Cybercriminals attacked the financial services sector more than any other industry last year. A recent research report found that 75% of the top 20 U.S. commercial banks (by revenue) are infected with malware. And another analysis on cyber risk management found that 69% of incidents went undetected by financial security teams for weeks to months.
So what is the best line of defense? How do leading security teams stop attackers’ increasingly sophisticated techniques and secure sensitive data?
These questions were top of mind for a private investment firm who is now a Red Canary customer. They were concerned an attacker would be able to bypass their security controls without them knowing. With close to $40 billion in AUM and a number of research analysts that frequently travel outside the corporate network, enhancing visibility and threat detection across endpoints was critical.
This customer profile will take a closer look at:
- The investment firm’s primary security challenges based on their environment
- Why they selected Managed Endpoint Detection and Response (MEDR) as a key component in their defense strategy
- How Red Canary integrated alongside the firm’s existing Managed Security Service Providers (MSSPs)
Read the full case study to learn more about the investment firm and how Red Canary helps them defend against attacks.
Challenge: Gaining Visibility Across All Endpoints
The firm had a robust security posture with multiple overlapping layers of security solutions and personnel. Because the firm’s internal team is focused on both IT and security, they outsource a number of security functions to managed security providers. An MSSP manages the firm’s SIEM, DLP, IPS, and day-to-day cybersecurity posture, while another MSSP manages the firm’s IDS. The firm also has a leading endpoint protection suite deployed.
However, like many organizations, the firm lacked visibility on devices inside and outside its network—a significant risk for a firm whose research-driven investment process regularly has analysts traveling around the globe.
Related Article: Lack of Visibility Is a More Common Security Mistake Than You Might Think
Managed Carbon Black Response: The Next Layer of Defense
The firm’s Director of Technology knew that Endpoint Detection and Response (EDR) was the best way to continuously monitor all endpoint activity and detect potential threats. He conducted extensive research and found that Carbon Black Response was the best solution for his organization due to its ability to collect comprehensive endpoint data. But he soon realized that managing the product would require expertise and time commitments his internal team did not have.
The Director decided to roll out a managed Carbon Black Response offering through one of his existing MSSPs. Within a few months, the firm’s Director discovered that the managed solution did not live up to his expectations. Threats often lingered in the network for days or weeks at a time, leaving endpoints vulnerable. The MSSP simply didn’t know how to work with the endpoint data; they lacked the expertise and processes required for rapid threat detection, investigation, triage, and response.
“This specific offering from our MSSP was not effective. I still wanted Carbon Black Response on my endpoints. I just needed to find the right partner to manage it.” —Director of Technology
Looking Beyond MSSPs: Managed Endpoint Detection & Response (MEDR)
The Director knew that Red Canary had a strong partnership with Carbon Black and expertise managing the endpoint data it collected. He recognized that the two companies have the same lineage and that Red Canary was Carbon Black’s first technology and managed service partner. After an in-depth Proof of Concept, the Director was able to check all the boxes in his evaluation of Red Canary MEDR.
Key reasons the organization selected Red Canary:
- Proven expertise managing Carbon Black Response
- Broad detection of threats ranging from malware to advanced attacker techniques
- Timely detection (within minutes to hours) and minimal to no false positives
- Limited involvement required from the firm’s internal team and existing MSSPs
- Ability to seamlessly integrate detections and endpoint telemetry with other tools and services
Faster Detection & Response + Seamless MSSP Integration
The firm saw an immediate improvement in detection efficiency and response time after deploying Red Canary. Whereas it previously took days or weeks to detect a threat, Red Canary enabled the team to control the situation within minutes to hours, regardless of the endpoint’s global location.
The Director also found that there was seamless integration between the service providers. He now relies on each managed vendor for their specialties, and has integrated data sources that he and his team can work with and manage.
“Red Canary has the ability to master endpoint data and detect threats as they happen. We have been able to use their detections to immediately stop threats. We haven’t seen the same level of EDR expertise with any other vendor.” —Director of Technology
Key Takeaways
Many financial organizations are adopting EDR as a crucial component in their security strategies. It is a powerful way to gain visibility into endpoint activity and defend against evolving threats. But if you don’t have the resources or expertise to manage it internally, be sure to select a partner carefully. If you are looking to for a partner to manage your EDR, help your team’s evaluation with this checklist of 16 questions to ask MSSPs and MDR providers.
Related Resources
- Case Study: Financial Endpoint Security: A Comparison
- Guide: 8 Common Questions & Answers: MDR vs MSSP
- On-Demand Webinar: Outsourcing Endpoint Detection & Response