Overview
- The CTI team of a leading North American financial institution with over $200 billion in assets struggled to effectively monitor for external threats
- Too much noise and the need for labor-intensive manual investigation bogged down analysts
- Flare exceeded expectations by delivering increased productivity, optimized reaction time, and threat landscape insights to boost security (reducing the time to detect security compromise from 192 days to minutes)
How can a CTI team thoroughly and quickly monitor the billions of leaked credentials on the dark web?
The CTI team of a major North American bank had difficulty with three main pain points: 1) prevent day-to-day cyber fraud, 2) gain better insight into critical threats, and 3) immediately optimize the team’s resources.
This success story outlines how by adopting Flare, the bank:
- Enhanced dark web monitoring and coverage through (user-friendly) automation
- Created a safety net with instant notifications regarding events affecting the company
- Identified and remediated threats and potential data leaks in real-time
The Challenges
Volume of Data Collected was Too Much to Comb Through
There was too much noise surrounding the day-to-day fraud with small amounts stolen each time by a large number of malicious actors involved. The CTI team could build intelligence only on a small subset of these cases. This led to day-to-day fraud cases going unnoticed for far too long, and the team couldn’t respond effectively.
The CTI team had to manually investigate hundreds of thousands of web pages per week. In addition, they had difficulty linking malicious actions across multiple platforms or drawing a holistic picture of external threats.
Integrate the world’s easiest to use and most comprehensive cybercrime database into your security program in 30 minutes.
Unlike other data sources like IOC feeds, which could be directly integrated within their existing threat intelligence platform, manual investigation into a couple websites took up significant resources. However, this process was crucial to continue to gain additional actionable intelligence on ongoing criminal activity.
The previous approach to juggling these various efforts was not efficient and the CTI searched for a tool that could support their work.
How Flare Helped
Flare slashed the mean time to identify (MTTI) response time from days to minutes, which drastically improved the bank’s ability to rapidly detect threats and potential incidents across the dark & clear web.
Specifically with day-to-day fraud, Flare identified high-risk exposure that could be exploited by malicious actors like customer accounts at risk of fraud, employee and customer credentials that could be used for account takeover, and any accidental data leaks resulting from human error. By extracting actionable intelligence from billions of data points, the CTI team optimized their time to the most critical issues to detect a security compromise in 192 days to a few minutes.
The CTI team gained a greater understanding of the threat actor landscape with Flare’s wide coverage and linking of malicious actors’ communication and activities across different platforms (even when they used different usernames to hide their tracks).
Some other benefits include:
- Expand dark web monitoring and coverage through automation
- Receive notifications in real-time from Identifier-based alert system
- Set up custom alerts in minutes
- Use platform’s search functionality to investigate illicit markets and websites such as GitHub
- Onboard analysts onto platform in a few hours and the adoption required no integration
The CISO of the bank stated, “Flare enables us to react quickly when threats are publicized. It helps us protect our brand and financial resources from data breaches.”
Flare’s platform exceeded expectations by delivering increased productivity, optimized reaction time, and boosted security through greater tailored threat landscape insights.
Want a threat monitoring approach that suits your CTI team and organization’s needs? Book a demo to learn how to quickly add support to your monitoring strategy that fits the unique needs of your organization.