Leading Bank Reduces Takedown Time from Months to Hours with Bolster
““Bolster is able to weave through all of the potentially malicious domains and identify the most critical or active ones, and then take them down all in the same platform.””
Threat Intelligence Manager at Leading Bank
As a major bank, with over 33 billion in assets, this Bolster customer offers the whole gambit of financial services for their customers, including investment banking, credit services, home and auto lending, as well as the standard checking and savings accounts. Named as one of America’s Best Banks for six years in a row, this organization prioritizes a positive customer banking experience.
With numerous subsidiaries, over 3,000 employees, and customers around the world, this leading bank has many moving parts for their internal team to oversee. As part of the financial industry, this bank experiences many of the common cybersecurity and regulatory pressures that come with overseeing money and personal information.
Similar to many financial corporations, this leading bank was experiencing a heightened number of cyber threats targeting their large network of employees and customers. Due to the easily replicable nature of their company name (think common nouns and words that are easy to misspell), the organization faced an overwhelming number of lookalike domains.
It was not feasible for this bank to purchase all of the lookalike domains, because of just how many exist that are up and live, and how much it would cost to own every possible version of their legitimate domain. The typosquat domains weren't always malicious and active, but at the rate they were popping up it was hard for the bank to keep track of which were potential threats. Without the right tools to determine the risk level associated with each typosquat domain, domain management was left to their internal teams to monitor for risks.
“We just aren’t going to buy up the thousands and thousands of domains that are out there and similar to ours,” says the bank’s Threat Intelligence Manager. We just have to monitor.”
The marketing and communication team at the bank were struggling to monitor for malicious uses of their brand for phishing attacks across the internet, each of which potentially damaging to the company image. And while the business’s internal legal team was there to conduct domain takedowns when needed, cyber threats were not their only responsibility. This meant when cyber risks were brought to their desk, they weren’t always able to deal with them immediately and sometimes took months to take a website down.
The Burden of Proof
This leading bank has an internal threat intelligence team focused on discovering risks, but the team quickly realized that a technical solution would be required to monitor the vast landscape of typosquat domains. Their internal legal team was pulled in many different directions, so it was important for their time to only be spent on security issues that were proven to be malicious. It was critical for the business that the threat intelligence team ensures domain takedown requests are backed by proof a site is malicious.
Depending on the origin of the malicious domain, the team could be trying to gain contact with domain hosting providers around the world. Different geographic locations require different legal hoops, so it’s critical that time is spent on gathering the correct evidence for the malicious domains. Obtaining proof can be difficult and requires many manual hours scanning domains and figuring out which are malicious, which are using branded assets, and which might just be sitting dormant. Even with common internet scanning technology that points out where potential typosquat threats exist, this leading bank was left spending weeks to months at a time narrowing down on the biggest dangers to their business.
After comparing a few different digital risk protection technologies, this leading bank chose Bolster’s leading typosquat monitoring and automatic takedown technology to efficiently combat their phishing, brand, and reputational threats. By integrating with Bolster, the organization was able to reduce the pressure on internal teams and trust the technology to conduct automatic daily scans for threats across the internet.
Originally introduced to Bolster through Bolster’s open source phishing threat intel service Checkphish, the leading bank ultimately decided to integrate with Bolster when discovering the all-in-one capabilities of the product. “When we realized we could not only detect malicious domains, but also conduct takedowns all in Bolster’s platform, it removed another step from the process that we could do all with the same technology,” says the organization’s Threat Intelligence Manager. Bolster also fits seamlessly into the organization’s tech stack, helping verify threat data collected through varying sources.
The Power of AI
Another major win for the bank was to have access to the scanning data Bolster picked up day to day. By being able to visualize the evidence Bolster collects when scanning typosquat domains, whether it was the use of their company name, logos, or other branded assets, the bank could trust Bolster’s innovative detection capabilities, while learning about the types of hackers targeting their brand. Access to the scanned images also helped the team weed through the less pressing issues and focus on the biggest threats.
The Bolster image scanning technology and artificial intelligence became a trusted tool in their process, because Bolster would catch malicious domains not only if they text or image matching, but if the content on the page was similar enough to the legitimate business. Even if the color or font on the malicious websites was slightly different or variant, which is common with some of the crypto scams they’ve had target their organization, Bolster’s AI-powered engine still detects it, and analyzes the page with human-like knowledge of similarities.
“Bolster is able to weave through all of the potentially malicious domains and identify the most critical or active ones, and then take them down all in the same platform.”
With access to Bolster’s scanning data and trusted takedown technology, this leading bank reduced their average time to takedown a malicious website from over 30 days to less than 12 hours. Before Bolster, the bank’s manual process of detecting a threat and deciding whether to move it to the takedown stage resulted in a lengthy active period for the malicious domains. With Bolster, the company trusts that threats will be detected as soon as they become malicious, and then taken down automatically, without any interaction needed from the internal team.
“I had logged off one Friday afternoon before a malicious site went active. Bolster took it down quickly, even after our internal group had started their weekend. I didn’t have to do anything,” says the bank’s Threat Intelligence Manager.
The team is confident in Bolster’s ability to take down sites as soon as they become malicious, but also to monitor potentially threatening domains that don’t need action taken yet. Relying on Bolster to monitor threat activity on potentially malicious sites has relieved a lot of the pressure on the internal security team and helped give back time to focus on larger security initiatives.
Bolster has also given time back to the marketing and communication teams at the bank, who were previously actively involved in the monitoring and threat detection process. With Bolster’s daily scanning and machine learning technology actively assessing brand impersonation threats, the internal teams no longer must spend time evaluating threats themselves. Bolster actively helps safeguard the company’s brand, but also protects critical PII (personally identifiable information), helping the organization maintain its trusted reputation in their industry.
The difference Bolster has made in company operations and protecting brand reputation has been felt across the board, even helping the security and risk teams relay the team successes and program status to their company leaders. “Management above me know who Bolster is, and the success we’ve had with takedowns. They couldn’t be happier with the solution,” says the bank’s Threat Intelligence Manager.
“Bolster was monitoring a typosquat domain, and for months and months it remained dormant. There was never concerning activity, so we didn’t expect anything of it. Then a few weeks ago a page actually went live on it, and Bolster took it down within hours. We didn’t have to worry.”
Customer Success that Works for Your Business Needs
On top of the program benefits Bolster has brought to the table for this leading commercial bank, they’ve also enjoyed working with Bolster’s robust team of customer success and SOC professionals.
“The SOC team is amazing, they work so fast and have stuff taken down before I’ve even seen the threat alert in my inbox,” says the company’s Threat Intelligence Manager. “It’s been a fantastic and easy experience.”
The leading bank has found Bolster’s SOC team to respond quickly to detected security events and trusts the team to act on the organization’s behalf when deciding to conduct automatic takedowns, drastically reducing the lifespan of the typosquat domains targeting their network. The Bolster customer success team has also reacted efficiently to inquiries from the organization’s security team and has provided support and proactive problem solving when the bank needed.
“It’s been a fantastic and easy experience; I couldn’t be happier with the product.”
Bolster customers experience a 278% ROI when integrating our digital risk protection services into their programs. If your team is interested in how Bolster can work for you, request a demo with our customer-centric team today.