FINANCIAL SECTOR USE CASE

USING TARGETED CYBER THREAT INTELLIGENCE TO REDUCE THE LEVEL OF CYBER RISK CHALLENGING A MAJOR BANK

I M P R O V E YO U R C Y B E R T H R E AT V I S I B I L I T Y

The case study explains the following �ve key outcomes of RS1’s investment in the Blueliv CTIP:

SUMMARYThis case study focuses on a large global bank facing a common challenge. The bank will be referred to as RS1 for the purposes of anonymity. The case study explains how RS1 reduced the amount of resource and time spent identifying threats and attacks targeting the bank and its online customers by integrating advanced and relevant threat intelligence.

As a result, the bank became better equipped to protect its own internal infrastructure from attacks and potential threats. The Blueliv Cyber Threat Intelligence Platform (CTIP) also enabled the organization to pro-actively identify potential and actual attacks targeting colleagues and customers. The Blueliv CTIP enabled the bank to protect its internal infrastructure from attacks and threats as well as identify attacks targeting its online banking customers with just one single solution.

The bene�ts of acquiring actionable threat intelligence speci�cally relevant to RS1 and its core cyber security concerns

Reduction in the time taken to identify compromised customer accounts

Increased ef�ciency in identifying compromised internal assets

More effective use of internal resources to identify external threats

Less data sources required to process more targeted threat intelligence

1

2

3

4

5

.

.

.

.

.

.

.

INDUSTRY

Financial services

CHALLENGE

Inef�cient management of multiple generic threat intelligence sources

BACKGROUND

Despite extensive threat data analysis, RS1 was repeatedly suffering from data breaches targeting the corporate network that the feeds were failing to detect. The bank’s customers and long-established reputation were impacted each time a breach occurred.

SOLUTION

Cloud-based Blueliv Cyber Threat Intelligence Platform con�gured and deployed within two working days

Results generated immediately after setup process complete

Coverage of a wider range of cyber threats obtained by using multiple threat intelligence modules

RESULTS

Incident response times reduced

Fewer resources required to manage and action cyber threat intelligence data Faster detection of unknown internal breaches and compromised customer accounts

Enhanced intelligence delivered at a lower unit cost

FINANCIAL SECTOR USE CASEUSING TARGETED CYBER THREAT INTELLIGENCE TO REDUCE THE LEVEL OF CYBER RISK CHALLENGING A MAJOR BANK

I M P R O V E YO U R C Y B E R T H R E AT V I S I B I L I T Y www.blueliv.com

CHALLENGEHistorically, the bank was using multiple vendors and threat data feeds to try to meet the needs of multiple internal stakeholders. This caused a number of additional complexities because the intelligence from these different vendors was owned and managed in silos. Vital links between the various intelligence sources were being overlooked. Furthermore, Incident Response and Threat Intelligence Analyst teams were working in isolation and lacked the processes required to share and correlate intelligence across teams globally. Individuals were managing different sets of vendor data within teams, causing further fragmentation.

An equally important stumbling block for RS1 was that much of the data supplied by their existing vendors was generic and un�ltered, leaving RS1 blind to the cyber threats targeting the brand and its internal network infrastructure. The business was unable to qualify the level of protection applied to the organization’s information assets, colleagues and customers and therefore the resilience of their overall cyber security strategy. The ROI from the acquisition of multiple feeds was unclear and beginning to in�uence future cyber security budget decisions.

BACKGROUNDThroughout 2015, the bank acquired a signi�cant amount of generic intelligence data from multiple sources. Despite extensive threat data analysis, RS1 was repeatedly suffering from data breaches targeting the corporate network that the feeds were failing to detect. The bank’s customers and long-established reputation were impacted each time a breach occurred.

The bank was also struggling to manage multiple vendors, none of which were offering a more holistic solution. RS1 was particularly challenged in its ability to respond to an increasingly wide range of threats targeting the �nancial sector. This disjointed intelligence gathering operation meant existing security measures were not enough to prevent attacks.

FINANCIAL SECTOR USE CASEUSING TARGETED CYBER THREAT INTELLIGENCE TO REDUCE THE LEVEL OF CYBER RISK CHALLENGING A MAJOR BANK

I M P R O V E YO U R C Y B E R T H R E AT V I S I B I L I T Y www.blueliv.com

SOLUTIONRS1 selected Blueliv for our unique approach having conducted thorough market research on a range of threat intelligence tools currently available. The Blueliv CTIP delivered �ltered and concise intelligence that identi�ed breaches inside and outside of the corporate network, as well as risks threatening the security of their online banking customers.

The Blueliv platform allowed teams across different locations to view global threat data through a single plane of glass. Disjointed ways of working and siloed operations were signi�cantly reduced in a very short space of time. Resource spread across an international organization structure started to function as one central team, exchanging real-time threat intelligence at a local and global level.

The Blueliv CTIP introduced the ability for RS1 to identify compromised customer accounts, internal accounts and compromised IPs regardless of status or location. RS1 also retrieved intelligence on rogue mobile apps, stolen credit cards, targeted malware threatening their brand assets and reputation. The cloud-based solution meant set-up and integration was a simple process and required no onsite installation.

Automated cyber threat intelligence aggregated by the Blueliv CTIP enabled RS1 to process and analyse a much greater volume of data relevant to the bank. TI Analysts teams saw performance increase and were able to reduce the amount of time spent on manual tasks.

Over the course of 12 months, the client was able to identify and mitigate threats with greater ef�ciency versus the previous year period. Resource was allocated much more effectively, focusing on responding to threats faster. Previously, manual threat data analysis was complex, time-consuming and resource-hungry. This amounted to notable cost savings associated to consolidating fragmented processes into one global source of cyber threat intelligence.

RESULTS

Faster detection of internal breaches and compromised customer accounts led to reduction in incident response times

Fewer resources required to manage and action cyber threat intelligence data

Increased volume and technical capacity of threat intelligence processed

Enhanced intelligence delivered at a lower unit cost

FINANCIAL SECTOR USE CASEUSING TARGETED CYBER THREAT INTELLIGENCE TO REDUCE THE LEVEL OF CYBER RISK CHALLENGING A MAJOR BANK

I M P R O V E YO U R C Y B E R T H R E AT V I S I B I L I T Y www.blueliv.com

Blueliv is a leading cyber threat intelligence provider with a world-class in-house Labs team. We scour the web, the dark web and the deep internet to deliver fresh, automated and actionable threat intelligence to organizations across multiple industries to protect their networks from the outside in.

Blueliv is committed to thinking differently and doing differently: from the outside in. Our mission is to deliver a solution that shapes the future of cyber security and changes the way we do things, for the better.

BARCELONA – SAN FRANCISCO – LONDON

ABOUT BLUELIV

Get in touch with sales@blueliv.com to talk to one of our experts or book a demo.

Our scalable cloud-based platform turns global threat data into actionable intelligence, enabling organizations to save time and resource by improving their incident response performance and empowering their Security Operations team with real-time intelligence. Quantify and qualify malicious attack vectors with our plug and play MRTI feed; delivered in STIX/TAXII standard, integration is easy. Start

cybercrime today.

In 2015 Blueliv achieved ‘Cool Vendor’ status with Gartner and is a 2016 winner of Go Ignite.

Join the Blueliv Threat Exchange Network: www.community.blueliv.com/#!/discover

twitter.com/bluelivFOLLOW US: linkedin.com/company/blueliv

Copyright © 2017 Blueliv is a Leap in Value Brand For more information, visit www.blueliv.com