Major financial institutions experienced 80% more cyberattacks over the past 12 months, a 13% year-over-year increase, with a 238% surge in cyberattacks against banks during the coronavirus pandemic. According to a new analysis by the Federal Reserve Bank of New York, a single cyberattack on one of the top U.S. banks would likely have a major effect on the global financial system.
The banking industry faces a whole range of risks as they evolve in the interconnected edge enterprise landscape while battling a growing list of software attacks including denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks, man-in-the-middle (MitM) attack, phishing, and spear-phishing attacks, credential stuffing, and ransomware.
While a majority of threats target software vulnerabilities, banks also risk hardware vulnerabilities that could put the organization’s digital infrastructure at risk, from an employee device to a router connected to an unsecured network, through the Internet of Things (IoT) and cloud exploitation.
The core concept for the banking Cyber Security strategy is to safeguard customer assets and their transactions. As breaches lead to damage banks’ standing in the financial market, consequences, and penalties for FDIC non-compliance, monetary losses, and customer confidence.
Challenge
This was the environment when one of the United States’ largest financial corporations, who specialize in Business and Commercial Banking and Financing came to SBase Technologies looking to future proof their security deployment with a cost effective, scalable connectivity strategy that provides resilience and redundancy.
This organization’s security strategy involved the use of Intrusion Prevention Systems (IPS) and DDoS protection for all critical links. IPS is a network security tool that examines network traffic flow to detect and prevent vulnerability exploits. A DDoS protection tool specifically blocks denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks.
Both security solutions are deployed inline, meaning the tool sits directly in the path of network traffic to actively protect and block potential threats. The company reached out to SBase Technologies as a leader in inline security, whose CTO Jerry Dillard invented bypass technology, knowing they needed a scalable connectivity strategy that accounted for inline deployment sensitivities.
Architecting networks with High Availability (HA) or redundant designs, creates added challenges for security and networking teams, in not only effectively deploying and updating tools without creating a single point of failure for each device but how to adjust once an HA has been triggered.
Goal
Ensure all critical links are actively protected using IPS and DDoS technology, incorporating a strategy of resilience, reliability and redundancy so there is no business interruption or downtime, while protecting sensitive data.
Solution
SBase’s engineering team worked with the IT team to design an HA architecture that solved all of their challenges, while providing additional value and functionality, leading them to expand this use case throughout their enterprise.
Our teams worked through questions like, do we have to buy two of everything? What happens if traffic switches from primary to secondary? How are we going to track that data? How do we correlate everything? While working through expectations, urgency and availability of each device.