The client: Financial sector
The current security situation in the financial sector requires a higher degree of protection to prevent not only cyber-attacks, but also banking fraud, phishing and possible vulnerabilities that could jeopardise the systems and information managed by these companies.
Sofistic has about a hundred international financial sector customers, mainly in Latin America, with whom it has implemented a variety of solutions for comprehensive business protection.
Challenges
As main challenges, the sector seeks to improve both internal and external controls, making visible and prioritising all cybersecurity events that may occur in the company, as well as having an extensive analysis of vulnerabilities of the different systems.
The sector has common cybersecurity objectives:
Sofistic methodology
Differential value: We detect and identify vulnerabilities from different perspectives, achieving greater visibility than our competitors. Combining our experience, automation and artificial intelligence support, we help in the mitigation by finding more effective, agile, cost-effective solutions, and with less impact on the bank's operations.
Strategic investment: the cost is lower than the return on investment, our preventive services greatly mitigate the risks faced by the bank.
Solutions and services
SIEM / SOAR: Implementation of solutions that allow the detection of incidents by correlating events from different sources, where it is also possible to automate actions (playbooks) against defined and known patterns of attacks.
Atlantis SOC: Monitoring of threats from the operations centres adapted for this purpose, with a presence on two continents, so that greater efficiency is obtained by avoiding night shifts with low productivity and minimising the risk of loss of service caused by possible catastrophes, massive attacks or meteorological situations by being distributed in two very distant locations.
Artificial Intelligence for visibility and protection: Threat and anomaly detection and prioritisation solutions are proposed using artificial intelligence to analyse behavioural patterns and autonomously provide a first response. Solutions such as Darktrace provide complete visibility of all connected devices and potential risks. To extend this protection to endpoints we use CrowdStrike, which performs AI-supported analysis of behavioural patterns and goes where conventional antivirus cannot. This makes it one of the only systems capable of protecting endpoint devices against the newest threats.
Intrusion tests (Pentest / Ethical hacking): Identification of vulnerabilities (pentesting) which, if exploited, could affect business continuity or lead to fraud.
Anti-fraud:: In line with continuing to protect all infrastructure vulnerabilities, financial institutions need to protect access to their systems via mobile devices, both for employees and customers accessing online banking apps.
Protection of employees' mobile devices: To protect them, we combine Microsoft Intune MDM to control device configurations with UareSAFE to protect these devices from malware and other threats, providing visibility of their security status in a simple way, all without violating end-users' privacy.
Protection of onboarding: One of the biggest challenges for financial institutions has to do with managing user identity by detecting fraudulent access attempts. To this end, different solutions are proposed to establish better access controls with an analysis of user behaviour, some of which are included among the different M365 cybersecurity products, or solutions for user identification through biometrics such as Selphi or SelphID.
IBM Assurance I (AS400): We accompany entities to identify security risks and support the implementation of best security practices, user management and monitoring.
Integration between solutions: SOFISTIC also performs integrations between Darktrace, Crowdstrike, M365, SIEMS and other external platforms in order to have all the unified alerts in a single panel.
Results
Future actions
Due to the wide variability of attacks and the technological evolution of the latest attacks (offensive artificial intelligence), the sector plans to continue deepening research and the application of new multilevel protection systems with the help of Sofistic, Cuatroochenta's cybersecurity unit.
