Join our daily and weekly newsletters for the latest updates and exclusive content on our industry-leading AI coverage. He learns more
Financial services companies are grappling with increasingly sophisticated identity-based attacks aimed at stealing billions and disrupting transactions, ultimately destroying the trust that took years to build.
Cybercriminals continue to improve their business skills, targeting gaps in the industry regarding identity security. From trying to weaponize LLM holders to using the latest AI technologies to steal identities and commit synthetic fraud, cybercriminals, crime syndicates, and nation-state actors are targeting financial services.
Here’s how Corporate prices (formerly Guaranteed Price) Fight back against these increasingly sophisticated identity-based attacks—and what leaders of other industries and organizations can learn from their strategy.
How Rate Companies Defend Against AI-Driven Threats
Financial institutions face more than… $3.1 billion In exposure to synthetic identity fraud, which rose 14.2% last year, while deepfakes jumped by 3000% It’s expected to rise another 50 to 60% in 2024. Not to mention, SMS, MFA fatigue, and deep impersonation are becoming alarmingly common.
As the second-largest retail mortgage lender in the United States, Rate has billions of sensitive transactions flowing through its systems daily, making the company a prime target for cybercriminals.
VentureBeat recently sat down (virtually) with Katherine Moen, senior vice president of information security at the financial institution, to gain insight into how AI is orchestrated across Rate’s infrastructure, with a strong focus on protecting the identities of customers, employees, and partners.
“Because of the nature of our business, we face some of the most advanced and persistent cyber threats,” Moen told VentureBeat. “We had seen others in the mortgage industry get hacked, so we needed to make sure that didn’t happen to us. I think what we’re doing now is fighting AI with AI.
Moen explained that AI threat modeling is critical to protecting customer identities and the billions of dollars in transactions a company makes each year. She also stressed that “even the best endpoint protections don’t matter if an attacker simply steals a user’s credentials.”
This realization prompted Wright to enhance identity-based anomaly detection and incorporate real-time threat response mechanisms. The company has adopted a zero trust framework and mindset, anchoring every decision around identity and constant verification.
Today, Rate operates on a “never trust, always verify” approach to validating identities, which is the core concept of Zero Trust. Using AI threat modeling, Rate can identify least privileged access and monitor every transaction and workflow in real-time, two additional cornerstones of a robust Zero Trust framework.
The company recognized the importance of addressing the increasingly short window for detection and response – as the average break-in time for cybercrime is only now short 62 minutes. To address this challenge, the organization adopted the “1-10-60” SOC model: 1 minute to detect, 10 minutes to triage, and 60 minutes to contain threats.
Lessons learned from Rate on building an AI threat modeling defense
To scale and address the cyclical nature of the mortgage industry — headcount can grow from 6,000 to 15,000 depending on demand — Rate needed a cybersecurity solution that could easily scale licensing and unify multiple layers of security. Each AI threat modeling vendor has special pricing offers for bundling modules or applications together to achieve this. The solution that made the most sense for Rate was CrowdStrike’s adaptable licensing model, Falcon Flex, which allowed Rate to standardize on the Falcon platform.
Moen explained that the REIT also faced the challenge of securing each regional and branch office with least privileged access, monitoring identities and their relative privileges and setting time limits on access to resources while constantly monitoring each transaction. Rate relies on AI threat modeling to accurately identify least privileged access, and monitor every transaction and workflow in real-time, the cornerstones needed to build a scalable Zero Trust framework.
Here’s a breakdown of lessons learned from using AI to thwart sophisticated identity attacks:
Identity and credential monitoring is an important risk and is where security teams need to win quickly
Rate’s information security team has begun tracking a growing number of sophisticated and unique identity-based attacks targeting loan officers working remotely. Mowen and her team evaluated several platforms before selecting Falcon Identity Protection from CrowdStrike based on its ability to identify subtle identity-based attacks. “Falcon Identity Protection gives us the visibility and control to defend against these threats,” Moen said.
The use of AI to reduce the noise-to-signal ratio in SOC and at endpoints should be a high priority
Moen noted that Rate’s previous vendor was generating more noise than actionable alerts. “Now, if we’re called at 3 a.m., that’s always a legitimate threat,” she said. Priced on CrowdStrike’s Next-Gen Managed Detection and Response (MDR), Falcon LogScale and Falcon Next-Gen Security Information and Event Management (SIEM) platform for real-time centralization and analysis of log data. “Falcon LogScale has lowered the total cost of ownership compared to the legacy SIEM system we had before, and integration has become much easier,” Moen said.
Define a clear, measurable strategy and roadmap for cloud security at scale
As the business continues to grow organically and through acquisitions, Rate requires cloud security that can scale, contract, and flex with market conditions. Real-time visibility and automated detection of misconfigurations across cloud assets was essential. Rate also required integration across a diverse base of cloud environments, including real-time visibility across its entire information security technology stack. “We manage a workforce that can grow or shrink quickly,” Moen said.
Look for every opportunity to standardize tools to improve the overall vision
Moen noted that for AI threat modeling to be successful in attack identification, endpoint detection and response (EDR), identity protection, cloud security, and add-on modules all need to be under one console. “Integrating our cybersecurity tools into a cohesive system makes everything — from management to incident response — much more efficient,” she said. IT managers and their information security teams need tools to provide clear, real-time visibility of all assets through a single monitoring system, one capable of automatically reporting misconfigurations, vulnerabilities, and unauthorized access.
“The way I think about it is your attack surface isn’t just your infrastructure — it’s also time. How long do you have to respond?” Moen said, stressing that precision, accuracy and speed are critical.
Redefining resilience: identity-based zero trust and AI defense strategies for 2025
Here are some key takeaways from VentureBeat’s interview with Mowen:
- Identities are under siege, and if your industry hasn’t seen it yet, it will in 2025: Identities are a weak point in many technology stacks, and attackers are constantly adjusting their business skills to exploit them. AI threat modeling can protect credentials through continuous authentication and anomaly detection. This is essential to keep customers, employees and partners safe from increasingly deadly attacks.
- Fight AI with AI: Using AI-based defenses to combat adversarial AI techniques, including phishing, deepfakes, and artificial fraud, is working. Automating detection and response reduces the time needed to identify and defeat attacks.
- Always prioritize real-time responses: Follow Moen’s lead and adopt the “1-10-60” SOC model. Speed is critical as attackers create new logs based on how quickly they can access a company’s network, install ransomware, scavenge identity management systems, and redirect transactions.
- Make Zero Trust central to identity security, enforcing least privileged access, constantly verifying identity and monitoring every activity such that a breach actually occurs: Each organization needs to identify its unique approach to zero trust. The core concepts continue to prove themselves, especially in highly targeted industries including financial services and manufacturing. Zero Trust is based on the assumption that a breach has already occurred, making monitoring essential in any Zero Trust framework.
- When possible, automate the SOC workflow to reduce alert fatigue and free analysts for second- and third-level intrusion analysis: One of the most important lessons learned from Rate is how effective AI threat monitoring can be when combined with process improvements via the Security Operations Center (SOC). Consider how AI can be used to combine artificial intelligence and human expertise to continuously detect and contain evolving threats. Always keep in mind how “human-in-the-middle” workflow design improves AI accuracy while also giving SOC analysts the opportunity to learn on the job.