IT Science Case Study: Detecting Advanced Cyber Threats

How IBC Bank used machine learning technology to improve its cybersecurity detection and response capabilities for advanced targeted attacks.


Here is the latest article in a new eWEEK feature series called IT Science, in which we look at what actually happens at the intersection of new-gen IT and legacy systems.

Unless it’s brand new and right off various assembly lines, servers, storage and networking inside every IT system can be considered “legacy.” This is because the iteration of both hardware and software products is speeding up all the time. It’s not unusual for an app-maker, for example, to update and/or patch for security purposes an application a few times a month, or even a week. Some apps are updated daily! Hardware moves a little slower, but manufacturing cycles are also speeding up.

These articles describe new-gen industry solutions. The idea is to look at real-world examples of how new-gen IT products and services are making a difference in production each day. Most of them are success stories, but there will also be others about projects that blew up. We’ll have IT integrators, system consultants, analysts and other experts helping us with these as needed.

Today’s Topic: How IBC Bank Successfully Detects, Responds to Zero-day Malware

This IT Science article is about how IBC Bank (IBC) used machine learning technology to detect, respond and minimize the impact of zero-day malware across its enterprise. It was put together using information from IBC Bank Senior Vice President and CISO John Byers based on this case study.

Name the problem to be solved: IBC, the flagship bank of International Bancshares Corp. and one of Texas’ largest holding companies, takes cyber threats seriously because the financial services sector is the most targeted industry globally, according to IBM’s X-Force Cyber Security Intelligence Index. In an effort to combat advanced threats and targeted attacks, IBC looked for a solution to improve its cybersecurity detection and response capabilities.

Describe the strategy that went into finding the solution: In today’s environment, it’s hard to keep up with emerging threats in a way that provides significant efficiencies to the security professionals on the front line.

“Security solutions generate too many alerts, leaving security pros swimming in threat intel and begging for automation,” Byers said. “Protecting our customers’ personal information is of the utmost importance, and in order to do that we deploy the best available solutions managed by our security experts.”

IBC turned to BluVector’s AI-driven network security solution, BluVector Cortex, to deliver fast and accurate malware detection that didn’t rely upon rules or signatures. “BluVector’s approach to detection and response with machine learning gave my team the confidence to respond to an alert, because it poses a real threat,” Byers said.

List the key components in the solution: BluVector Cortex uses supervised machine learning that delivers highly accurate detection rates of advanced threats in milliseconds. Automation aggregates threat and network data that incident response teams use as context for decision-making, shortening the response window from months or days to hours or minutes. As part of a broad security ecosystem, BluVector easily integrates with enterprise-grade cybersecurity infrastructure to bring together a best-of-breed approach to advanced threat detection.

Describe how the deployment went, how long it took, and if it came off as planned: Installed and operational within 30 minutes, BluVector Cortex provided IBC an immediate return in its first week of operation by detecting targeted attacks designed to circumvent traditional malware detection methods. IBC was also able to bolster its visibility into north-south and east-west traffic and gain additional context surrounding the source and intended destination of threats.

Describe the result, new efficiencies gained, and what was learned from the project: IBC’s decision to use BluVector Cortex resulted in significant success. In 2017, IBC faced a new zero-day ransomware threat known as Jaff. Before news about the new zero-day malware broke publicly, IBC’s threat team observed more than 2,000 instances of Jaff in just a week. Thanks to the BluVector Cortex platform, using its Machine Learning Engine (MLE) to sort through the millions of files on the network, the threat team detected Jaff before it even had a name. With that knowledge, the team then used its containment software to halt the further spread of the malware.

“I was impressed with how effective BluVector’s Machine Learning Engine for malware detection was in this case,” Byers said. “BluVector’s platform was the first and only vendor in our infrastructure to detect this event and, more importantly, deliver the surrounding context we needed to respond in a real-time manner.”

Describe ROI, carbon footprint savings, and staff time savings, if any: While IBC could have spent tens of millions of dollars through lost hours of worker productivity and impaired access for its customers, the bank ensured its continuity of operations with no significant effect across its enterprise network.

If you have a suggestion for an IT Science article, email [email protected]

Chris Preimesberger

Chris J. Preimesberger

Chris J. Preimesberger is Editor-in-Chief of eWEEK and responsible for all the publication's coverage. In his 15 years and more than 4,000 articles at eWEEK, he has distinguished himself in reporting...