Banking and financial organizations have a unique perspective on the cybersecurity landscape. Not only is the industry a bellwether for emerging threats, but they also have deep visibility into the machines and networks they protect.
As the global pandemic has forced most employers to embrace a work-from-home model, security teams at banks face a particularly daunting challenge. We invite you to join us for a discussion about the state of security in finance. Using Red Canary’s Threat Detection Report and VMware® Carbon Black’s latest findings as a basis for the conversation, we’ll offer unique insights into the top attacker techniques that targeted endpoints across financial institutions in 2019—as well as what the future might look like for your team.
- Get unique insights into the top attacker techniques that targeted endpoints across financial institutions in 2019
- Learn how mandatory remote policies are shifting the threat landscape for Finance and Banking
- Explore the changes to the threat landscape as adversaries adapt to decentralized networks
- Consider the importance of endpoint and identity-centric security controls
Watch On-Demand
02:15 Panelist Introduction
04:30 Webinar Agenda
05:30 The Past: The 2019 Landscape
05:42 The 2019 Threats to Finance
06:42 “PowerShell is still widely used out there in the wild. We’re seeing more and more credential dumping with the widespread use of tools like MIMIKATZ.” -Michael
07:39 Defense Evasion
07:58 “What we’ve observed from 2018 into 2019 is that the categories of malware are starting to break down.” -Rick
09:17 Ransomware Resurgence
09:55 “You have to look at two categories: stopping credential harvesting and stopping lateral movement.” -Rick
10:14 Wipers
11:22 “Having tools that actually concentrate on those types of behaviors is great for our environment.” -Carlos
11:52 The Present: Operations in March and April
12:20 People
16:32 “We began to see, and we are still seeing, the COVID-related attacks happening. So you’re starting to see email-based attacks or COVID-related emails coming inbound.” -Michael
17:00 “If attackers have a day job, or this is their day job, they now have more time to focus on their activities.” -Michael
18:09 “One of the things that we build our security programs on is adaptability. We want to adapt to the environment, we want to adapt to business strategies, and we want to adapt to things going on.” -Carlos
19:30 Processes
23:02 “Keep an eye on the future and start to design your solutions for a world that’s going to be like this. Because I don’t see us going back.” -Rick
25:32 Technology
26:45 “We were used to looking at the perimeter and interest points, and now interest points are all over the place.” -Carlos
28:22 “Endpoint protection and endpoint controls become the new normal and become the actual focus of what used to be done.” -Carlos
29:15 “All of our home routers are suspect. I don’t trust any of them.” -Rick
30:26 “As part of a COVID response, I’m sure there are a lot of teams that are writing new PowerShell code to do some of this stuff and facilitate it remotely.” -Rick
34:37 “The biggest issue with using somebody else’s endpoint, or using some other non-controlled endpoint, is the behavior analysis.” -Carlos
42:27 “The Cloud is built for ease of use. It’s not built for security.” -Carlos
43:25 The Future: 2020 and Beyond
43:40 The New Normal
43:49 “There are going to be good outcomes from this; there are going to be bad outcomes; and there’s frankly going to be ones that are entirely indifferent.” -Brian
43:59 Positive Outcomes
44:38 “I think organizations, especially CFO’s, are going to look at the economic savings.” -Rick
47:26 “70% of my team is actually doing some sort of training nowadays.” -Carlos
48:22 Bad Outcomes
49:45 “I believe on the other side of this there will be a lot of litigation and there will be a lot of compliance fines as a result.” -Rick
52:40 Both Good and Bad Outcomes or Neither?
52:57 “As a security leader, I hope that at this point, however long you have been at an organization, that you’ve picked the right vendors through your process and that you’ve been diligent looking for products and organizations that will help you during times of incients.” -Michael
54:23 “A lot of us rely on vendors to keep up compliance.” -Carlos
55:40 Here and Now: Taking Action
55:44 What You Can Do
56:00 “Definitely stay focused on the endpoint as much as you can.” -Michael
56:22 “If you’re using a lot of Cloud tools, and you don’t have those things going somewhere to be monitored or reviewed, now is probably time to get that going.” -Michael
57:05 “Compliance changes. Document everything.” -Carlos
57:59 “Plan for those worst-case scenarios, learn from failure on the battlefield, and then adapt as quickly as you can.” -Rick
59:18 Virtual VMWare Carbon Black Connect Event