Leading Turkish Bank Enhances Cybersecurity with Deepinfo

Industry: Banking and Finance 
Solutions: External Attack Surface Management (EASM), Cyber Threat Intelligence (CTI), Brand Risk Protection (BRP)

A prominent Turkish bank with over 40 years of history and part of a global banking group serves millions of customers nationwide. Owning several subsidiary brands, the bank operates in a highly dynamic and competitive environment. As cyber threats become increasingly sophisticated, the bank recognized the need to bolster its cybersecurity posture to protect its assets, customers, and reputation.

  • Expanding Digital Footprint: The bank's extensive network of assets—including multiple domains, subdomains, IP addresses, and cloud services across various brands—made it challenging to maintain comprehensive visibility and control.
  • Sophisticated Cyber Threats: Facing persistent threats such as phishing attacks, fraudulent domains, and data breaches involving customer credentials and payment information.
  • Regulatory Compliance: Adhering to stringent financial regulations and data protection laws required robust cybersecurity measures and proactive risk management.
  • Existing Solutions Limitations: Despite using other cybersecurity products, the bank struggled with gaps in asset visibility and threat detection.
External Attack Surface Management (EASM)

Initially, the bank integrated Deepinfo's External Attack Surface Management (EASM) solution to gain complete visibility over their digital assets and identify potential vulnerabilities.

 

  • Smart Asset Discovery: Automatically identified all internet-facing assets, including unknown or forgotten ones associated with the bank and its subsidiary brands.
  • Continuous Scanning: Monitored assets in real-time for vulnerabilities, misconfigurations, and compliance issues across WHOIS, DNS, SSL, HTTP, open ports, and more.
  • Comprehensive Risk Detection: Assessed and prioritized vulnerabilities, enabling proactive remediation.
  • Remediation with Actionable Insights: Provided precise guidance to mitigate identified risks efficiently.
  • Complete Risk Scoring: Assigned risk scores based on vulnerability severity and potential impact.

 

Outcome from EASM Implementation

  • Enhanced Visibility: Discovered over 1,200 previously unknown assets, including legacy web applications and unsecured cloud instances.
  • Risk Reduction: Identified and remediated critical vulnerabilities, reducing the attack surface by 50%.
  • Improved Efficiency: Streamlined vulnerability management processes, saving time and resources.

 

Impressed by the results, the bank expanded their use of Deepinfo's platform to include Brand Risk Protection (BRP).

Brand Risk Protection (BRP)
  • Fraudulent Domain Monitoring: Detected and tracked unauthorized domain registrations and websites impersonating the bank or its subsidiary brands.
  • Managed Takedown Services: Assisted in removing fraudulent sites to prevent phishing attacks and protect customers.
  • Social Media Monitoring: Monitored social media platforms for unauthorized use of the bank's brand and logos.
  • Search Engine Monitoring: Identified harmful content associated with the bank in search results.

 

Outcome from BRP Implementation

  • Brand Integrity Preserved: Successfully detected and took down over 150 fraudulent domains and phishing sites within the first three months.
  • Customer Protection: Prevented numerous phishing attacks, safeguarding customers' personal and financial information.
  • Reputation Management: Maintained trust with customers by proactively addressing brand misuse.

 

To further enhance security, the bank implemented Deepinfo's Cyber Threat Intelligence (CTI) solution.

Cyber Threat Intelligence (CTI)
  • Compromised Client Credentials Monitoring: Detected if customer login information appeared on the dark web or in data breaches.
  • Compromised Payment Credentials Monitoring: Identified exposure of customer credit card information.
  • Threat Actor Intelligence: Provided insights into threat actors targeting the financial sector, including their tactics and techniques.
  • Data Breach Index: Accessed historical data breaches for analysis and pattern recognition.

 

Outcome from CTI Implementation

  • Early Threat Detection: Identified instances of compromised client credentials, allowing the bank to prompt password resets and notify affected customers promptly.
  • Fraud Prevention: Detected and mitigated potential fraud involving exposed credit card information.
  • Enhanced Threat Awareness: Gained valuable insights into emerging threats specific to the banking industry, enabling proactive defense strategies.

Results

  • Comprehensive Asset Visibility: Achieved full awareness of all digital assets across the bank and its subsidiary brands, eliminating blind spots.
  • Proactive Risk Mitigation: Reduced critical vulnerabilities by 70% through continuous monitoring and timely remediation.
  • Strengthened Brand Protection: Preserved brand integrity and customer trust by effectively combating phishing and fraud.
  • Improved Regulatory Compliance: Demonstrated proactive measures in protecting customer data and assets, aligning with financial regulations such as GDPR and PCI DSS.
  • Operational Efficiency: Optimized cybersecurity operations by integrating Deepinfo's solutions with existing workflows and systems.

 

Why Deepinfo?

  • Holistic Solutions: Provided a unified platform addressing multiple cybersecurity needs.
  • Actionable Intelligence: Delivered precise, easy-to-implement recommendations.
  • Scalable Platform: Adapted to the bank's growing asset base and evolving threat landscape.
  • Expert Support: Offered dedicated support and collaboration to maximize the platform's benefits.
  • Seamless Integration: Integrated smoothly with the bank's existing security tools and processes.
Deepinfo has been a game-changer for our cybersecurity strategy. Their EASM solution provided visibility into assets we didn't even know existed, allowing us to address vulnerabilities proactively. The addition of BRP and CTI has significantly enhanced our ability to protect our brand and customers from sophisticated threats. The platform's comprehensive approach and actionable insights have made it an indispensable part of our security operations.
Mehmet Demir
Chief Information Security Officer

Request Demo

Your information will be kept private.
Trusted by leading companies worldwide, the Deepinfo Security Platform is the preferred choice for continuously managing cyber threat exposure.