Financial Institution Adopts UpGuard for Breach Detection

Data leak detection helps continuously discover, assess and remediate exposures before they become breaches.

scroll down
Vendor Risk screen shot
BreachSight logo

This multinational provides a wide range of financial services. UpGuard helps prevent data breaches, by continuously scanning their own, as well as third-party vendors helps de-risk their exposure to suppliers and enables them to be proactive in managing third-party vendor risk.

92k

Data leak search results, from a preliminary UpGuard BreachSight scan.

70+

Unique vectors that are continuously searched by UpGuard BreachSight for data leaks.

14

Medium-to-high data exposures that were proactively discovered and closed, before they could impact our customer.

Company overview

Industry

Financial services

Overview

Multinational investment banking and financial services company.

Challenge

Suffered a recent data breach, and wanted to proactively do everything they could to ensure it would not happen again.

Solution

UpGuard BreachSight for Data Leak Detection

About our customer

UpGuard’s customer is a multinational investment banking and financial services company. This organization provides a broad range of personal and commercial banking, wealth management and investment banking products and services.

The challenge

This organization had recently suffered a data breach and wanted to do everything they could to ensure it would not happen again.

They approached us and were taken through a demo of UpGuard BreachSight. Preliminary BreachSight scans showed that they had exposed data from sensitive systems.

Due to normal budgeting cycles, their remediation project was in a pending status when the organization and another bank, were breached again. The organization had a well developed incident response capability. While many of the companies that we make disclosures to take days or weeks to take simple remediation steps, this organization was ready to deploy new tooling within a week to understand the full extent of their exposures.

The solution

The next week, the organization purchased UpGuard BreachSight. Per the onboarding process, the UpGuard team was provided a list of keywords related to the customer’s brand, and either names of business units they were operating, had acquired, or merged with their own properties. Additionally, the UpGuard BreachSight Research Team discovered additional domains used for development and internal processes.

Through the Data Leaks module, our researchers ran exhaustive searches using the provided keywords across 70+ exposure vectors including Amazon S3, Github, file transfer and database systems.

The results were similar to what we've found for other large financial services providers: fourteen previously unknown points of data exposure. After the initial onboarding and investigation of all open exposures, the UpGuard BreachSight Research Team has continued to work with our customer's threat intelligence team to identify, attribute and assess potential risks due to data exposures. Several of these have involved cases where the exposure is due to (and largely concerns) a third party, and during analysis, mentions of our customer have been discovered. This is one of the differentiating strengths of the UpGuard BreachSight platform: there are exposures that cannot be detected with surface level keyword searches but that can be detected during analysis.

Financial services providers are susceptible to third party risk, often needing to work with a variety of vendors to perform complex business functions such as payment processing, underwriting and fraud detection. Given the number of entities involved in the supply chain, it is very common for a third-party to experience an exposure through no fault of their own. UpGuard continues to assist this customer with third-party data exposures, as well as exposures from their internal systems.

The results

92k searches performed

Through a combination of automated searches and analyst interpretation, UpGuard BreachSight discovered over 92,000 keyword-based results that could be potential data leaks.

70+ vectors continuously monitored

Over 70 unique vectors are continuously searched by UpGuard BreachSight for data leaks, including cloud storage, file transfer, databases and code repositories.

14 data exposures assessed and closed

The initial results produced by the BreachSight engine determined that a total of 14 medium-to-high severity data exposures could impact our customer. Our customer was able to close these exposures, and prevent a full scale data breach.

Our initial BreachSight scan helped this customer prevent another potential data breach. However, the benefits of continuous scanning soon became apparent, with 24x7 monitoring put in place.

You’re in good company

Join hundreds of companies like yours using UpGuard to manage their cyber risk, secure their data and automate their security compliance.

quote start
UpGuard helps secure the New York Stock Exchange
Before, we needed an army to reconcile all of our changes. Now, we have an automated, scalable process that strengthens our regulatory stance, expands our coverage, reduces operational risk, and allows us to continuously improve our IT operation process.
quote end
quote end

Chuck Adkins

VP of Technology
New York Stock Exchange
NASA Logo Dark NYSE Logo Light
Morningstar Logo Light Akamai Logo Light
Bill Com Logo Light IAG Logo Light ICE Logo Light ADP Logo Light

See UpGuard In Action

Book a demo with one of our cybersecurity specialists.