Organizations in the finance industry are constantly at risk of being victims of a data breach, from both the inside and outside. Due to the potential financial value of the data held in these organizations, it’s important that IT teams stay up to date with new technologies that could help in the fight against data breaches. Below I’ve briefly outlined eight technologies which could help you bolster the security of your IT environment.
1. Remote Browser
A remote browser works by isolating a user’s browsing session from the network/endpoints to prevent browser-based malware attacks. Each time a user initiates a browsing session or opens a tab/URL, the server session will be reset to any known good state.
2. Deception Technologies
Deception technologies work by setting up traps (honeypots) that imitate valuable assets. They can imitate files, folders, applications, databases, servers, endpoints, and the network itself. When the attacker attempts to access one of these assets, an alarm will go off, thus indicating that a breach may have occurred. Deception technologies are becoming increasingly popular in the financial services sector.
3. Endpoint Detection and Response (EDR)
EDR solutions monitor endpoints for indications of suspicious behaviour. For example, IBM Trusteer Rapport, used by HSBC, NatWest, and many more, is an advanced EDR which offers:
- Automatic Phishing Detection and Protection
- Financial Malware Protection
- Endpoint Malware Remediation
- Global Threat Intelligence Service
- Protection From New Phishing Tactics
4. Network Traffic Analysis (NTA)
NTA solutions monitor network traffic, including flows, connections, objects and packets, to help identify suspicious behaviour. They can scan entire networks to identify software vulnerabilities, unpatched or unlicensed applications, as well as provide alerting, event handling and reporting.
5. Event Detection and Reporting
Solutions such as LepideAuditor, enable institutions to detect, alert and respond to suspicious events. Such events include changes made to privileged security groups, critical files and folders, account modifications and deletions, privileged mailbox access and other objects. Additionally, you can detect and manage inactive user accounts, and automate the process of reminding users to reset passwords. LepideAuditor is capable of generating over 300 pre-set reports, which can help satisfy regulatory compliance requirements.
Microsegmentation is a technology that splits data into logical segments, which serves to prevent attackers from being able to easily move laterally across the network.
7. Software-Defined Perimeters (SDP)
SDP is a security framework that ensures all endpoints must be authenticated and authorized (via a cloud service) before they can access certain parts of the infrastructure. Until a device has been authorized, certain parts of the infrastructure will be completely hidden. SDP can help mitigate the most common network-based attacks.
8. Threshold Alerting
Ransomware attacks are becoming increasingly more frequent, sophisticated and severe. The problem with ransomware attacks is that they are very hard to prevent. After all, if a naive user decides to download a malicious email attachment, what can we do to stop them? This is where threshold alerting comes into play. Threshold alerting doesn’t prevent an attack from occurring, but instead spots it, and stops it in its tracks before it can spread and cause more damage. Threshold alerting works by detecting anomalous events that match a pre-defined threshold. For example, if X number of Y events occur during Z period of time, you can automatically execute your own custom script that may do the following:
- Stop a specific process
- Disable a user account
- Change the Firewall settings
- Shut down the entire server
Custom scripts can perform the above and many other preventive actions.