Pakistan’s largest bank relies on Recorded Future Intelligence Cloud to detect and respond to threats before they can do harm.
The financial services industry is changing quickly as institutions undergo Digital Transformations to meet client expectations for a digital and online banking experience. But while digital technologies are critical to innovation, they also expose financial institutions – already a favoured target among threat actors – to greater risk.
As the oldest and one of the largest banks in Pakistan with more than 1,400 branches across the country, Allied Bank understands the importance of proactively protecting its brand and digital assets.
That’s why Allied Bank turned to Recorded Future to help it implement a proactive security strategy with intelligence at its core.
“Threat actors are looking at your digital footprint outside the organisation to launch an attack. You must take proactive measures. You have to monitor your digital assets. You have to remediate incidents. You must proactively protect your brand and your image. To do that you need timely intelligence. That is a must to have, for any organisation, but especially in the financial sector,” said Awais Ejaz, Group Head/CISO, Information Security and Governance at Allied Bank.
Proactively getting in front of attackers
Allied Bank’s security team’s strategy is to stay a step ahead of threat actors by proactively monitoring and protecting its external attack surface. The team sought a digital risk protection platform that would provide visibility into the bank’s digital assets and any abuse of the brand logo, including phishing pages, fake mobile applications and data leakage on the Dark Web.
“The biggest challenge we faced – the reason we opted for Recorded Future – was we did not have enough visibility into Allied Bank’s digital asset inventory. We wanted to be able to see what digital inventory information was out there and to be alerted if any anomalies were detected,” added Ejaz.
The team also recognised the opportunity to improve its threat-hunting capabilities with more targeted threat intelligence. Allied Bank already had threat intelligence feeds coming from different publicly available resources but correlating this data and analysing it in the context of threat activity within the financial industry was time-consuming, error-prone and not all-encompassing. The team wanted enriching and enhanced intelligence on a consolidated platform.
After evaluating several intelligence vendors, Allied Bank chose Recorded Future. “Unlike other competitors, the main differentiating reason that we selected Recorded Future was the huge amount of sources from which they are gathering intelligence,” said Ejaz.
Recorded Future provides a comprehensive view of Allied Bank’s threat landscape through a combination of automated analytics, human-finished analysis from Recorded Future’s research division Insikt Group and advanced querying capabilities. The Recorded Future Intelligence Graph automatically fuses together billions of entities and delivers original research to dynamically categorize, link and analyse intelligence. This arms the security team with easy-to-consume insights that are integrated into Allied Bank’s existing SIEM and security workflows.
Protecting the Allied Bank brand against previously unknown threats
Recorded Future gives the team visibility into its own digital attack surface, as well as relevant attacker behaviour from around the globe, within a single platform. Using SecOps Intelligence, the Allied Bank team also integrates Recorded Future’s Intelligence to augment their SIEM data and workflows. This allows them to quickly identify and respond to anomalous behaviour of which they were previously unaware.
“There were a lot of threats, a lot of anomalies, which were unaddressed and were unknown to us. Because of the timely threat intelligence, and because of the digital risk protection intelligence which we got from Recorded Future, we’ve been able to keep up with those threats and we have direct visibility into those threats now,” Ejaz added.
For example, the team discovered typosquats that could be used by threat actors to execute phishing attacks, as well as detect the presence of high-profile credentials on the Dark Web. The team also detected and responded to malicious hashes, indicators of compromise and command and control communications – all within the span of the first four months using Recorded Future.
Faster and smarter threat hunting
In addition to enabling the team to remediate previously unknown threats, Recorded Future empowers Allied Bank’s team to reduce risk more efficiently and effectively. “Threat hunting has become very fast and easy with Recorded Future. We can search our environment for malicious activity and IoCs in the threat feeds and remediate those threats before they impact the business or our customers,” said Ejaz.
The Recorded Future Intelligence Platform includes dynamic risk scores and access to key evidence, eliminating the need to manually correlate data and prioritise security issues. This is done automatically, freeing the team to detect, assess and respond to the threats that pose the greatest security risk with speed and confidence.
In turn, the team has become faster and smarter. “The capacity of the team has been enhanced because of Recorded Future’s huge knowledge base. I think the team has learned a lot in the time that we have been using Recorded Future,” Ejaz added.
With Recorded Future, the team has the tools it needs to proactively remediate threats and manage risk. “The visibility we get into our attack surface and the massive knowledge base available with Recorded Future are incredibly valuable to us. We cannot imagine a security operations centre at Allied Bank without Recorded Future.”