INDUSTRY WATCH
ORGANISATIONS IN THE SECTOR ARE USUALLY EARLY ADOPTERS WHEN IT COMES TO THE BEST , MOST EFFECTIVE TECHNOLOGIES AND VENDORS .
Financial institutions are under a constant barrage of targeted cyberattacks from nation states and other threat groups and individual criminals . They have the most to offer in terms of risk , reputation and value , as targets .
But at the same time , they also represent the most heavily fortified targets out there . The financial sector as a whole has made significant investments into cybersecurity . Organisations in the sector are usually early adopters when it comes to the best , most effective technologies and vendors . They have been among the first to adopt Endpoint Detection and Response ( EDR ), ensuring full visibility and quick response . For a hacker to take on a financial institution , is to take a long , serious challenge . That ’ s why there are very few stories about massive hacks in this industry , making it a great role model for other verticals .
Even if a company is using a solution designed to provide endpoint and extended network visibility , the security team is likely flooded with low-context alerts , instead of insight into important incidents .
Security tools that collect reams of endpoint data from a bank ’ s hundreds of thousands of servers and computers , but do not provide root cause analysis or cross-machine correlations , just create more work for security teams , not less . They simply do not provide security analysts with any context on root cause , attack scope and what to do about the alert , triggering a time-consuming process of manually querying across datasets to answer foundational questions . Alert fatigue leads to human errors and delayed responses , making it harder to spot a stealthy threat that is impersonating legitimate user or machine behaviours .
Yossi Naar , Co-founder and Chief Visionary Officer , Cybereason
Now , financial institutions are turning their attention to Extended Detection and Response ( XDR ) as they look to not only secure critical customer data , but their own employees and business reputation , in an industry where trust is essential .
Dealing with the endpoint data deluge and alert fatigue Many Existing Endpoint Protection ( EEP ) tools are simply not equipped to manage today ’ s threat landscape . If threats emerged as single , isolated attacks on a single company device , then financial institutions would have defences in place to mitigate the attacks .
Unfortunately , attacks are not being carried out in this manner . They are coordinated across user identities , devices and endpoints . As such , financial organisations need solutions that can roll with the punches , enable real-time response , and better yet ; anticipate – in order to prevent – the adversary ’ s next move .
Organisations need a new approach to threat detection and response . The approach needs to understand and adapt to the modern enterprise : this includes devices , identities , network and SaaS . Enter XDR .
XDR solutions should provide security teams with not only visibility into potentially malicious activity on endpoints and throughout the network , but also deliver the most salient details on malicious activity that are correlated across all platforms , devices and users that are monitored by the solution .
The advent of XDR means security teams are not bound to protecting organisations using Indicators of Compromise ( IOC ) alone . They can turn to what ’ s known as Indicators of Behaviour ( IOB ) – the more subtle chains of malicious behaviour that can reveal an attack at its earliest stages – which is why they are so powerful in detecting advanced campaigns , such as the recent SolarWinds attacks .
www . intelligentcio . com INTELLIGENTCIO EUROPE 75