Upload
others
View
8
Download
0
Embed Size (px)
Citation preview
FINANCIAL SECTOR USE CASE
USING TARGETED CYBER THREAT INTELLIGENCE TO REDUCE THE LEVEL OF CYBER RISK CHALLENGING A MAJOR BANK
I M P R O V E YO U R C Y B E R T H R E AT V I S I B I L I T Y
The case study explains the following �ve key outcomes of RS1’s investment in the Blueliv CTIP:
SUMMARYThis case study focuses on a large global bank facing a common challenge. The bank will be referred to as RS1 for the purposes of anonymity. The case study explains how RS1 reduced the amount of resource and time spent identifying threats and attacks targeting the bank and its online customers by integrating advanced and relevant threat intelligence.
As a result, the bank became better equipped to protect its own internal infrastructure from attacks and potential threats. The Blueliv Cyber Threat Intelligence Platform (CTIP) also enabled the organization to pro-actively identify potential and actual attacks targeting colleagues and customers. The Blueliv CTIP enabled the bank to protect its internal infrastructure from attacks and threats as well as identify attacks targeting its online banking customers with just one single solution.
The bene�ts of acquiring actionable threat intelligence speci�cally relevant to RS1 and its core cyber security concerns
Reduction in the time taken to identify compromised customer accounts
Increased ef�ciency in identifying compromised internal assets
More effective use of internal resources to identify external threats
Less data sources required to process more targeted threat intelligence
1
2
3
4
5
.
.
.
.
.
.
.
INDUSTRY
Financial services
CHALLENGE
Inef�cient management of multiple generic threat intelligence sources
BACKGROUND
Despite extensive threat data analysis, RS1 was repeatedly suffering from data breaches targeting the corporate network that the feeds were failing to detect. The bank’s customers and long-established reputation were impacted each time a breach occurred.
SOLUTION
Cloud-based Blueliv Cyber Threat Intelligence Platform con�gured and deployed within two working days
Results generated immediately after setup process complete
Coverage of a wider range of cyber threats obtained by using multiple threat intelligence modules
RESULTS
Incident response times reduced
Fewer resources required to manage and action cyber threat intelligence data Faster detection of unknown internal breaches and compromised customer accounts
Enhanced intelligence delivered at a lower unit cost
FINANCIAL SECTOR USE CASEUSING TARGETED CYBER THREAT INTELLIGENCE TO REDUCE THE LEVEL OF CYBER RISK CHALLENGING A MAJOR BANK
I M P R O V E YO U R C Y B E R T H R E AT V I S I B I L I T Y www.blueliv.com
CHALLENGEHistorically, the bank was using multiple vendors and threat data feeds to try to meet the needs of multiple internal stakeholders. This caused a number of additional complexities because the intelligence from these different vendors was owned and managed in silos. Vital links between the various intelligence sources were being overlooked. Furthermore, Incident Response and Threat Intelligence Analyst teams were working in isolation and lacked the processes required to share and correlate intelligence across teams globally. Individuals were managing different sets of vendor data within teams, causing further fragmentation.
An equally important stumbling block for RS1 was that much of the data supplied by their existing vendors was generic and un�ltered, leaving RS1 blind to the cyber threats targeting the brand and its internal network infrastructure. The business was unable to qualify the level of protection applied to the organization’s information assets, colleagues and customers and therefore the resilience of their overall cyber security strategy. The ROI from the acquisition of multiple feeds was unclear and beginning to in�uence future cyber security budget decisions.
BACKGROUNDThroughout 2015, the bank acquired a signi�cant amount of generic intelligence data from multiple sources. Despite extensive threat data analysis, RS1 was repeatedly suffering from data breaches targeting the corporate network that the feeds were failing to detect. The bank’s customers and long-established reputation were impacted each time a breach occurred.
The bank was also struggling to manage multiple vendors, none of which were offering a more holistic solution. RS1 was particularly challenged in its ability to respond to an increasingly wide range of threats targeting the �nancial sector. This disjointed intelligence gathering operation meant existing security measures were not enough to prevent attacks.
FINANCIAL SECTOR USE CASEUSING TARGETED CYBER THREAT INTELLIGENCE TO REDUCE THE LEVEL OF CYBER RISK CHALLENGING A MAJOR BANK
I M P R O V E YO U R C Y B E R T H R E AT V I S I B I L I T Y www.blueliv.com
SOLUTIONRS1 selected Blueliv for our unique approach having conducted thorough market research on a range of threat intelligence tools currently available. The Blueliv CTIP delivered �ltered and concise intelligence that identi�ed breaches inside and outside of the corporate network, as well as risks threatening the security of their online banking customers.
The Blueliv platform allowed teams across different locations to view global threat data through a single plane of glass. Disjointed ways of working and siloed operations were signi�cantly reduced in a very short space of time. Resource spread across an international organization structure started to function as one central team, exchanging real-time threat intelligence at a local and global level.
The Blueliv CTIP introduced the ability for RS1 to identify compromised customer accounts, internal accounts and compromised IPs regardless of status or location. RS1 also retrieved intelligence on rogue mobile apps, stolen credit cards, targeted malware threatening their brand assets and reputation. The cloud-based solution meant set-up and integration was a simple process and required no onsite installation.
Automated cyber threat intelligence aggregated by the Blueliv CTIP enabled RS1 to process and analyse a much greater volume of data relevant to the bank. TI Analysts teams saw performance increase and were able to reduce the amount of time spent on manual tasks.
Over the course of 12 months, the client was able to identify and mitigate threats with greater ef�ciency versus the previous year period. Resource was allocated much more effectively, focusing on responding to threats faster. Previously, manual threat data analysis was complex, time-consuming and resource-hungry. This amounted to notable cost savings associated to consolidating fragmented processes into one global source of cyber threat intelligence.
RESULTS
Faster detection of internal breaches and compromised customer accounts led to reduction in incident response times
Fewer resources required to manage and action cyber threat intelligence data
Increased volume and technical capacity of threat intelligence processed
Enhanced intelligence delivered at a lower unit cost
FINANCIAL SECTOR USE CASEUSING TARGETED CYBER THREAT INTELLIGENCE TO REDUCE THE LEVEL OF CYBER RISK CHALLENGING A MAJOR BANK
I M P R O V E YO U R C Y B E R T H R E AT V I S I B I L I T Y www.blueliv.com
Blueliv is a leading cyber threat intelligence provider with a world-class in-house Labs team. We scour the web, the dark web and the deep internet to deliver fresh, automated and actionable threat intelligence to organizations across multiple industries to protect their networks from the outside in.
Blueliv is committed to thinking differently and doing differently: from the outside in. Our mission is to deliver a solution that shapes the future of cyber security and changes the way we do things, for the better.
BARCELONA – SAN FRANCISCO – LONDON
ABOUT BLUELIV
Get in touch with [email protected] to talk to one of our experts or book a demo.
Our scalable cloud-based platform turns global threat data into actionable intelligence, enabling organizations to save time and resource by improving their incident response performance and empowering their Security Operations team with real-time intelligence. Quantify and qualify malicious attack vectors with our plug and play MRTI feed; delivered in STIX/TAXII standard, integration is easy. Start
cybercrime today.
In 2015 Blueliv achieved ‘Cool Vendor’ status with Gartner and is a 2016 winner of Go Ignite.
Join the Blueliv Threat Exchange Network: www.community.blueliv.com/#!/discover
twitter.com/bluelivFOLLOW US: linkedin.com/company/blueliv
Copyright © 2017 Blueliv is a Leap in Value Brand For more information, visit www.blueliv.com