Advanced Threat Protection: Keeping Financial Institutions' Data Safe With online and mobile banking taking over the financial services industry, it’s becoming increasingly difficult for financial institutions to defend themselves from all of the data threats out there. As a result, financial institutions are searching for new technologies and methods to keep client data safe and protected. In fact, IDC predicts that IT spending worldwide will grow from $2.4 trillion to $2.7 trillion over the next three years, and financial institutions will be the main contributor to this increase. As more and more financial institutions expand their IT budget, it’s important they know what options they can implement to increase security and protect financial data. One of the best ways to do that is through Advanced Threat Protection (ATP). What is ATP? ATP is a combination of different security solutions designed to prevent cyberattacks, malware, and hackers from stealing private and sensitive data. There are some differences in ATP solutions, depending on the company, but the most common solutions include: Network devices. Email gateways. Centralized management platform. Malware protection. Endpoint agents. How Does ATP Work? The following is taken from a Fortinet article titled, “How Advanced Threat Protection Can Help Protect Financial Data.” Prevent One of the best ways to defend against malware and other prominent threats in the financial services industry is to limit the surface area while controlling access to valuable data up front. Organizations should only grant access to those that truly need it, and be sure to validate any and all devices that are granted network access. Next, advanced threat protection frameworks utilize technologies like anti-phishing, antivirus, and application control to prevent breaches. Antivirus solutions may be the most critical to ATP as it’s common to all components of the framework. Powerful ATP solutions also feature signature detection technology that can identify mutated variants of traditional signatures to better detect malware. With this capability, they’re able to catch thousands of new variants and stop them in their tracks in real time, whether the threat originates via email, file transfer, or web browsing. Detect Gone are the days of predictable attack methods. The cyber criminals targeting the financial services industry today are smart, and they’re finding new and unique ways to get into the financial services network. For this reason, organizations need to have a framework in place that can detect brand new threats and add them to the shared intelligence database. ATP frameworks typically utilize sandboxing as a way to test unknown items in a secured environment and analyze how they behave. Thanks to this method, IT teams are able to turn previously unknown items into known threats before they become an issue. If an item is deemed to be malicious it is passed along to other parts of the ATP framework, and the resulting threat intelligence is passed along to other products. Mitigate After a threat has been identified, it’s important for it to be immediately mitigated. Advanced threat protection solutions can automatically handle threats by sharing intelligence between prevention and detection products. They can also be handled via “assisted mitigation,” which is a combination of technology and people working together as a cohesive unit. Once malware has been detected, a three-step process comes into play to successfully mitigate: Containment: Today’s network “perimeter” is very hard to define because of the cloud and IoT. With an ATP framework, organizations can segment networks based on criteria like user identity, device type, and location. With this strategy, the movement of an attack is limited and the likelihood of it impacting other parts of the network is greatly reduced. Analysis: When a breach occurs, the malware needs to be analyzed and added to all systems so it becomes a known entity. Memory: After the malware has been added to the systems, it’s then stored and fed back to all other products as a critical update. Why is ATP Needed? Symantec reports that a financial company that is attacked once is very likely to be attacked again. In fact, every large organization that was attacked had a total of 3.6 successful attacks. The report went on to say that cyberattacks are on the rise, especially for businesses with less than 250 employees. This shows that hackers are targeting organizations of all sizes, not just large ones. As cyberattacks continue to increase, cybersecurity and solutions like ATP are becoming even more essential for financial institutions that want to bolster security efforts and minimize risk. Would your financial institution benefit from a solution like ATP? Rob Griffith Rob Griffith is an Account Executive for Aureon, focusing his attention to the Aureon Technology business unit. Over the past 8 years Rob has worked exclusively with small to midsize businesses with an emphasis on the banking vertical. His focus has been helping companies with data center strategy, security and compliance.