SWIFT requires that members self-attest compliance with mandatory security controls. The SWIFT Customer Security Controls Framework comprises a core set of mandatory and advisory security controls for all SWIFT members. All controls are articulated around three overarching objectives—Secure Your Environment, Know and Limit Access, and Detect and Respond—and are supported by 8 security principles and 27 security control objectives.
The Illumio Adaptive Security Platform® (ASP) prevents the spread of breaches by delivering real-time application dependency mapping and micro-segmentation. Enterprises use Illumio to achieve and demonstrate SWIFT compliance. Illumio ASP addresses seven of the sixteen mandatory controls.
Execute Zero Trust security strategy
Enable micro-segmentation with orchestration and analytics to protect financial systems from lateral movement attacks.
- Gain real-time visibility into connections and flows across financial applications
- Understand the attack surface with the combination of an application dependency map and a vulnerability map
- Create micro-segmentation policies that follow the workload
- Continuously detect for change, unauthorized connection attempts, and policy deviations
- Integrate with third-party security information and event management (SIEM) and orchestration tools
Use the enforcement points that you already have
Avoid cost and complexity that stems from re-architecting networking backbone and introducing more networking/SDN and data center firewalls resources.
- Program the existing host-based stateful firewalls in every workload (with no kernel modifications), programming access control lists (ACLs) into bare-metal, virtual machines, load balancers, existing switches, and public cloud security groups
- Enforce data-in-motion encryption by programming IPsec connectivity between Linux or Windows workloads without requiring changes or an upgrade to the network infrastructure
- Secure enterprise Microsoft applications with out-of-the-box Segmentation Templates
Enable micro-segmentation across heterogeneous compute environments
Deliver a single control plane for architecting and operationalizing security across microperimeters
- Create micro-segmentation policies across bare-metal, virtual machines, clouds, containers, load balancers, and switches
- Program the custom level of micro-segmentation granularity— from environmental separation (coarse-grained) to process-level control (fine-grained)