Visa, FireEye Attack Cybercrime

Visa and FireEye have moved the announcement of their fraud-prevention partnership to the next level — with the launch yesterday (Oct. 13) of a new Cyber Intelligence Service. Visa Threat Intelligence, Powered by FireEye, is the first solution to come out of the partnership that Visa and FireEye launched in June.  

Designed to deliver real-time threat information to merchants and issuers, the service will provide subscribers with access to a Web portal that includes timely alerts on malicious actors, attack methods and trends, and in-depth forensic analysis from recent data breaches. The goal is to help the payments ecosystem receive data that they can turn into actionable information in a timely manner. Visa believes that gaining real-time insights into the attackers’ tactics, techniques and procedures (TTP) enable security analysts and incident responders to quickly prioritize and respond to the threats at hand.

Each week, merchants and card issuers receive thousands of alerts about possible cyber attacks, making it difficult to know which ones to focus on,” said Mark Nelsen, Senior Vice President of Risk Products and Business Intelligence, Visa Inc. “Visa Threat Intelligence removes the noise by assessing hundreds of threat indicators and serving up the most important and timely information. Users can then isolate and address those threats that are the most pressing and potentially damaging to their business and customers.”

Visa says that Visa Threat Intelligence is unique given its access to FireEye Data, which leverages its decade-long visibility at the front lines of major cyber attack investigations combined. In addition, data is derived in real time from 10M sensors deployed around the world. Subscribers will also gain access to subject matter experts from diverse domains who track and analyze the financial and political dimensions of cyber threats worldwide and who can provide a deep understanding of the human attackers behind threats – specifically as it relates to card theft.

Subscribers also have access to Visa data gathered from observed threats against the payment ecosystem. Attacks against merchants and financial institutions are continually analyzed to produce verified Indicators of Compromise (IOCs). Visa has one of the broadest spectrums of cyber threat information across the payment ecosystem as a result of its visibility into active payment card data compromises, a valuable source for understanding emerging threats to the payment ecosystem.

Subscribers are also able to participate, via access to a secure platform, to what Visa describes as “trusted communities [which] safely exchange real-time threat intelligence.” The sharing of information, of course, is viewed by the Visa and FireEye teams as a key aspect of this initiative. The ability to share “emerging indicators or compromise details” can be a critical step to isolating and shutting down a threat before it can harm multiple banks or merchants.  

“Leveraging community-based intelligence is crucial to a comprehensive defense strategy, because many attack groups run campaigns that target organizations with a similar profile,” Visa noted.

“Attack groups are exceptionally skilled at executing an attack across multiple organizations, identifying successful techniques and scaling those methods to an entire industry,” said Grady Summers, Chief Technology Officer at FireEye, Inc. “By partnering with Visa, we can provide targeted intelligence to the payments industry to combat the economies of scale that attackers employ and help create a community united in a common defense.”

But as the industry has shown, as cybercriminals get smarter, so must cyber intelligence. That’s why Visa and FireEye already have plans in the works to launch more solutions aimed at identifying malicious communications and recommending remediation steps in relation to network activity — including infection rates across the network.

Nelsen explained in a June interview with MPD CEO Karen Webster that major cyber attacks like those that hit JPMorgan Chase were the “eye-opener” for Visa executives, and sparked the security trends seen today — both because of the critical nature of security, but also the complexities that surround the issues.

“A heightened awareness of the types of breaches and types of attacks that are occurring led us to decide we need to partner more to figure out how we can really provide additional coverage and benefits to the ecosystem,” Nelsen said.

Rich Stegina, VP of Technology Alliance Partners at FireEye, underscored at the time why today is the time to continue developing more intelligent cyber services for the merchant and issuer community,

“There are a lot of new forms of payments coming out and because of that it opens the door for new types of vulnerabilities and new types of threat actors,” Stegina said.

This solution offers access to APIs to automatically feed threat indicator data into their own company security systems, as well as advanced tools that analyze and isolate malicious indicators from malware to identifying suspicious activity from IP addresses and domains.