Anuj Goel, Co-founder and CEO at Cyware
Against the backdrop of Russian-based hacktivists declaring war on Europe’s financial systems, the passing of the EU’s Digital Operational Resiliency Act (Dora) and the potential threats posed by the emergence of generative AI, the finance sector has a lot to contend with.
In today’s elevated threat environment, cybersecurity teams need to take proactive action fast. All too often, however, analysts are bombarded by a tsunami of alerts generated by countless security tools. According to recent estimates, today’s enterprises have on average 100+ discreet security tools, many of which do not play nicely together.
At the same time as attempting to make sense of all this noise, IT security teams and their risk counterparts often work in isolation and rarely share resources or intel. Consequently, both teams are on the lookout for external indicators of looming threats despite the fact that internal log data often contains clues to the next attack. Without the right tools to effectively process and analyse this vast sea of data, these clues stay undetected, only to be discovered forensically long after an attack occurs. But rather than simply adding more security tools into the mix, security professionals need a better way to examine the threat data generated by disparate security tools and deduce high confidence and actionable threat intelligence.
To improve their threat detection and response capabilities, banks need to adopt a cyber fusion strategy that makes it easier and faster to find indicators of potential compromise and collectively take informed defensive steps to prevent or mitigate an incident.
What is cyber fusion?
Initially developed by intelligence agencies to promote collaboration through intelligence sharing, the fusion centre concept is now gaining traction in the field of cybersecurity.
Unifying security functions such as threat intelligence, security automation, threat response, security orchestration and incident response into a single connected unit, cyber fusion offers a more proactive approach to dealing with potential threats by bridging the gap between multiple teams through intelligence synthesis and inter-team collaboration. It also enables the fusion of contextualised strategic, tactical and operational threat intelligence for rapid threat prediction, detection and incident response.
By initiating a cyber fusion centre (CFC), banks will be able to automate the ingestion of threat data from a variety of different sources including existing security tools, cloud apps, historic incident intelligence and other data sources, including external threat intelligence providers and regulatory advisories. This can be done in a way that allows security teams to contextualise insights into malicious activities and meaningfully orchestrate cybersecurity operations across the network.
Leveraging AI and machine learning to enable faster actioning and analysis of threat intelligence, a CFC delivers complete visibility of security risks, threats, security controls and exceptions across cloud-based or on-premises infrastructures. It also enables banks to automate incident response and respond to threats in real time or proactively.
Finally, and most importantly, it also boosts inter-team collaboration by automatically notifying the right stakeholders of relevant threat intelligence and changing scenarios in real-time via a shared platform that supports a truly holistic and joined-up response.
Enabling a unified security posture
Bringing together technologies, teams and processes under one roof, a CFC enables security teams to orchestrate and automate security workflows in an integrated and highly collaborative manner.
Providing insights on all kinds of threats including malware, vulnerabilities, threat actors and previous incidents, cyber fusion supports the rapid dissemination of intelligence among all security teams to enable high-fidelity security decision-making at a technical, tactical, operational and strategic level. The exchange of situational intelligence at a cross-sectoral level empowers security teams to co-develop threat mitigation strategies. It also enables teams to leverage shared actionable intelligence to automate responses – such as blocking malicious IPs in firewalls or updating SIEM data – with no need for manual intervention.
But that’s not the only benefit. To further reduce security vulnerability risks, banks can use their CFC platform to automatically feed relevant data into their other security tools (EDR, firewalls, IDS/IPS, SIEM, SOAR). Using automated cross-functional workflows to drive security actions significantly reduces the mean time to detect (MTTD) and mean time to respond (MTTR).
Connecting the dots for enhanced resilience
With a cyber fusion centre in play, banks can enable security teams to ingest, enrich, correlate and manage threat data into a single source of truth and turn that data into contextualised, noise-free and actionable threat intelligence. This can also then be shared in real time to identify and respond to threats faster.
Enabling 360-degree threat visibility is just the start. Alongside promoting collaboration between teams by sharing real time threat alerts that support a collective defence approach, a CFC enables security operations teams to automate incident responses and initiate an end-to-end threat response process that keeps pace with the evolving threat landscape. By adding cyber fusion capabilities to their existing security operations centre (SOC), banks will be better equipped to connect the dots and respond to the prevailing threat landscape in real time.