As Illusive’s R&D leader, it’s part of my job to be out front understanding the needs of our customers and the broader market. We’re always polling the market to understand what additional pain points deception technology can address. Conversations with our financial services customers this past year turned over a need we hadn’t expected: Can you protect my mainframes?
The risk of an Advanced Persistent Threat (APT)—the possibility of an advanced cyber attacker moving under cover in an enterprise network—keeps CISOs awake at night. But it's making more C-level executives and their board members restless, too, because of the potentially massive damage advanced attacks can cause to business reputations, critical systems, data manipulated or stolen and operations compromised. Boards and senior execs are demanding better accountability and assurances that their organizations are adequately protected.
For multinational banks and other financial services companies, one of the biggest barriers to better security is pure scale. In large environments, where endpoints number in the tens or hundreds of thousands, how can you keep attackers out 7x24x365?
Deception can play a powerful, multifaceted role in helping financial services organizations protect their crown jewels. Our recent post, By Detecting Lateral Movements, Banks Can Get Ahead of Fraud and APTs (Aug. 21, 2017) described how deception is used to combat fraud. In this post, we’ll look at how deception can play a strategic role in defeating insider threats.
Most people in cybersecurity are familiar with the Black Hat conference. But whether you know about Black Hat Arsenal depends on how involved you are in the bits and bytes of information security. Some regard Arsenal as one of the best features of the conference. According to the web site, Arsenal allows “independent researchers and the open source community [to] showcase their latest open-source tools and products” in a relaxed, demo-style setting.
In 2016, the wire transfer fraud attack on Bangladesh Bank commanded huge headlines and resulted in cyber criminals stealing a whopping $81 million. It could have been worse; the massive “take” was interrupted not by IT security technologies, but by human vigilance. A watchful employee saw a spelling error in a transfer message and alerted an investigation team.