Join the Community

22,253
Expert opinions
44,223
Total members
408
New members (last 30 days)
201
New opinions (last 30 days)
28,760
Total comments

How cyber fusion could unlock dormant value in security tech stacks

The challenges of cybersecurity and compliance are reaching unprecedented levels of complexity, particularly in the finance sector. Concerns have expanded beyond traditional criminal activities to encompass politically-motivated hacktivists aiming to bring down banking systems or expose sensitive information. Their machinations have injected a new layer of unpredictability into the high-stakes world of financial security.  Add to this the ramifications posed by generative AI and obligations emanating from the EU’s Digital Operational Resiliency Act (DORA), and it wouldn’t be an understatement to say that the financial industry has a lot on its plate right now. 

Fragmented security processes 

Having to get to grips with these monumental issues are overstretched cybersecurity staff and their equally busy colleagues in fraud and risk departments. While all teams have the same end goal of protecting the business and its customers, they are routinely hampered by working independently without effective ways of sharing valuable insights and intelligence.  As a result, analysts in different teams are trying to detect the same risk indicators and yet, these vital pointers are often sitting unnoticed in at least one or more internal security platforms.  According to recent estimates, large enterprises have on average over 100 disparate security tools, many of which are incompatible with each other due to the standards and formats in which they process data.  Moreover, they spew out endless alerts on a daily basis which do little more than create confusion among the recipients, instead of prioritising the most urgent actions to take. 

Without effective tools to consolidate, process and analyse fragmented sets of data, critical risk indicators can remain hidden until it’s too late. Only uncovered during forensic investigations long after serious damage has been done.  

What’s needed is a better way of collating, analysing and disseminating the extensive threat data that already exists within an organisation to provide actionable insights across cybersecurity, risk and fraud departments. This unifying approach can form part of a cyber fusion strategy that accelerates collaboration across teams and technologies. It enables informed decisions to be taken collectively in order to protect against attacks and respond to incidents whenever they occur. 

Cyber fusion explained 

Originating from the military and intelligence sectors, cyber fusion strategy is being adapted by large enterprises, including financial organisations, for the urgent need to unlock real value out of threat data collected by their security and IT technologies in the wake of increasingly complex threat landscape. At Cyber Fusion’s core is a mission to merge security automation, threat intelligence, and incident response into a cohesive and proactive cybersecurity defence plan.  

Financial institutions are subject to a wide array of cyber threats and disruptive attacks, which necessitate this type of unified response. By setting up a Cyber Fusion Centre (CFC) as part of an overall strategy, firms can bring together intelligence analysis from multiple knowledge hubs to improve threat detection, cut out duplicated effort, and increase overall efficiency including proactive threat actioning.  

Fundamental to this process is consolidating data from existing tools into a single platform to provide one reliable view of the truth. This includes automating the ingestion of threat data from a variety of different sources such as existing detection tools and platforms, historic incident reports, threat intelligence shared by  regulatory authorities and commercial providers.  With the support of AI and machine learning, security teams can then contextualise insights which were previously difficult, if not, impossible to connect. By reviewing and being able to connect the dots between what might seem like random events, it is possible to determine whether any suspicious activities are part of a broader attack.  And, as necessary, orchestrate security remediation and corrective action across the network in a coordinated, precise manner - radically reducing the average time to respond and deal with an issue.  Sharing this information in real-time with trusted partners such as diverse business units and suppliers also enables quicker response to securing the extended perimeter. 

Harnessing underlying value 

By harnessing insights on all manner of threats including exploitable vulnerabilities, malware, past incidents, and malicious actors, cyber fusion enables every security-related team to have fast access to critical intelligence. This transforms the quality of decision-making across the board. Whether technical, tactical, operational, or at a strategic level, informed choices can be made based on comprehensive and accurate data, minimising guesswork, and misinterpretation. Improved accuracy empowers teams to work together on creating advanced mitigation plans, including developing automated responses to minimise manual intervention.  For example, processes can be deployed to immediately block malicious IPs in firewalls or update SIEM threat data automatically as soon as new information becomes available. Another upside of a cyber fusion platform is that relevant data can be fed automatically back into other security tools such as EDR, firewalls, IDS/IPS, SIEM and other tools. Thus, ensuring that all areas of cybersecurity, risk and fraud are benefiting from the latest, up-to-date information and analysis. 

Instead of replacing security tools, cyber fusion optimises existing capabilities by harmonising their underlying value within a comprehensive defence ecosystem. Its purpose is to leverage current investments, improve overall security posture, and extract more from a firm’s cybersecurity technology stack. With the right strategy behind it, a cyber fusion platform will deliver the scope and speed of response necessary to support the high-pressure security and compliance environment that must underpin every organisation operating in the financial industry. 

 

 

External

This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.

Join the Community

22,253
Expert opinions
44,223
Total members
408
New members (last 30 days)
201
New opinions (last 30 days)
28,760
Total comments

Now Hiring