many resources, including time, to become actionable. This is why automation is crucial. Automated analysis and distribution of usable threat intelligence can first be deployed across the network and then shared with the financial industry at large so that everyone has a greater chance of keeping their networks safe.
About Bill Hogan
Bill Hogan leads strategic accounts and global financial services at Fortinet, where he is responsible for sales, systems engineering and business development. He formerly served as president of WebHouse, where he enabled customer success through the effective use of IT and business solutions.