Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Application Security

New Product Uses Deception to Protect SWIFT-connected Banks

Following a series of high profile high value attacks against a number of banks using the SWIFT interbank financial messaging system, Illusive Networks has announced SWIFT Guard, described by the company as cyber decept

Following a series of high profile high value attacks against a number of banks using the SWIFT interbank financial messaging system, Illusive Networks has announced SWIFT Guard, described by the company as cyber deception technology designed to protect SWIFT-connected banks from cyber criminals.

Deception as a technique for locating hidden threats is already widely used by enterprises. The concept is very simple: false locations are established on the networks with exactly the same characteristics as the genuine locations. Any activity in or against these false locations is automatic evidence of an intruder trying to locate genuine credentials or genuine data – and remediation can be commenced against an unsuspecting culprit.

Its weakness is twofold: it depends upon the attacker being fooled by the deception, and it requires a degree of skilled resources to establish and maintain it. There is no guarantee that it will work; and where it doesn’t work, there is no indication that it has failed. 

One of the weaknesses for the SWIFT system is that many of its smaller banks in smaller countries simply do not have the cyber resources of the primary western reserve banks. It is these smaller banks, such as Bangladesh and Ecuador, that have so far been hacked. They have been compromised to allow the hacker to deliver apparently genuine instructions to the major reserve banks via the SWIFT network in order to syphon off large amounts of cash.

The purpose of Illusive Networks’ SWIFT Guard is to allow these smaller banks to install deception security ready-made.

SWIFT itself is going through a program of hardening security, primarily aimed at improving the security of its member banks. Two examples include trying to increase threat intelligence sharing between the different banks and the more recent announcement of its own Daily Validation Reports. One problem it has is that the member banks ‘own’ SWIFT — it is not the other way round. It is difficult, therefore, to arbitrarily impose security solutions upon the members.

It is also questionable over how much the smaller banks are willing or able to spend on third-party security solutions. The hyperbolic description of Illusive Networks’ CEO Shlomo Touboul doesn’t help: “Deception based technology is the last chance to detect and mitigate sophisticated attacks aimed at the SWIFT system.” SWIFT Guard, like any other security solution, needs to be a part of multi-layered security.

Nevertheless, it could prove a valuable part of the security armory. It works by deploying agent-less deceptions on every endpoint of the network. Since there are far more deceptions than genuine credentials, it is statistically likely that attackers will attack a decoy — and in doing so they will be detected.

Advertisement. Scroll to continue reading.

One strong advantage of deception technology is that there should be no false positives. If a decoy is accessed, it is either an attacker or an over-inquisitive insider. This should appeal to smaller organizations that don’t have the skilled resources necessary to detect anomalies in log data or to distinguish false positives from genuine threats in the alerts generated by threat detection systems.

The reality is that SWIFT Guard could help SWIFT-connected banks, just as tailored deception security can help any organization. It could prove difficult, however, to persuade smaller banks to invest in this technology over and above traditional detect and prevent solutions. 

Illusive Networks’ own product announcement suggests, “Many SWIFT installations use older SWIFT versions that do not meet current SWIFT security standards, and are costly and difficult to update.” If this is true, the priority must surely be to update existing versions to current standards before purchasing additional third-party security.

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

CISO Strategy

Okta is blaming the recent hack of its support system on an employee who logged into a personal Google account on a company-managed laptop.

Compliance

Government agencies in the United States have made progress in the implementation of the DMARC standard in response to a Department of Homeland Security...

Email Security

Many Fortune 500, FTSE 100 and ASX 100 companies have failed to properly implement the DMARC standard, exposing their customers and partners to phishing...

Funding/M&A

The private equity firm merges the newly acquired ForgeRock with Ping Identity, combining two of the biggest names in enterprise IAM market.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...