Case Study

Cybersecurity Financial Industry Case Study

Midwest Bank Increases Protection to Gain Greater Visibility and Control

A locally owned, midwestern bank provides both personal and business banking services through its 7 locations. In operation since 1885, the bank has a vested interest in keeping both its organization and its members safe from the increasing volume of cyber threats. While faced with the same cybersecurity issues and regulatory compliance issues as larger financial institutions, the bank must protect its network and members while ensuring auditing and compliance with fewer resources— specifically, a 3-person IT team.

Upon learning about ThreatBlockr, the bank CEO suggested the IT team deploy the ThreatBlockr platform in front of the existing firewall, as part of an additional layer of protection for their defense-in-depth security strategy. With ThreatBlockr, he felt that he would be able to leverage ThreatBlockr’s 30M+ out-of-box threat indicators to prevent known bad actors from targeting them by stopping them before they hit the bank’s firewall.

The Value of the ThreatBlockr Platform

With banks 300X more likely to be hit by a cyber attack, the CEO knew it was critical to address security head on. Operating as a regional, medium sized bank, they also did not have the luxury of large cybersecurity budgets, staff, and resources at their disposal. They needed a solution that was smart, easy, scalable, and everywhere. As such, they deployed the ThreatBlockr platform and saw a substantial drop in the malicious traffic it sees on its network.

“After finding that something has been blocked, it’s easy to identify why it has been blocked (by the ThreatBlockr platform). I like the fact that I can look through the reporting features and determine if I need to ease up on some of my rules. It’s then a very simple configuration change. Or, if it’s something that is getting through my firewall that shouldn’t, I can simply strengthen the rule.”

Simplified Compliance Auditing

As the bank is heavily regulated, they are regularly audited. After deploying the ThreatBlockr platform, the bank has seen higher scoring due to the information sharing and use of their FS-ISAC feeds. By integrating the FS-ISAC feeds into the ThreatBlockr platform, the bank is able to protect itself and its customers from the massive amounts of industry specific threats.

“They review our logs, and test the network. This most recent test, just earlier this month, they were extremely impressed with the way our penetration test went, with the ThreatBlockr at the perimeter.”

Greater Visibility and Control

In financial services, understanding ones security posture and maintaining security stack integration is critical. The bank undergoes regular PEN testing as part of its ongoing security validation practice. During the most recent annual PEN test, the third-party testing company complimented the bank on their security deployment.

“Typically, during the PEN test, we have to whitelist them (the third-party tester) in our ThreatBlockr in order for them to perform their testing. However, we ask them to try their tests without being whitelisted, and they never get anywhere. They think they’ve done damage because we just disappear. I explain to them that our system blocked them, and stopped replying. It’s by design…not a defect.”

Greater TCO and ROI through Simplified Deployment and Management

The ThreatBlockr platform reduces the number of alerts to investigate and automates the management of threat intel feeds. The threat intelligence data in the platform is automatically updated eliminating the need to manually manage threat feeds. This allows the bank to expand security capabilities without increasing management overhead and complexity.

“My coworker was tasked with taking the threat reports, and manually entering in, line by line, the malicious IP addresses and domains. Sometimes it took days to complete. If it was a big report, it might take a month. Now he’s able to just import them into the system. It’s no longer a big deal.”

Since deploying the ThreatBlockr, the bank’s IT team has seen greater efficiency in how they feed logs into their other security products. Additionally, it has been delighted in the response times and personal interactions they’ve received from ThreatBlockr.

“Not long after we purchased our ThreatBlockr, I spoke to several vendors. They offered a few examples of features that weren’t available on the ThreatBlockr. I sent in a feature enhancement request, and it was only a few months later that those features were added. I mean, that’s just superb.”

After deploying three ThreatBlockr’s into their network, the bank has seen:

  • Increased protection from threats
  • Less malicious traffic passing through firewalls
  • Simplified ingestion of third-party FS- ISAC feeds
  • A reduction in the time spent managing security devices

About ThreatBlockr

ThreatBlockr is the only active defense cybersecurity platform that fully automates the enforcement, deployment and analysis of cyber intelligence at a massive scale. As the foundational layer of an active defense strategy, ThreatBlockr’s patented solution blocks known threats from ever reaching customers’ networks. ThreatBlockr utilizes immense volumes of cyber intelligence from over 50 renowned security vendors to provide unparalleled visibility over the threat landscape resulting in a more efficient and effective security posture. Security teams at companies of all sizes use ThreatBlockr to deploy active security, gain real-time network visibility into threats and policy violations, ensure their network is protected and reduce manual work. Block. Every. Threat. at