“Thanks to Flare’s intelligence, we efficiently contained a threat actor who discovered two vulnerabilities in our MFA setup. We were able to act quickly and prevent a potential serious incident.”
– CISO, Leading Bank
The Customer
- Over $250B in assets
The Challenges
The security team of the major bank was looking to better understand and prevent day-to-day cyber fraud, gain a clearer insight into critical threats, and immediately mitigate and optimize the security team’s time and resources.
Day-to-Day Fraud
The security team needed to identify sources of day-to-day fraud that went unnoticed for too long. Unfortunately, they were only able to build intelligence on a limited subset of cases. A large number of threat actors stole small amounts in each fraud, which generated too much noise for the security team to handle on their own.
Coverage, Time, and Resources
The security team wanted to perform CTI activities without missing any critical information and correlating intelligence found on multiple platforms. The security team struggled to handle the volume of data it collected from various sources, which could range in the hundreds of thousands of web pages per week. The security team was also unable to link the activities of malicious actors on multiple platforms or draw on accurate picture of external threats.
Manual Reporting Process
Compared with other data sources such as IOC feeds, which can be directly integrated within their threat intelligence platform, the manual investigation of just a couple of websites could use up significant resources. The security team knew that monitoring events on dark web platforms was critical in getting additional actionable intelligence reporting. Even though it was already monitoring multiple websites, keeping track of ongoing activity was challenging, mostly because it relied on manual work. The process had to be handled while working with incident response teams, focusing on specific breaches and analyzing threats.
The Impact and Benefits
“Flare enables us to react quickly when threats are publicized. It helps us protect our brand and financial resources from data breaches.”
– CISO, Leading Bank
The bank’s security team implemented Flare to enhance not only dark web monitoring and expand coverage through automation, but to also gain a comprehensive view of external threats on both the clear & dark web. The identifier-based alert system delivers notifications in real-time on potential threats. The bank’s security team also benefits from the platform’s search functionality to investigate illicit markets and websites, as well as GitHub leaks. Analysts onboarded onto Flare in a few hours, and the adoption required no integration. The bank’s employees were able to set up custom alerts in minutes and they did not have to share any internal or customer confidential information to receive tailored actionable alerts to monitor their external threats.
Flare exceeded this financial institution’s expectations by delivering increased productivity, an optimized reaction time, and threat landscape insights to boost security.
- Enhanced coverage: Flare monitors an extensive number of illicit forums and markets on the clear & dark web and Telegram channels.
- Providing intuitive insights into potential threats: The security team tracks malicious actors’ communication and activities across different sources, even when they used different usernames to hide their tracks. This provided the security team with an improved ranking of the most serious external risks.
- The security team gained instant visibility and automated immediate alerts of relevant threats. The Mean Time to Identify security issues plummeted from days to minutes. Therefore, the security team greatly improved its cyber hygiene and security posture, reducing risks.
Preventing a Possibly Costly Breach from an Exploited Bug
When a threat actor published an ad selling a method to bypass the security questions used to validate a client’s identity when logging in to the online banking platform, Flare alerted the security team immediately.
The security team identified and fixed the vulnerability exploited by the threat actor to gain access to customers’ accounts. Three days later, the same threat actor posted an updated ad with a new working method.
Flare once again alerted the security team, which launched a second round of review to identify and fix the new bug. Afterwards, the threat actor removed the ad, and the security team confirmed they fixed the bug.
Through Threat Exposure Management, security teams with Flare stay ahead of threats, react quickly, and protect their assets better.