ForgeRock offers AI-based solution for identity-based cyberattacks

ForgeRock, a global identity and access management company, has introduced ForgeRock Autonomous Access, a new application that uses AI to prevent identity-based cyberattacks and fraud. 

The application monitors login requests in real-time to block malicious attempts and add authentication steps for anomalous behavior, while streamlining access for authorized users.

“We believe that modern AI-driven solutions have the ability to protect organizations and their customers and employees from damaging and costly cyberattacks and fraud,” says Peter Barker, chief product officer at ForgeRock. “Our approach is to use AI to stop bad actors at a massive scale and reduce the risk of account takeovers.”           

ForgeRock Autonomous Access is a SaaS solution embedded into the ForgeRock Identity Cloud, a comprehensive identity and access management (IAM) platform, and will be available in June, according to Barker.

Autonomous Access is supported by a proprietary combination of algorithms powered by AI, machine learning — a subset of AI where, for example, predictions and threat assessment become more precise as a system ingests more data — and advanced pattern matching.

“ForgeRock Autonomous Access enhances the vendor’s existing and intuitive workflow design tools to enable intelligent orchestration of risk-based and low-friction identity security that easily adapts to meet each organization’s unique requirements,” says Steve Brasen, research director at consulting firm Enterprise Management Associates.

AI models trained to detect anomalous behavior

The application uses multiple AI models to detect anomalous behavior, including UEBA (user behavioral analytics) for regular users, and other models for first-time and infrequent users. Additionally, it uses machine learning to analyze data fed back from each login session, indicating whether anomalous activity turned out to be a known user or a failed login attempt.

On top of this, the application will use pattern matching heuristics to stop known threats by preventing bot attacks, credential stuffing, suspicious IP, and other forms of cyberattacks.

“ForgeRock’s continued investment in AI across its platform helps customers with what they need — the ability to make intelligent decisions quickly and with confidence,” says Martin Kuppinger, founder and principal analyst at KuppingerCole. “Antifraud capabilities are important and need to complement existing services that customers use. Autonomous Access is a complementary solution that comes fully integrated with ForgeRock’s user journey orchestration.”

No-code interface streamlines processes for admins

ForgeRock Autonomous Access aims at eliminating costly deployment and integration of disparate point solutions. It’s also designed to enable IT admins to create any number of personalized user access journeys with a drag-and-drop, no-code interface.

This feature allows for IT admins to design tailored experiences for every login attempt based on the level of risk. For instance, known users with low-risk scores can be allowed options like passwordless authentication, while those with anomalous behavior can be prompted with added authentication or blocked and sent on different journeys for further analysis and remediation.

“Smarter protection through AI empowers IT admins to make intelligent decisions more quickly, and with a higher degree of confidence, which leads to lower deployment costs and easier integration,” adds Barker.

Ransomware plagues finance sector as cyberattacks get more complex

Ransomware plagues financial institutions as they face increasingly complex threats over previous years owing to the changing behavior of cybercriminal cartels, according to VMware’s latest Modern Bank Heists report.

This has happened as the cybercrime cartels have evolved beyond wire transfer frauds to target market strategies, take over brokerage accounts, and island-hop into banks, according to the report. 

For the report, VMware surveyed 130 financial sector CISOs and security leaders from across different regions including North America, Europe, Asia Pacific, Central and South America, and Africa.

Report findings were consistent with observations by other security experts. “The Secret Service, in its investigative capacity to protect the nation’s financial payment systems and financial infrastructure, has seen an evolution and increase in complex cyber-enabled fraud,” says Jeremy Sheridan, former assistant director at the US Secret Service. “The persistent, inadequate security of systems connected to the internet provides opportunity and methodology.”

Conti ransomware reported as most prevalent

Ransomware continues to plague companies, with 74% of the surveyed security leaders reporting that they experienced one or more attacks in the past year, and 63% saying they ended up paying ransom. Conti ransomware was found to be the most prevalent.

Sixty-three percent of the respondents acknowledged experiencing an increase in “destructive attacks” in which cybercriminals destroy data and evidence of their intrusion. This was a 17% jump from the last year. These attacks involve malware variants that destroy, disrupt or degrade victim systems by taking actions such as encrypting files, deleting data, destroying hard drives, terminating connections, or executing malicious code.

Although 71% of the survey participants noted increased wire transfer fraud in their organizations, many said that cybercriminals have moved on from activity related to wire transfers and access to capital, to targeting non-public market information. Two out of three (66%) financial institutions experienced attacks targeting data related to market strategies.

“The market strategies that are most targeted are long-term portfolio positions, confidential merger and acquisition information, and IPO filings,” says Tom Kellermann, head of Cybersecurity Strategy at VMware. “Modern market manipulation aligns with economic espionage and can be used to digitize insider trading.”

Additionally, security leaders in 63% of the financial institutions polled said they experienced an increase in brokerage account takeover, up from 41% last year. Attackers are increasingly  leveraging compromised login credentials to move freely in the network and gain access to the brokerage accounts.

Survey respondents also said they observed Chronos attacks, a term borrowed from the Greek god of time, which involve manipulating time stamps on security trades. Sixty-seven percent of financial institutions reported Chronos attacks and 44% of such attacks targeted market positions.

“Although the damage radius of Chronos attacks isn’t large, manipulating time undermines safety, soundness, trust, and confidence in the financial sector,” says Kellermann. “Financial institutions need to keep a close eye on the clock and ensure that security teams are prepared to protect the integrity of time.”

Island hopping has emerged as one of the most threatening attack trends and was reported as affecting 60% of the financial institutes polled, a 58% jump from the last year. In island hopping, cybercriminals study the interdependencies of financial institutions and understand which managed service provider (MSP) is used. This, in turn, allows them to target these organizations in order to island hop into the bank.

Cryptocurrency exchanges have emerged as a bigger concern over the years and about 83% of respondents expressed concerns over their security.

Top defenses for financial firm CISOs

The report has recommended a few top defenses for CISOs and security leaders to defend against these attacks:

  • Integrating NDR with EDR: network detection and response (NDR) needs to integrate with endpoint detection response (EDR) for real-time, continuous monitoring of systems to detect and investigate potential threats.
  • Apply micro segmentation: restrict lateral movement by enforcing trust boundaries will improve detection.
  • Deploy decoys: utilize deception technology to divert the intruder.
  • Implement DevSecOps and API security: introduce security early in the life cycle of application development.
  • Automate vulnerability management: prioritize risk to focus on high-risk vulnerabilities.

“Investments in API security and workload security are necessitated, and increased dialogue between the surveillance department and information security departments must occur to thwart digital front-running,” says Kellermann. “The CISO must also report to the CEO and regularly brief the Board in order to ensure a smooth flow of discussion and transparency.”

Top 8 cybersecurity predictions for 2022

As global economies look to exit the pandemic chaos, there is a cloud of uncertainty around navigating the new normal. While enterprises tout their efforts to accelerate digital transformation efforts, for security leaders in business there is a dark side to the rapid deployment of new technology.

Remote work, virtual meetings, hybrid cloud networks, and SaaS adoption have all brought about complex IT infrastructures that are opening up new threat avenues. Meanwhile, CSOs also must help ensure their organizations are in compliance with new regulations.

The recent onslaught of attacks, network vulnerabilities, and new compliance regimes means CSOs have their work cut out for them as they enter 2022. CSO has collected insights from analyst firms and industry experts to arrive at a list of top cybersecurity predictions for the year. 

1. Companies to prioritize supply chain resiliency, responsible sourcing

Threat actors are progressively targeting smaller vendors and suppliers, making supply chain, or third-party, breaches almost inevitable. There have been a growing number of reports of third-party incidents plaguing firms. “60% of organizations will use cybersecurity risk as a primary determinant in conducting third-party transactions and business engagements,” according to a Gartner prediction report. Before onboarding  new suppliers or renewing contracts, companies will demand agreement on policies stipulating that their vendors will assume the risk of third-party attacks, paying for costs of remediation, the report suggests.

2. Privacy legislation will accelerate globally

As data residency continues to be one of the most important components of security, modern privacy laws could be expected to cover the personal information of 75% of the worldwide population, according to the Gartner prediction report. “The sheer scope of laws like GDPR, LGPD [Brazil’s general data protection law), and CCPA [the California Consumer Privacy Act] suggests that compliance officers will be managing multiple data protection legislation in various jurisdictions, and customers will want to know what kind of data is being collected and how it’s being used,” said the Gartner prediction report. According to Ben Smith, field CTO at network security company Netwitness, the flexibility of an organization’s IT architecture will become even more important as new privacy regulations are passed and enforced. “Regardless of your corporate size, if you are charged with securing your global organization, be thinking about your own architecture and where the data is collected, where it lives, and where it is handled,” Smith says.

3. Hiring of resident compliance officers will pick up

As organizations face new regulations, there will be a demand for resident compliance officers to help navigate through the complex and evolving dictates. “Compliance officers will certainly rise on the recruiters’ agenda as regulatory bodies mandate there be a ‘single throat to choke,'” says Liz Miller, an analyst from Constellation Research. “Although, that’s exactly the opposite of what we need. What we do need are skilled tacticians and strategies, which can be trusted voices and leaders within (and across) an organization, capable of translating the complexity of new (and constantly shifting) global regulations into real business value for everyone from the CEO to the mailroom.”

4. Bossware will affect employee engagement and insider threats

With a major chunk of the global workforce forced to work from home by the pandemic, there is an upsurge in the usage of software that allows supervisors to monitor employees at all times. This has upset the remote working ecosystem to some extent, escalating employee distress. “Tattleware (also bossware) will degrade employee experience by 5% and increase insider threats in 2022,” according to a security prediction report by Forrester. “Employee backlash will grow as firms overreach, leading to an appreciable drop in technology satisfaction and employee engagement.” This, according to the report, may also lead to CISOs overcorrecting by reducing the scope of insider threat programs, thereby increasing risks.

5. Security products, supplier management will be consolidated

With major business processes moving to complex cloud environments, there will be a push on the part of enterprises to streamline management of security product suppliers. According to the Gartner prediction report, enterprises will look to adopt cloud delivered secure web gateways (SWGs), cloud access security brokers (CASBs), zero trust network access (ZTNA), and firewall as a service (FaaS) capabilities from the same vendor. 

Vendors themselves will consolidate features formerly found in separate applications.  “The growing complexity of cloud, cloud-native and devops environments will also lead to consolidation of functionality, with vendors tackling use cases from IT observability for security to cloud security posture management (CSPM), cloud workload protection, cloud asset attack surface management, and more,” says Scott Crawford, research director for information security at 451 Research. 

6. Spending on threat detection and response to   grow

As significant malware campaigns — including ransomware, spearphishing, and sideloading attacks — proliferated in 2021, CISOs started focusing on getting ahead of cyberattackers in order to protect their businesses.  “In 2022, we expect the many high-profile and far-reaching attacks in 2021 to drive further spending in threat detection and response — the area most frequently reported by respondents to our 451 Research Voice of the Enterprise: Information Security surveys, where they either have deployments in pilot/POC or plan to deploy in the next 6-24 months,” says 451’s Crawford. 

7. Cyberinsurance premiums will increase

Cyberinsurance will be more expensive, with premiums shooting up, in the wake of recent high-profile cyberattacks. “Cyberinsurances are much more expensive these days as costs surge, and are most likely to continue soaring,” says Constellation’s Miller. “Insurances are like double-edged swords: While they do provide security coverage and have become a ‘must-have’ for organizations, they have also alerted the attackers to asking for even more ransom in the attacks, knowing it’s all covered.” Insurers, hurting from the losses assumed from old policies, are increasing prices by 25%-27% on average, she noted.

8. Use of CDT (customer data tokens) and BAT (basic attention tokens) to rise

Several experts have been predicting the launch of blockchain-enabled tokens as compensation to security-conscious customers for gathering and using their data. “In the coming few years, 25% of the Fortune Global 500 will employ blockchain-enabled CDT and BAT to compensate their customers,” according to a report by IDC.

 “The idea of compensating visitors/customers with tokens for their time, data, or mere attention has long been an attractive concept to marketers who keep watching the impact and outcomes of their media investments,” adds Constellation’s Miller, citing Brave, an open-source web browser. “One such model recently announced by Brave could be a testing ground to see if even the most privacy-aware and sensitive users like Brave users are willing to watch ads or engage with ad-sponsored content in exchange for a BAT that could be used to support publishers and content producers.” Brave encourages users to turn on optional ads in exchange for BATs as a reward for their attention to the generated content. Users may pass their tokens to publishers as a way to support selected sites or retain them to, for example, exchange them for premium content.