An introduction to 360 degree threat detection

How endpoint security can improve cybersecurity and compliance in Financial Services

According to Accenture, the cost of cybercrime to US Financial Services companies rose 40% between 2014 and 2017, on average costing companies over $18 million per year. Add to this much tighter data protection regulations – such as those in the US and Europe – and the need for endpoint security becomes clear. In this blog, I’ll look at the concept of 360 degree threat detection and what it offers Financial Services.

I have a guilty secret: I love whodunits! I get completely engrossed as the detective seeks outs all the clues and meticulously pieces them together to identify and catch the bad guy.

In some ways, this is a good metaphor for the traditional approach to endpoint security. Security professionals concede that the question is ‘when’ not ‘if’ your network will be attacked. In research that we conducted with SANS, over 40% of respondents said their endpoints had been breached in the last 12 months. The key has been how quickly you can detect a breach, isolate the incident and take the correct remedial action. This is still very, very necessary but it’s no longer sufficient.

Endpoint security: the need to move from the right to the left of the endpoint

I have another confession to make: I love the language of endpoint security. Terms like threat vectors, kill chains, command-and-control and exfiltration feel like they’ve come straight from some stylish espionage thriller. However, this isn’t entertainment. It’s the real world and it’s incredibly serious. SANs found that almost 20% of respondents didn’t know whether they had been breached or not.

An endpoint can be thought of as any device, system or server that connects to your corporate network. The challenge today is that there are so many of them – PCs, laptops, server, tablets, smartphones – and, according to SANs, almost 45% of security teams are managing 5000 to 500,000 separate endpoints.

In a world of changing business practices – where customers and suppliers demand more direct access to your corporate network and employees are increasingly comfortable with Bring Your Own Device (BYOD) that are often not covered by security policies – a reactive approach to endpoint security is no longer enough to address the risks to your organization and the data you hold.

In addition, the nature of threats continues to morph. Along with malware, we have to deal with the likes of injection attacks, rootkits, DNS attacks and zero day exploits. It has been a long time since a corporate firewall was enough to protect your network. You need a wide range of capabilities including malware detection, user and endpoint behavior analysis, system memory analysis and sandboxing (where you can safely run a suspicious app or file away from your corporate network).

It’s no secret that financial data is one of the most attractive targets for hackers. Cyberattacks on Financial Services companies grew by a staggering 80% between 2016 and 2017. The result, according to Information Age, is a 57% rise in the cost of cyber attacks for Financial Services firms.

To address this needs a change of thinking and capabilities for endpoint security. Previously, security teams have focused on what happens to the right of the endpoint – the affects of a breach within your corporate network. Today, we have to include what happens to the left – what the attacker is doing and how they’re doing it.

JJ Crawford, senior product marketing manager for OpenText EnCase, says “Large financial services organizations deal with huge volumes of cyber threats, as many as 1MM per day. These institutions must have detection and response solutions capable of working at scale to rapidly uncover threats, initiate a comprehensive response, and return the environment to a trusted state.”

The benefits of 360 degree threat detection

The security teams within Financial Services companies have to move beyond the detection and remediation of breaches that have already occurred. You need to be able to address active breaches as they happen. Adding active breach detection to the Digital Forensic and Incident Response (DFIR) capabilities within your Endpoint Protection Platform provides a comprehensive end-to-end threat detection and resolution solution – at OpenText, we call this 360 degree threat detection.

Figure 1: 360 degree threat detection including active breach and malware detection

This gives you the capability to instantly identify and report breach signals like lateral movement through your systems, command-and-control, malware installation and data exfiltration. You have fully orchestrated and automated incident response with threat-scoring, validation, tracking and remediation.

OpenText has introduced OpenText™ EnCase™ Advanced Detection to our market-leading OpenText™ EnCase™ Endpoint Security that allows you to introduce active breach detection at scale. Regardless whether you are managing 50 or 500,000 endpoints, this solution allows you to have visibility of every one. If a breach does occur, the forensic work doesn’t have to concentrate on a small number of endpoints, as would happen previously, but can include every endpoint on the network.

Early endpoint detection eases your compliance risk

With an increasing number of customers worried about data privacy and sharing–nine out of 10 Americans say they have concerns–new data protection regulations are beginning to bite across the globe. Perhaps the most high profile is the GDPR legislation in Europe that affects any company with customers in the European Union. EU regulators promised to impose huge fines for companies that don’t properly protect the personal data they hold and that’s exactly how things are turning out. Late last year, Tesco Bank in the UK was fined £16.4 million ($21.7 million) for failing to protect the details of current account holders.

By implementing 360 degree threat detection, Financial Services companies can detect active breaches early and act proactively before the breach causes any damage or exposes personal data. Rather than just alerting you that an attach is taking place, this approach allows you to block the process and learn from attackers’ behaviors to better prepare for future attacks. The result should be that you can close down the situation before it reaches a level where you would have to notify the authorities–worse still, your customers–that an incident has occurred. This saves you time, money and protects your brand reputation.

Take a look at our latest infographic on cybersecurity and compliance in the Financial Service sector.

Monica Hovsepian

Monica Hovsepian is the Global Industry Strategist for Financial Services at OpenText. With more than two decades of financial industry experience, Monica has become a trusted subject matter expert in the Financial Services Industry, having worked with numerous large and international banks in North America, Europe and Asia.

Related Articles

Close