Managing assets and keeping ahead of the competition while keeping up with regulatory obligations is the burden of all companies in the financial services industry.
Financial services, banking institutions, and credit unions (“financial institutions”) face a mix of compliance obligations, IT operational challenges (risk), and cyber threats. To effectively secure these organizations, you must understand how those pressures and other business drivers represent their overall risk footprint.
To get a handle on the pressures, you must examine how the existing or emerging technology portfolios can address the issues outlined above and, ultimately, how technology impacts your overall organization. You need to decide if your organization is there to serve the technology – or if the technology is there to serve your organization.
Specific concerns include:
To solve these problems, there are a variety of inputs that need to be considered:
Attackers employ multiple techniques to get to their goal. For example, they often compromise a low-value asset to gain a beachhead within a bank. According to NIST, it is best practice to assume that your systems have already been compromised and the best course of action is to stop the lateral movement of a malicious actor. This mindset underscores the need to have always-on visibility to map out connectivity within your data centers, and use that traffic map to show bad actors’ potential attack pathways. You could then use segmentation to control and restrict lateral movement – effectively cutting down the surface area by which a bad actor can traverse the environment.
The Illumio Adaptive Security Platform® (ASP) offers financial services organizations the following benefits:
Financial institutions have compliance requirements (e.g, SWIFT/ACH, PCI DSS, and PSD2) and also have an urgent need to prevent bad actors from laterally moving inside the network. Zero Trust security is their strategy to get there and micro-segmentation is a critical foundation. In Zero Trust security, organizations determine how transactions flow across the entire business ecosystem and how users and other systems access applications, services, and data. They then create micro-perimeters across dependent applications, services, and other resources, apply granular policies and control, and continuously monitor for any suspicious behavior or anomaly — the tell-tale signs of an intrusion.
Illumio enables Zero Trust compliance with:
Understanding the applications, workloads, and their dependencies is a critical first step to understanding a financial institution’s attack surface and developing the relevant security segmentation policies.
Illumination application dependency mapping offers the following benefits:
Learn more about Illumination and application dependency maps.
Segmentation projects are critical to protecting applications in complex and dynamic environments. Modern data centers are comprised of applications that run on bare-metal and virtualized OSs and containers in public and private cloud instances. Many of the most critical applications run on older operating systems. To ensure resiliency for critical applications, operations teams stripe workloads across data centers to ensure that a data center failure does not impact application availability and assets under management.
Financial institutions are highly incented to choose the right micro-segmentation strategy, as failure to do so could result in the institution acting as an integrator forced to make disparate solutions work and the resulting management complexity. Illumio ASP enables financial institutions to design and enable a micro-segmentation strategy that fits their current data center architectures, as well as future-proof their segmentation.
Illumio ASP offers the following benefits:
Financial institutions are using networking, data center firewalls, and software-defined networking (SDN) to prevent malicious actors from traversing the network and to demonstrate compliance to environmental separation requirements. However, this approach is expensive because:
With Illumio ASP, you will be able to use existing infrastructure investments to enable micro-segmentation for security, instead of having to re-architect your environment and introduce more networking infrastructure and data center firewalls. By programming the Layer 3/Layer 4 firewalls native to each host operating system, the organization eliminates cost and management overhead.
Illumio ASP optimizes policies and programs rules for the following enforcement points: