• Alan Stewart-Brown, VP of EMEA at Opengear


• 10.10.2019 03:45 pm
security , Financial Institutions

Information technology and telecommunications are fundamental to service delivery in financial institutions today. Firms are increasingly reliant on IT networks to deliver core services but this can leave them vulnerable to ever-expanding security threats.

That’s an especially serious problem in the world of finance where cyber-attacks are frequent, and becoming more sophisticated. Phishing, social engineering and malware attacks have become particularly prevalent, and hacking software easily available.

To mitigate some of the more egregious threats, we increasingly see today’s financial networks having to implement SSH key authentication, IPSEC or OpenSSL VPN tunnels, Stateful Firewall, Centralized Logging, Alerting, Remote AAA, and more. 

It is not possible to guard against every threat unfortunately. Cyber-attacks are increasingly inevitable and today every device in a financial services firm’s network is a potential target, including, and sometimes especially, branch and edge devices. Security must be factored into every aspect of a business’s network infrastructure. It’s a complex requirement that does not guarantee success not least because cyber-attacks are far from the only threat to network resilience today. System outages can also result from natural disasters, construction or vehicle accidents, or any number of environmental conditions and lets not foget the biggest threat of all, human error.

A wide range of network elements can also cause outages. Cable interconnects, power supplies, switches, dense compute chassis, storage arrays, and even air conditioning are potential sources of problems. And the problem of outages is only likely to grow over time. Network devices are increasing in complexity, with software stacks that are frequently updated and susceptible to bugs, exploits, and cyberattacks.

Making the concerns of businesses still more tangible, the result of security breaches and system outages are sometimes particularly severe for financial services firms, whose systems and networks are typically business-critical and for which even the smallest amount of downtime is potentially disastrous. Reputational damage caused by any outage however caused also factors greatly in the financial services and banking sector which relies heavily on consumer trust.

Finding a Way Forward

Whatever the provenance of these threats, their prevalence highlights the importance of financial services firms developing networks that are reliable, resilient and secure. Financial organisations need edge solutions that are as reliable as their data centres, eliminating the risk of a complex router becoming a single point of failure. Ideally, this means uninterrupted Internet connectivity for all LANs and equipment over a link that is not part of their production network. Every site needs to be able to leverage high-speed networks whenever the primary link is unavailable. One solution is to use Smart Out-of-Band (OOB) technology, which provides enough bandwidth on an alternate path to allow critical functions to keep running until the network event is resolved.

OOB management allows admins to maintain and manage components such as servers, WAN

devices, and power supply units and resolve malfunctions via remote access. If there is an issue with connectivity, out-of-band solutions offer a failover solution. Today this is normally done via cellular, although other options are available.

OOB management can ensure continuous remote access of administrators to critical components such as network switches and routers and security applications like firewalls and encryption tools. This approach means there is no need for an onsite visit and if it does prove necessary, the technician can ensure they arrive onsite with the right spare part in hand to resolve any issues speedily.

Think smart

Deploying smart OOB platforms can also address security issues in new and innovative ways and their deployment has several major advantages. The first is a simpler way to deploy multi-factor authentication (MFA) that only needs to be integrated into the console server to be enforceable across the entire security appliance layer.

Secondly, smart OOB console technology can act as a system of record for all configuration changes

and patches with changes sent over an alternative pathway. An update failure that leaves the device unreachable via the production IP network can often be rectified via this same OOB connectivity that accesses the service ports on most network devices to reach the underlying console.

This approach helps the network & security managers determine if critical infrastructure has been patched and allows forensic investigators to find out if a breach was aided and abetted by the actions of an insider or was just an oversight.

Another proactive security benefit is the ability for the smart OOB appliance to pull the event logs

directly from connected devices and forward these to a central SIEM or Security Analytics

platform for early detection and prevention of a targeted attack. Finally, smart OOB connectivity is

also useful during a cyber-attack which disrupts the production IP network such as DDoS, a targeted

switch attack or a rogue admin “lock out” attempt, with the out-of-band console server providing an encrypted direct connection to critical devices such as routers and firewalls using 3G/4G cellular modems. The ability to quickly and securely access logs from impacted devices can help to pinpoint root causes and allow remediation to begin faster and massively reduce the consequential downtime.

Why Resilience Matters

Outages are bad news for financial institutions, but they are inevitable because of human error, ever-increasing complexity of network devices, modern software stacks, and hardware devices  and as this article has demonstrated the growing prevalence of cyberattack and security breaches. To keep consumers happy and the institution’s reputation intact, financial services must be prepared for outages. Smart OOB™ with Failover to secure Cellular can keep services up and running even when part of the network is down.