Secure Financial Data by Weaving a Web of Deception

Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...

Financial Data

Today's technically superior and incredibly well-funded hackers aren't impeded by breach prevention and traditional security solutions used in financial services organizations, but by using advanced and field-proven deception-based technology, financial firms can go on the offensive—taking the fight to the hackers until they are shut down, the author writes.

Yoel  Knoll

By Yoel Knoll

Yoel Knoll is the vice president of marketing at TopSpin Security Inc.

Today's technically superior and incredibly well-funded hackers are not impeded by breach prevention and traditional security solutions used in financial services organizations. Security professionals have accepted that no matter how hard their teams try, it is nearly impossible to keep hackers out of a financial firm's network.

Industry research supports these presumptions. Financial services is an attractive and lucrative target for attackers. According to research by the Ponemon Institute, last year within financial services, 83 percent organizations experienced more than 50 attacks per month.

Although sophisticated perimeter-based solutions are still the mainstay of financial organizations' security efforts, firms are turning attention and resources away from trying to keep hackers out and toward simply ensuring that all data is safe from intruders. Doing so involves preparing proactive security plans for the inevitable presence of hackers in the network. And in today's complex security climate, more financial organizations are choosing deception solutions as an approach to meet these challenges.

How can financial firms leverage deception-based network security to keep sensitive data safe? Here are three basic steps:

1. Build Offensive Security Postures

To keep financial and client data safe, an intruder must not be able to gain access to any real private information. That sounds obvious, but what is not so clear is how to accomplish this goal. Financial firms should choose a deception solution that enables them to go on the offensive. This means actively hunting attackers, leading them into decoys, and preventing them from reaching actual company data.

Advanced deception systems also provide useful data about the attackers, proactively developing intelligence to find their command and control systems, understand how the connection is established and what protocols are being used. The threat intelligence and visibility generated by drawing the attacker in rather than simply attempting to repulse the attack enables teams to understand the goals of the attacker—preventing not only the current single attack, but also future attacks.

2. Correctly Place Traps

To keep data safe, traps need to be placed correctly in the financial network. Deception solutions with smart monitoring and analysis of the network traffic allow organizations to profile their assets and create an accurate model of their network. Then, they can overlay the network with a deception layer that fits their unique characteristics. There must be enough traps deployed for a hacker to trigger, and enough relevant decoys that look appealing and realistic. For example:

  •  an asset that appears to be an organization's server, but is really an emulated service made to lure and trap the attacker;
  •  a network device that appears to be a camera or a printer, but is really a decoy;
  •  an asset that appears to be running tools known to be prone to security issues, but instead confuses an attacker;
  •  a password hidden in an e-mail that, when used, attracts the attention of defenders;
  •  cookies directing the attacker to a URL which is in fact an internal web site.

In addition, deception technology must be able to actively adjust itself to changing financial network environments, moving decoys and setting traps automatically as networks evolve. This can be achieved only by constantly monitoring network traffic to adjust to changing networks and protect new assets that are introduced.

3. Weave Your Web of Deception

With correctly and strategically placed traps and decoys, hackers find themselves looking for financial information in decoys, literally stuck in a false network of fake information. Unknowingly caught in a web of deception, the hacker never fully accesses the real network.

The longer hackers need to look for information, the more time the organization has to stop them and ensure the security of their data. Moreover, in keeping with the concept of an offensive security posture, the longer a hacker engages with a decoy system, the more information can be gathered about the attack, its targets and even its origin. Then, according to the financial firm's incident response and remediation program, teams can take actions such as isolating the infected asset, blocking internet protocol addresses utilized by the attackers and deleting or disabling the process used to launch the attack.

The Bottom Line

Accepting the futility of prevention-based and traditional defense in financial services is the first step to data security. And once financial organizations agree that hackers will get in, the question is: Do we act or react? By using advanced and field-proven deception-based technology, financial firms can go on the offensive—taking the fight to the hackers until they are shut down.

Copyright © 2016 The Bureau of National Affairs, Inc. All Rights Reserved.

Request Bloomberg Law Privacy and Data Security