Standard Bank has deployed RiskIQ’s suite of products to automate the discovery and threat analysis of brand infringement, cybercrime and web-based attacks against its digital presence.
The African Bank, which offers a range of banking and related financial services, has a presence in 20 countries across the continent as well as other selected emerging markets.
With it increasing its online presence across web, mobile and social channels, the bank realised its central security team lacked visibility into legitimate mobile applications published in the primary app stores being copied and distributed through secondary and affiliate app stores, which could be modified to be malicious, leading to brand and customer impact.
To automate the discovery and threat analysis of the full digital presence, Standard Bank selected RiskIQ as its digital threat management partner, using both RiskIQ Digital Footprint and RiskIQ External Threats solution.
RiskIQ now provides Standard with ‘in-depth information’ about its digital assets and highlights potential risks. The bank’s security team uses this information to ensure compliance with corporate standards and central visibility of all digital assets, alerting them to changes such as new redirections appearing on webpage links. The team also uses RiskIQ intelligence to clean up domain and certificate registrations and find and update older untrusted certificates across its web estate.
“The intelligence provided by RiskIQ has enabled visibility and collaboration between our central and decentralized teams to continually improve our security posture and protect the bank and our customers from cyber threats,” said Robin Barnwell, Head: PBB IT Security. “RiskIQ has now become the CMDB for our Digital Footprint assets.”
To uncover brand-related threats, Standard Bank uses Mobile Threats and Domain Infringement, both part of RiskIQ’s External Threats solution.
Using Mobile Threats, the security team can track where apps are published and request the removal of apps that end up in unauthorised stores, as well as identify and track mobile apps not owned by them that leverage their brands. The Standard Bank team also uses the Domain Infringement module to identify newly-registered domains that infringe on its brand.
RiskIQ provides a range of solutions, including threat intelligence, brand protection, email security phishing, social media security, mobile app monitoring, incident response, security operations center and digital ad quality, among others. For Compliance, RiskIQ Digital Footprint provides automated discovery and intelligence on internet-facing assets connected to a business, allowing security teams to pinpoint exposures and reduce an organisation’s digital attack surface.
After discovery, Digital Footprint provides faster prioritization of remediation activities through the correlation of exposed digital assets, vulnerabilities, and and security gaps. Automated analysis classifies and validates security controls, including our new PII/GDPR analytics that tag assets that collect personally identifiable information (PII) or track visitors using cookies.
Copyright © 2018 RegTech Analyst
Copyright © 2018 RegTech Analyst