Cb Connect 2018 | Power of You | Register Now

Excerpts from Modern Bank Heists – Data Gathering

Rick McElroy
July 5, 2018 / Tom Kellermann , Rick McElroy

Carbon Black recently published a report on how to gather data to improve the security posture of your enterprise. For more information about how Cb Defense, Carbon Black’s NGAV + EDR solution, helps enterprises address their endpoint security challenges, check out our weekly Cb Defense Live Demo, every Wednesday at 2PM EST, 11AM PST.

Modern Bank Heists

Cyberattacks & Lateral Movements in the Financial Sector

Data Gathering

Given these trends, modernizing defense in depth is imperative to preserve a high-functioning cybersecurity posture. The technological dependency of financial institutions to internet-based platforms has dramatically increased the industry’s exposure to reputation, market and operational risks. The major gaps for many of these institutions revolve around visibility and time to detection. This is particularly troubling as it pertains to deterring an attacker’s ability to move laterally within an enterprise post breach.

Financial institutions should aim to improve situational awareness and visibility into the more advanced attacker movements post breach. This must be accompanied with a tactical paradigm shift from prevention to detection. The increasing attack surface, coupled with the utilization of advanced tactics, has allowed attackers to become invisible. Decreasing dwell time is the true return on investment for any cybersecurity program.

Data Required to Curb Attacker Lateral Movement

Financial Institutions must have five sets of data specific to lateral movement in order to close the gap and reduce risk through rapid detection/response (this begins and ends on the endpoint):

  • High-fidelity telemetry to discern when adversaries are active in the network and on devices.
  • Correlated lateral movement telemetry with other sensors, such as egress monitoring.
  • Developing a comprehensive near-real-time “sight picture” of attacker behavior specific to internal movement and external command and control channels.
  • Rapid acquisition and automated analysis of attacker tools (and indicators of compromise), which can be vetted and communicated to existing control mechanisms through integrated workflows for automated response and defense.
  • Deploying predictive analytics to anticipate cybercriminals’ movements.




Listen to our security experts at Carbon Black and Network Security Engineer Christopher St. Amand at PeoplesBank during a recent webinar where we discussed the benefits of cloud-based security platforms and how they apply to your specific needs.

Watch Now

Thanks for joining us as we explored “Modern Bank Heists,” our report on the changing landscape of cybercrime in the financial sector and how to arm your institution against a breach. You can click here to get a copy of the full report. Join us next week as we continue to profile this report.

TAGS: endpoint security / Excerpts / incident response / threat research