Protecting the financial sector with Deterministic Protection

An opinion piece by Rahil Ghaffar, Director, Sales for Middle East & Africa at Virsec

With increasing connectivity and the continuous, on-going digital transformation, attackers are finding new ways to completely bypass most solutions. Their methods are increasing in sophistication, resulting in a higher success rate. This becomes particularly dangerous with regards to financial organisations as a result of all the sensitive and real-time data they store. To make matters worse, their deep pockets make them an attractive target for threat-actors looking for a quick pay-out. Security solutions that treat the application as a black box are no longer sufficient in securing organisations from being breached or targeted in an attack; protection must be layered and the mindset and culture of cybersecurity must shift to an application aware security approach that is deterministic in nature. This is the only way to fully protect customers and confidential data and assets.

As such, organisations and users are looking for better security. Specifically, one that protects their workloads rather than one that takes days or even months to respond, after the attackers have stripped the said workload of all its value.

Ransomware defence is moving away from searching for known malicious code or signature-based blacklisting. Instead, the fastest and most reliable protection involves equipping vendors with the ability to catalogue known good behaviours and detect deviations in real time on both workstations and servers. This technique, known as whitelisting, is popular for its ability to detect and stop malicious activity quickly without relying on analysis in the cloud.

Deterministic protection: What is it and how does it help?

A deterministic protection platform (DPP) can be used to secure the full workload. It fully understands all application processes by extracting their original intention function and how they are supposed to run depending on their purpose. It can automatically detect any diversions or abnormalities within software and applications that don’t correlate with the original intentions. In this way, it’s able to protect any vulnerable workloads that are typically targeted by threat-actors.

This approach to security allows organisations to detect and block known and unknown attacks. As a matter of fact, DPP can identify, precisely and reliably, when a protected workload starts executing code that was not part of the original code and it can alert to and stop any type of attack within milliseconds. When it comes to ransomware, the damage occurs when threat-actors move laterally from desktops to servers. DPP, in this case map the sequence of processes and commands by all applications authorised to run on that server and waits for anything that differs. As soon as a foreign application or sequence shows up, the software raises an alarm and kills the process. As such, attackers are unable to perform command injections or hijack control. This provides much more desirable security in comparison to other solutions that simply detect attacks when it has already occurred and can no longer be stopped. As such, DPP reduces threat-actor dwell time to near zero and blocks threats before the attacker can execute their malicious code.

Cybersecurity in the financial sector

COVID-19 sped up the already ongoing digital transformation. Consequently, financial institutions are increasingly relying on technology and data to provide their products and services to their customers. Additionally, the rapid transition to digital left organisations vulnerable to breach because more and more transactions were and continue to be done online. This switch meant that many compromised security for speed, which simultaneously increased the attack surface, as it was easier for attackers to find weaknesses within applications and networks. Now, there are a vast amount of internet facing apps that are still often riddled with gaps and vulnerabilities, giving hackers an easy way into a company’s systems.

Just last year, for instance, the average cost of a data breach in the financial sector was $5.72 million. In fact, financial institutions were in the top five sectors with regards to the severity and frequency of cyber-attacks. This year, this isn’t expected to change, as financial organisations will continue to face threats including phishing, ransomware/malware and even SQL injections. In 2020, 80% of financial organisations reported losses due to phishing attacks. While such an attack seems harmless, the simplest attack vectors tend to have the highest success rate, which is why it is vital for organisations to secure against any and all threats to avoid suffering the consequences.

Unfortunately, the costs of data breaches will undoubtedly increase, unless financial organisations take the right measures to protect themselves adequately. Defensive protection is no longer enough. Cyber criminals will always take an opportunity to breach a company’s network and cause as much damage as possible. In order to adequately protect themselves, it is vital for financial organisations and institutions to invest in more robust cybersecurity programmes and solutions.

Why would financial institutions benefit from DPP?

With the financial industry continuously being targeted by cyber criminals due to the vast amounts of sensitive data it houses and the assets it deals with, IT teams and leaders are making more conscious decisions to deploy security solutions and protect their networks. This is a step in the right direction as more and more attackers are holding financial organisations for ransom. The magnitude and speed of ransomware leaves financial organisations confounded, due to a lack of preparation and layering within their existing security. More worryingly, if the ransom is paid, organisations risk being targeted again, or losing vast amounts of important information to the dark web. This is why it is vital to detect and block threats as quickly as possible, preferably before hackers have a chance to gain a foothold in the network, move laterally and launch large-scale attacks.

This is where DPP is very effective. It maps precisely how a specific application executes. Therefore, when the application starts executing code influenced by an attacker, DPP will stop the threat in milliseconds. Considering the fact that the financial sector not only deals with sensitive data, but processes transactions in real time, these milliseconds can be incredibly decisive in how an attack does or does not play out. In addition, financial institutions sighted in a survey that they value prevention over detection, and DPP would do exactly this; detect any deviations from the software’s original purpose and prevent an attack from being carried out. As a result, financial organisations can better protect their customers by deploying DPP, as it secures their data and their assets even if the application is riddled with (un)disclosed vulnerabilities or if the app has not been patched.

The world runs on software, yet before DPP there was no way to achieve protection at the workload while the software or application is running. With the speed at which threats are evolving and hackers are improving their methods, financial organisations must place more emphasis on cybersecurity by having a way to secure themselves and their customers from both known and unknown attacks. Layered protection provides a robust base, however analysing financial intelligence takes time – time that gives adversaries the upper hand. DPP can provide the vital protection financial organisations need by alerting organisations to any deviations in the software within milliseconds and blocking the attacker in their tracks. By deploying DPP, companies will take away threat-actors’ ability to dwell on servers and gain unauthorised access to confidential data or assets.

Ultimately, the only way to eradicate any type of attack or breach is to fully understand applications and software at their core, and make sure they are always running as they are supposed to.