How security professionals in financial services can more effectively monitor endpoints to help them find and remediate threats.

In some ways, enterprise security can resemble a true crime television series in which detectives seek out clues and meticulously piece them together to identify and catch the bad guys.

This works as a metaphor for the traditional approach to endpoint security. Security professionals monitor endpoints looking for anomalies and clues that will help them find and remediate threats. 

For the financial services industry especially, detecting malicious actors has never been more important: The 2019 Verizon DBIR shows us that 71% of breaches were financially motivated, and it’s no secret that financial data is one of the most attractive targets for hackers. 

Cyberattacks in the financial services sector have grown by a staggering 80% between 2016 and 2017, resulting in a 57% rise in the cost of cyber-attacks for these financial firms. Accenture estimates an average loss of $18 million per year at financial services institutions. Compliance costs and risks are also growing with data protection regulations like the European General Protection Regulation (GDPR).  

However, while it is still critical to be able to quickly detect a breach, isolate the incident and take the correct remedial action, these talents are no longer sufficient.

We need bidirectional endpoint security

The language of a breach may seem to be taken directly from an espionage thriller, with language like threat vectors, kill chains, command-and-control and ex filtration in common usage.

However, this is not the plot of the newest movie blockbuster, but a reality of today’s enterprises that face damaging and long-term effects from undetected security breaches. 

With almost 20% of consumers and organizations unaware that they have been breached, a cycle of ambivalence is repeated where personal information and digital identities remain unprotected and exposed to malicious hackers. This is a likely consequence to challenges that security teams face today, in which they are drowning in an overwhelming number of endpoints, whether they be PCs, laptops, server, tablets or smartphones. Almost 45% of security teams are managing 5,000 to 500,000 separate endpoints, making it difficult to secure all of them properly.

In addition, the nature of threats continues to morph. Along with malware, enterprises have to deal with the likes of injection attacks, rootkits, DNS attacks and zero-day exploits. It has been a long time since a corporate firewall was enough to protect networks. Now, we need to rely on a wide range of capabilities including malware detection, user and endpoint behavior analysis, system memory analysis and sandboxing, where security professionals can safely run a suspicious app or file away from any corporate network.

In order to address the changing threat landscape, we need to change our thinking and capabilities for endpoint security. Previously, security teams focused on what happens to the right of the endpoint—the effects of a breach within a corporate network. Today, we have to include what happens to the left—what the attackers are doing and how they are doing it.

Virtues of active 360° threat detection

Security teams within the financial sector have to move beyond the detection and remediation of breaches that have already occurred and to be able to address active breaches as they happen. Adding active breach detection to the digital forensic and incident response (DFIR) capabilities within endpoint protection platforms will provide a comprehensive end-to-end threat detection and resolution.

This will give teams the capability to instantly identify and report breach signals like lateral movement through their systems, command-and-control, malware installation and data exfiltration. With this, they will be able to orchestrate and automate incident response with threat-soaring, validation, tracking and quick remediation. Advanced detection solutions with a 360-degree approach will introduce active breach detection at scale. 

Regardless whether a security professional is managing 5,000 or 500,000 endpoints, this approach will grant full visibility and if a breach does occur, the forensic work doesn’t have to concentrate on a small number of endpoints but can include every endpoint on the network.

Early endpoint detection eases your compliance risk

With an increasing number of customers worried about data privacy and sharing, new data protection regulations are also beginning to bite across the globe. Perhaps the highest profile is the GDPR legislation in Europe that affects any company with customers in the European Union. EU regulators have promised to impose huge fines for companies that do not properly protect the personal data they hold and that is exactly how things are turning out.

For example, late last year, Tesco Bank in the UK was fined $21.7 million for failing to protect the details of current account holders. By implementing 360-degree threat detection, financial services companies can detect active breaches early and be proactive before breaches cause any damage or expose personal data. 

Rather than just alerting users about an attack that has just taken place, the all-round approach will allow teams to block the process and learn from an attacker’s behavior to prepare for future threats. This will result in being able to put a stop to the problem before it reaches a level no one wants to get to: having to notify the authorities and your customers that an incident has occurred. 

As the threats attacking financial services institutions become more complex and endlessly iterative, it is important that endpoint security programs evolve to not only meet these threats, but to also take advantage of the increased data and insights we procure.

This is even more important in sectors that are not only highly targeted, but also involve protecting thousands of endpoints. Ensuring teams are empowered to address active breaches as they happen is a key step in continuously improving the cybersecurity posture of businesses in key industries.