Financial services companies are 300 times more likely than others to be hit by a cyber attack, according to the Boston Consulting Group (2019). And if that were not enough, the cost of cybercrime for financial services is 40% higher than for other sectors. Indeed, attackers are placing their sophisticated efforts where the money is.
Attacks are not always targeted, however. One challenge for financial companies is closing the vulnerable backdoors that hackers often infiltrate in order to reach the bigger payoff. This weak spot could be a smaller branch office or a third-party services supplier. As one consulting firm points out, "Even an attack against a midsize bank could have a spillover effect, causing a threat to the solvency of a top-five institution."
Broadening visibility of the vast threat landscape
Looking to mitigate business risk, a tier one global financial institution with nearly $2 trillion assets under management turned to IronNet as an early adopter of behavior analytics to detect unknown threats across its global network.
Traditional types of analysis that detect only known threats (i.e., signatures) were no longer enough for this institution to maintain its risk-averse posture and protect its customers’ long-standing trust.
IronNet’s proprietary analytics enable this customer to stay ahead of attackers’ ever-changing tactics, techniques, and procedures. By using IronDefense to identify malicious or suspicious activity on its network, this company can spot abnormal activity such as credential phishing attacks, DNS tunneling, and sudden or large data loss.
Relying on IronNet as a strategic partner as it expands East/West coverage and begins its journey to the cloud, this premier institution can contain risk and protect its well-known Fortune 500 reputation. Each month, IronNet threat detection ingests ~1M flows of data, with 21K alerts detected, 50 high-severity alerts created, and 18 actionable findings as a result of IronNet threat investigation and analysis.
“This customer was drawn to IronNet’s superior analytics and threat hunting expertise. Its Global Head of Analytics, Threat Detection, and Insider Program has noted, “IronNet gets high marks in my book for quality detections as well as top notch program management."
Best-in-class analytics
This customer was drawn to IronNet’s superior analytics and threat hunting expertise. Its Global Head of Analytics, Threat Detection, and Insider Program has noted, “IronNet gets high marks in my book for quality detections as well as top notch program management.”
Comprising elite cyber hunters, the IronNet CyOC regularly escalates its findings to the customer’s own SOC team, in turn gathering feedback on findings from the SOC. In the spirit of real-time collaboration, the IronNet-customer relationship engenders unique collective intelligence around correlated detections and provides the human insights needed to allow the SOC to pivot quickly to triage. In fact, the company has tightened security controls and made policy changes as a result of escalations.
In addition to increasing visibility of threats and improving the effectiveness of the SOC, these detection and correlation capabilities help cut down the alert fatigue that plagues many SOC analysts who typically are bombarded by unvetted anomalous activity and false positives. The IronNet analysts investigate and qualify automated detections so the customer SOC can speed up their response to malicious threats and secure the network.
Bringing the vision of Collective Defense to life
Committed to innovation in a typically “status quo” sector, this customer supports the vision of Collective Defense as a member of the Financial and USA IronDome. In fact, many financial institutions understandably question whether Collective Defense undermines their competitive advantage working with competitors in a collaborative way to strengthen security. By contrast, by facing common threat actors as a unified front, collaborators can weaken adversaries who often probe interconnected sectors or ecosystems looking for points of entry. Once in, they move laterally, either seeking to cause destruction or to gain covert access for later use. In this way, Collective Defense is protecting not only this single institution — but the digital economy at large.