schedule a demo

Securing Identities in the Financial Sector

Updated: Sep 29

 

This weekend I will be headed to the FS-ISAC FinCyber Today Summit. It will be great to connect with the FS-ISAC members who protect the financial sector and the billions who rely on it. The theme of the event is “Forging a Resilient Future” and one of the tracks that is near and dear to my heart as the CEO of AuthMind is “Managing Identities and Access.”

 

To me, it is no surprise that this is one of the tracks at the event. Enterprises in the financial sector need to move fast to provide differentiated digital services to their customers while also providing a great digital experience to their team members. This has led to a massive increase in the number of identities that these organizations need to manage and secure.

 

These identities could be DevOps team members in a business unit who have to bring a new application online ahead of the competition, so they set up their own identity services to get things done fast. Or they could team members in marketing who discovered a new SaaS application they really love and started to use it by accessing it from local accounts they set up all by themselves.

 

Many of these identities are also increasingly third parties, working from office and home-based locations all over the world. Financial services firms leverage third parties such as freelancers and business process outsourcing (BPO) organizations to scale their operations more efficiently and gain faster access to specialized skills and knowledge.

 

And if all of this wasn’t already complicated enough already, security teams in the financial sector also have to deal with more and more machine identities, especially as more of their operations become automated. In fact, machine identities are growing faster than human identities on organizational networks, with software bots used in finance, accounting, business, and IT leading the way.

 

As a result, financial services companies are challenged to secure an ever-expanding identity attack surface. The FS-ISAC team stated it well when they asked, “How can we outsmart the con men to ensure availability only to the right people?” As identity and access management (IAM) and threat management and response teams in the financial sector work together to address this question, they are leading the way as early adopters of identity security and posture management (ISPM) and identity threat detection and response (ITDR) solutions to detect and remediate identity security gaps that aren’t addressed by their identity infrastructure or existing security controls.

 

AuthMind is already working with leading organizations in financial services who have adopted AuthMind’s identity security posture management (ISPM) capabilities to continuously detect and remediate identity security gaps before these weaknesses can be exploited by attackers. This includes identifying when a user authenticates to an asset and is not performing MFA in accordance with an organization’s security policies, identifying forgotten and failed to authenticate service accounts, and detecting identities with compromised passwords, to provide a few examples of how AuthMind’s ISPM capabilities have helped.

 

AuthMind is also working with security operations center (SOC) teams at these same financial services firms to provide them with centralized visibility to all identities, both managed and unmanaged, to reduce response times and disrupt attacks in process. With AuthMind’s identity threat detection and response (ITDR) capabilities, SOC teams can combine information from all identity sources into a single view to quickly detect, investigate, and respond to security incidents involving compromised identities.

 

If you work in financial services and are coming to the FS-ISAC FinTech Summit, I’d love to see you there but if not, don’t hesitate to reach out if you’d like to discuss how AuthMind can help your organization address identity threats.