Join our daily and weekly newsletters for the latest updates and exclusive content covering cutting-edge AI. Learn more
Financial services companies are battling increasingly sophisticated identity attacks aimed at stealing billions and disrupting transactions, destroying the trust that took years to build.
Cybercriminals continue to refine their skills, targeting the industry’s identity security gaps. To try to militarize LLMs to use the latest contradictory technologies AI techniques for stealing identities and get involved synthetic fraudcybercriminals, crime syndicates and state actors are all preying on financial services.
Here’s how Pricing businesses (formerly Guarantee Rate) is tackling these increasingly complex identity-based attacks – and what other industries and business leaders can learn from their strategy.
How Rate Companies Defends Against AI-Driven Threats
Financial institutions face more than $3.1 billion of exposure to synthetic identity fraud, which increased by 14.2% over the past year, while deepfakes jumped 3,000% and are expected to further increase by 50 to 60% in 2024. Not to mention that SMS, AMF fatigue and identity theft have become alarming.
As the second-largest retail mortgage lender in the United States, Rate handles billions of sensitive transactions through its systems daily, making the company a prime target for cybercriminals.
VentureBeat recently sat down (virtually) with Katherine Mowen, the financial institution’s senior vice president of information security, to gain insight into how it is orchestrating AI into Rate’s infrastructure, with a strong focus on emphasis on protecting the identities of customers, employees and partners.
“Due to the nature of our business, we face some of the most advanced and persistent cyber threats,” Mowen told VentureBeat. “We’ve seen others in the mortgage industry get hacked, so we needed to make sure it didn’t happen to us. I think what we’re doing right now is fighting AI with AI.
Mowen explained that AI threat modeling is crucial to protecting customer identities and the billions of dollars in transactions the company makes each year. She also pointed out that “even the best endpoint protections don’t matter if an attacker simply steals user credentials.”
This realization has driven Rate to improve identity-based anomaly detection and incorporate real-time threat response mechanisms. The company has adopted a zero trust framework and mindset, anchoring every decision around identity and continuous verification.
Today, Rate operates with a “never trust, always verify” approach to validating identities, which is a fundamental concept of zero trust. Using AI threat modeling, Rate can define least privileged access and monitor every transaction and workflow in real time, two additional cornerstones of a robust zero trust framework.
The company recognized the importance of tackling the increasingly short time to detection and response: the average time to attack for cybercrime is now just 62 minutes. To meet this challenge, the organization adopted the “1-10-60” SOC model: 1 minute to detect, 10 minutes to triage and 60 minutes to contain threats.
Lessons from Rate on Building a Defense Against AI Threat Modeling
To scale and respond to the cyclical nature of the mortgage industry (staff can grow from 6,000 to 15,000 depending on demand), Rate needed a cybersecurity solution that could easily scale licenses and unify several levels of security. Each AI threat modeling vendor offers special pricing deals to bundle modules or applications to achieve this. The most relevant solution for Rate is CrowdStrike’s adaptable licensing model, Falcon Flex, which has allowed Rate to standardize on the Falcon platform.
Mowen explained that Rate also faced the challenge of securing each regional and satellite office with the least privileged access, monitoring identities and their relative privileges and setting time limits for access to resources while monitoring in constantly each transaction. Rate leverages AI threat modeling to precisely define least privileged access, monitoring every transaction and workflow in real time, two cornerstones necessary for building a framework of trust zero scalability.
Here’s a look at Rate’s lessons learned from using AI to thwart sophisticated identity attacks:
Identity and credential monitoring is table stakes and this is where security teams need a quick win.
Rate’s information security team began tracking a growing number of complex and unique identity-based attacks targeting loan officers working remotely. Mowen and his team evaluated several platforms before selecting CrowdStrike’s Falcon Identity Protection because of its ability to identify often nuanced identity-based attacks. “Falcon Identity Protection gave us visibility and control to defend against these threats,” Mowen said.
Using AI to reduce noise-to-signal ratio in (SOC) and at endpoints should be a high priority
Rate’s previous provider generated more noise than actionable alerts, Mowen noted. “Now, if we’re alerted at 3 a.m., it’s almost always a legitimate threat,” she said. Pricing was selected for CrowdStrike Falcon Complete Next-Gen Managed Detection and Response (MDR) and Falcon LogScale and Falcon Next-Gen Integrated Security Information and Event Management (SIEM) to centralize and analyze data real-time logs. “Falcon LogScale has reduced our total cost of ownership compared to the bulky SIEM we had before, and it is much simpler to integrate,” Mowen said.
Define a clear, measurable strategy and roadmap to ensure cloud security at scale
As the company continues to grow organically and through acquisitions, Rate needed cloud security that could expand, contract, and adapt to market conditions. Real-time visibility and automated detection of misconfigurations across cloud assets was essential. Rate also required integration into a diverse base of cloud environments, including real-time visibility across its entire information security technology stack. “We manage a workforce that can grow or shrink quickly,” Mowen said.
Look for every opportunity to consolidate tools to improve end-to-end visibility
For AI threat modeling to be successful in identifying attacks, endpoint detection and response (EDR), identity protection, cloud security, and additional modules must all be bundled into one console, Mowen pointed out. “Consolidating our cybersecurity tools into a cohesive system makes everything from management to incident response much more efficient,” she said. CISOs and their information security teams need tools to provide a clear, real-time view of all assets through a single monitoring system, capable of automatically reporting misconfigurations, vulnerabilities and access unauthorized.
“The way I see it, your attack surface isn’t just your infrastructure: it’s also time. How much time do you have to respond? said Mowen, emphasizing that accuracy, precision and speed are essential.
Redefining Resilience: Identity-Centric Zero Trust and AI Defense Strategies for 2025
Here are some key insights from VentureBeat’s interview with Mowen:
- Identities are under siege, and if your industry doesn’t see it yet, it will in 2025: Identities are considered a weak point in many technology stacks, and attackers are constantly tweaking their techniques to exploit them. AI threat modeling can protect credentials through continuous authentication and anomaly detection. This is essential to protect customers, employees and partners from increasingly deadly attacks.
- Fight AI with AI: Using AI-based defenses to combat adversary AI techniques, including phishing, deepfakes, and synthetic fraud, works. Automating detection and response reduces the time it takes to identify and defeat attacks.
- Always prioritize real-time responses: Follow Mowen’s lead and adopt the SOC “1-10-60” model. Speed is essential as attackers set new records for how quickly they can gain access to a corporate network and install ransomware, search identity management systems and redirect transactions.
- Put zero trust at the heart of identity security, enforcing least privileged access, continuous identity verification, and monitoring every activity as if a breach had already occurred: Each organization must define its own unique approach to zero trust. The core concepts continue to prove successful, particularly in highly targeted industries including financial services and manufacturing. Zero Trust assumes that a breach has already occurred, making monitoring an essential part of any Zero Trust framework.
- Where possible, automate SOC workflows to reduce alert fatigue and free up analysts for level two and three intrusion analysis.: One of the key learnings from Rate is the effectiveness of AI threat monitoring when combined with process improvements within a SOC. Consider how AI can be used to integrate AI and human expertise to continuously monitor and contain evolving threats. Always consider how human-based workflow design improves AI accuracy while giving SOC analysts a chance to learn on the job.
