Financial institutions have a strong demand for cost reduction through automation, resource optimization and agile technologies. They need a solution that can increase security while driving operational efficiency.
In addition, financial institutions have always been prime targets for crime. Since remote and indirect transactions are the norm these days, attackers have even more opportunities to breach perimeter security. This further increases the risk of breach and remediation costs.
However, managing cybersecurity controls in financial services is a complex task. Many factors make the work time-consuming and resource-intensive, such as country and state-level cybersecurity requirements, changing network infrastructure, and the large number of third-party applications, partners, and contractors . All of these factors combined with a multitude of tools, users and outside pressures make financial institutions particularly attractive to cybercriminals.
Enabling digital transformation for better customer service and availability leads to even more ways for banks to be potentially vulnerable to fraud and unauthorized transactions. Customers are well aware of these growing problems and want reassurance that their privacy and finances are being protected.
The best way to address these challenges is to create a single window for security, with complete visibility of network traffic and complete isolation of the digital crown jewels. With flexible, quickly deployed, and easy-to-understand microsegmentation controls, financial institutions can protect their core assets simply and effectively.
Microsegmentation is an emerging security best practice that offers several advantages over more traditional approaches, which rely heavily on network-based controls that are often cumbersome to manage. However, the software-based segmentation element of microsegmentation separates security controls from the underlying infrastructure and gives organizations the flexibility to extend protection and visibility anywhere.
The extra granularity that microsegmentation provides is critical at a time when many organizations are embracing cloud services and new deployment options like containers that make traditional perimeter security less relevant.
In order to get the most out of a microsegmentation solution, there are five essential steps to follow:
- Simplify and accelerate regulatory compliance. To achieve this goal, start by mapping everything out and isolating all compliance-related applications and systems. Granular visualization will help you understand how to best reduce breach risk quickly and easily.
- Protect your critical systems. Separate critical applications such as money transfers, payments, and customer applications from general IT infrastructure.
- Prevent unauthorized lateral movements. Properly isolate IoT and third-party access. Additionally, manage access routes and terminate access to target applications, preventing further movement within data environments (on-premises or in the cloud).
- Adopt cloud, platform as a service, and other emerging technologies cost-effectively and securely. Use a single window for visibility and definition of security policy across all infrastructures. Plus, make sure you enforce security through a unified set of tools.
- Visualization of data flows. Real-time understanding of where the data is, where it’s going, and the ability to look back and see what’s changed in history. This helps to see where the ransomware has spread, helping to mitigate its impact before it runs and encrypts a network.
An example of the effectiveness of this approach is the success of one client, a US regional bank, which used Guardicore Centra’s visualization and microsegmentation capabilities to dramatically improve their operations. The bank had already put in place a few initiatives, including the ring-fencing of 10 of its most critical applications, limiting third-party access, the ability to migrate applications to the cloud, and maintaining a single set of controls. security across the hybrid infrastructure. .
With the help of a single security architect for two months, the client was able to achieve all of their goals beyond initial expectations to be fully operational in weeks, not months.
Ultimately, it was able to gain granular visibility into east-west traffic, delineate its critical applications, and properly restrict and route third-party access. Additionally, the bank successfully mapped application dependencies for seamless cloud migration and achieved full process automation through DevOps integration.
Financial institutions should also look for a tool that provides comprehensive security coverage for applications, regardless of where they live. After all, most financial institutions need to protect workloads that span multiple platforms and environments: on-premises, legacy and bare metal, virtual machines, containers, and public and private clouds, including Microsoft Azure.
With simple, easy-to-manage microsegmentation controls, financial institutions can reduce the attack surface and quickly detect vulnerabilities within the data center. Deep visibility into application dependencies and traffic flows enables granular network and process-level policies that isolate critical applications and systems.
Learn more at: https://bit.ly/3nf197L
Richard Meeus is Director of Security, Technology and Strategy EMEA at Akamai
This article originally appeared in the Summer 2022 issue of Technology Record. To receive future issues straight to your inbox, sign up for a free subscription.
Share this story