Industry Trends

Why the Financial Sector Needs to Focus on Automating Threat Intelligence

By Bill Hogan | September 12, 2017

Cybercriminals have challenged security professionals across industries to create updated and sophisticated security protocols to match the volume of equally sophisticated malware attack vectors being directed at them. This is especially true for cybersecurity at financial institutions.

A recent study has found that the financial services sector is attacked 65 percent more than any other vertical, with more than 200 million records breached in 2016. As cyberattacks become more frequent, executives have increased spend on cybersecurity solutions.

However, the volume and capabilities of the attacks on financial institutions mean that simply adding more one-off security solutions to the stack will not be sufficient to detect and respond to data breaches. Rather, in addition to implementing network and perimeter defenses, financial services firms have to provide context to this technology, generated by real-time threat intelligence.

Benefits of Threat Intelligence

Threat intelligence refers to the collection and analysis of data, derived from both local and global sources, to inform and define the threat landscape related to your specific business. In order to protect critical information and functions, you have to understand the threats to which your networked devices and resources are susceptible. This is where threat intelligence comes in.

By analyzing the data produced across your network and systems, you can:

  • Better determine which of your data and devices are at the highest risk
  • Learn the most popular attack vectors targeting these resources
  • Filter out false positives
  • Find the most efficient, effective way to protect your information

In a perfect world, high-tech security solutions would be combined with all of the pertinent threat intelligence available to the financial services industry to ensure the end of data breaches. However, this remains impossible as much of this data cannot be effectively correlated or acted upon by the variety of security tools deployed across your network. While it is widely understood across the financial services industry that threat intelligence is necessary, banks and other institutions do not just need threat intelligence. They need actionable threat intelligence. 

Too Much Threat Intelligence Can Be Counter Productive

There is no shortage of data from which to glean information about cyber risks. However, just as with with cyberattacks, the sheer volume of threat intelligence creates a problem in and of itself, as this data does not always come in an easily decipherable format. Rather, each bit, byte, packet, etc. must be assessed and formatted in a way that insights can be understood and acted upon in a reasonable amount of time. In addition, much of it is redundant, may not apply to your circumstances, or far too often, is of questionable value. Correlating, sorting, deduplicating, and filtering this information often takes more time and resources than are available.

This immense amount of data also often means that potentially important intelligence can be overlooked, while false positives consume valuable resources. According to a recent survey, even as organizations employ greater security solutions, 74 percent say that security events and alerts are often ignored as staff cannot keep up with the enormous volume. Additionally, cybercriminals are building automation into malware and other cyber threats to make them smarter, more effective and efficient, and harder to detect. Which means that the viable response time to attacks is getting shorter.

Speeding up Actionable Threat Intelligence with Automation

Threat intelligence can have an enormously positive impact on financial institutions as they try to stay a step ahead of cybercriminals. However, just as criminals have automated the process of finding vulnerabilities, financial institutions now must focus on the automation of threat intelligence to inform security updates as quickly as possible. Automating threat intelligence will ensure that important security alerts or events rise to the top, thereby optimizing security resources with the most up to date information on what is occurring within your network and outside of it.

Modern threat intelligence also needs to include machine and deep learning that can be scaled across an entire integrated security system, rather than to isolated security platforms. A single integrated security framework allows granular visibility into your entire distributed network, and enables you to automate a coordinated threat response across your entire security infrastructure.

Automation with the Fortinet Security Fabric

The Fortinet Security Fabric provides this exact functionality. The Security Fabric gives security teams visibility into all areas of the network including user and IoT endpoints, applications, cloud environments, access points, core resources, and beyond. Each security tool deployed within the fabric contributes and shares actionable threat intelligence with one another in real-time. This fabric of information connects one suspicious event with other alerts that verify an attack, then recommends or implements coordinated remediation. As an example, a security alert at the network level can cause signatures to be updated and distributed to the endpoint and edge devices, rogue devices to be isolated, and new access rules to be distributed to segmentation firewalls.

As machine learning, AI, and robust threat intelligence become more commonplace among security solutions, having an integrated security architecture in place will be necessary to leverage the insights from these tools. It can be resource intensive to make this intelligence actionable, which is why financial services firms must focus on building a security architecture that allows for the automated analysis and distribution of actionable threat intelligence across an integrated system of security solutions. Once this intelligence has been deployed locally, the next step is to share it across the industry to ensure security solutions can be prepared to detect new and evolving threats for the entire connected industry.

Let’s get a conversation going on Twitter! How does your organization process and act upon threat intelligence?