Case Study: BBCN Bank - Exabeam

Detecting Lateral Movement and Service Account Activity

Financial Services
Use Case

Headquartered in Los Angeles, for more than 30 years BBCN Bank has been serving the largest Korean community in the U.S., as well as a diverse mix of customers in over 59 full-service branches and Loan Production Offices throughout the nation.

With more than $7.8 billion in assets, the strength of BBCN lies in its experienced management team and our focus on responsible risk management practices. The organization’s expertise in small business lending, C&I lending, and international trade finance sets BBCN Bank apart from other community banks.

Security Environment

The bank has invested in a variety of security technologies and techniques, including SIEM, log management, penetration testing, and privileged account management, endpoint detection and response, etc.

Security Concerns

BBCN had concerns that were typical in the current environment, and primarily related to credential-based threats. Of primary concern was the use of service account credentials to move laterally across the corporate network to access sensitive data. A related concern is the use of account switching to avoid detection during lateral movement. BBCN wanted to ensure that it had an effective solution in place to detect lateral movement and to monitor and understand behavior from service and privileged accounts, as well as a means to detect users switching identities across accounts – including service accounts.

Existing Environment

BBCN has a broadly-deployed SIEM solution in place. The SIEM solution is a Leader in the Gartner Magic Quadrant and is considered to be a market-leading technology. However, it required excessive human oversight, especially to create and update correlation rules. The effort to create new rules was significant and complex. In addition, even this marketleading SIEM solution had challenges detecting compromised accounts; the SIEM simply wasn’t designed to detect complex credential-based attacks.

With a small team, BBCN required a solution for detecting lateral movement and credential based attacks that did not place an undue burden on the security operations staff. To solve this challenge, BBCN piloted and selected Exabeam.