A Layered Approach
IT security should be a financial institution’s top priority. Are you protecting every layer?
Avoid the noise with qualified alerting
Easily run detailed or summarized reports
Know that your devices are always up to date
Machine learning protection
- Situationally block access to any external port. This guards your sensitive data better than relying on the honor system.
- Meet the requirements of the FFIEC, which asks financial institutions to “restrict the use of removable media to authorized personnel” (IT Cybersecurity Handbook).
Advanced Endpoint Protection
- Fileless malware detection – Malware that lives in system memory may not actually be downloaded or installed on the machine. Most traditional anti-malware and anti-virus products work by scanning files on an endpoint. If the malware lives in memory and not as a file on the machine’s hard drive, those solutions are not able to see or analyze the threat.
- Anti-Ransomware - Ransomware is one of the scariest forms of malware. It can make your data unusable and then charge a fee to get your data back. It is popular as there is money to be made by infecting computers. Using advanced mechanisms like monitoring popular ransomware activities, such as Volume Shadow Copy manipulation, to identify and stop these types of malware are critical to a good cybersecurity plan.
- "Living off the Land" - More and more attackers are employing a technique known as “Living off the Land” where they use local software to perpetrate their attack. Tools like Powershell, WScript, and CScript are continually evaluated for nefarious behavior.
- Sandboxing – Suspicious or unknown executable files are sent to the cloud and detonated in a secure environment. Alerts will be generated for files that exhibit malicious behavior, and the files quarantined.
- Root Cause Analysis – Advanced Endpoint Protection continually watches the process, registry, and network activity of endpoints. When Advanced Endpoint Protection identifies malicious activity, the scope of this activity can be seen and evaluated more easily than traditional antivirus solutions. This may mean the difference in having to declare an incident and identifying a piece of malware with no long-term harm to the institution.
Yes and No. Over the years the name “anti-virus” has remained a common name for the public, but in the IT world, the word was too limiting. Malware, and therefore “anti-malware,” became the more accurate and trendier term. When people use either term, they are typically referring to the same thing. As competition between anti-malware companies increased, each started adding features to differentiate themselves. Now many “anti-malware” solutions are moving away from “malware” solutions to endpoint solutions. Features like device control are then added to the anti-malware suite. Therefore “endpoint security” or “endpoint protection” more accurately describe many “anti-virus/malware” solutions these days.
Device control refers to controlling the access rights to endpoints, such as a computer, laptop, mobile device, or tablet that connect to a corporate network to limit the potential for harm by external media. For example, if a user plugs in a USB drive to their work computer, an endpoint security program can disable or limit access to the drive.
A baseline requirement in the FFIEC’s Cybersecurity Assessment Tool (CAT) mandates that “controls are in place to restrict the use of removable media to authorized personnel.” Therefore, all financial institutions need endpoint protection to ensure their data is safe from removable media.
Traditional endpoint protection (anti-malware and anti-virus) solutions relied completely on signatures and heuristics of files accessed by an endpoint. Advanced endpoint protection employs additional tools, such as analyzing processes in memory in the pre-execution stage, to catch what is called file-less malware. Traditional tools are unable to analyze these types of attacks.
Ransomware is a type of malware, or malicious software, designed with the unique intent on encrypting then blocking an owner’s access to their data or files until a specified sum of money is paid.
The best practice against ransomware is a combination of training and software. Training your end-users to recognize potential attacks and avoid being an unwitting part of a successful breach is important. In addition to user training, installing an anti-ransomware solution will thwart attempts. By stopping the encryption of your data, the criminals have nothing to hold for ransom.