Proactive Security for a Mega-Merger
In the financial world, preventing losses is far more important and valuable than a fast response to threats that have already occurred.
Proactive risk-based security management should form the cornerstone of your financial services cyber security program, helping to reduce your risk exposure level and position you to stay a step ahead of ‘the bad guys.’
The Challenges
In the case of this network merger, the scope of the operational challenge and risk exposure may seem extreme, yet they are common issues faced by most financial services organizations.
Scale and Complexity – The sheer size and scope of most financial networks plays in favor of cyber criminals. Networks become increasingly complex through company growth and acquisitions, with ever-growing data centers, complex network topology, and tightly integrated business applications with the extended enterprise eco-system. With literally thousands of ‘doors’ into the enterprise network, criminals can take advantage of misconfigurations, policy violations, and known vulnerabilities.
High Threat Level – Every financial institution is a target for crime. Online access to financial services and accounts, valuable customer data and corporate intellectual property are all high-value network-enabled assets. The number and sophistication of attempted and completed attacks is rising fast, with no end in sight.
Change is a Constant – Whether it’s a major network change due to a merger or consolidation, or the endless list of minor daily changes – networks are a dynamic environment. Changes to network devices, access paths, and users are made daily, introducing opportunities that cyber criminals may exploit.
The Network Security Team Chooses Skybox
The network security team realized that a thorough network risk assessment would be an essential first step to the network integration. Looking for a risk assessment solution, the team identified Skybox Securityas the only vendor with a security solution that could meet the demanding requirements to perform a comprehensive risk analysis of two huge networks in a short period of time.
The results were striking. In less than three months, the network team was able to use the Skybox solution to fully model the two networks and their current risk profiles, create a model of the combined network, and quantify the effects of the merger in terms of risks to valuable assets and services. The ability to visualize the network topology, prioritize vulnerabilities and threats, and predict the impact of potential changes proved to be invaluable in successfully integrating the two networks.
End-to-End Visibility – Essential to Securing Large, Complex Networks
The bank’s network security staff realized that they wouldn’t be able to manage what they couldn’t see. Gaining visibility of the entire network topology was high on the list of requirements. Skybox enables an organization to model its network, allowing IT teams to understand exactly what the network looks like and how it behaves.
With a visual model of all network and security devices in hand, the network security team was able to identify all network routes into and out of the organization, determine whether security controls were functioning as expected, and locate unauthorized devices and services ‘hidden’ in the complex environment. This was instrumental in understanding the interaction of the network and highlighting areas of concern for the network team to focus on.
Risk Analysis – The Antidote to Cyber Threats
To maintain a secure environment throughout the network change, the team needed to understand the overall cyber threat level and develop a risk-based approach to focus limited resources on the most urgent vulnerabilities and threats. The Skybox risk exposure analysis combines the topology information of the network model with threat information, vulnerability data, device configuration analysis, and policy compliance assessment.
Using factors such as likelihood of attack methods and value and importance of IT assets, the Skybox automated solution provides actionable information about critical risk exposures to an organization based on how a cyber criminal is likely to attack critical assets (e.g. online banking, equity trading application, etc.). Probable avenues of attack can be identified and illustrated, and remediation options provided to quickly reduce the risk.
Effective Change Management – Reduce the Risk of Changes
To integrate the networks, the security team needed to go beyond modeling and risk analysis of the existing networks. They needed to model the new, combined network, and evaluate the integration plans for potential security risks and availability problems before the changes were implemented.
The combination of comprehensive network modeling capabilities, risk analytics, and ability to compare future scenarios (“what-if” analysis) allowed the IT group to use the Skybox solution to anticipate potential problems that could be caused by new network services, decommissioned devices, and other changes. With advance knowledge, the security team was able to join the two network infrastructures together in less than six months time, while avoiding service disruptions or security breaches.
Conclusion
When network security teams are able to spot and resolve weaknesses in advance, they are in a unique position to thwart criminals before damage can be done. End to end visibility of the network, risk analysis to automatically find and counter critical cyber threats, and continuous management of network changes – these are capabilities that can benefit financial institutions of all sizes.
Skybox solutions also benefit many levels and teams within the organization. For the security team, Skybox helps quantify risk, and plan secure networks that protect data and safeguard key business services. For the IT operations team, Skybox helps to automate time-consuming analysis, focus remediation efforts on critical tasks, and validate changes in advance to avoid very costly down-time. For the executive team, Skybox produces comprehensive reports and quantifiable risk information to support executive decision-making and investment analysis. With Skybox Security at the core of an enterprise security risk management program, cyber criminals are best off looking elsewhere for easy targets.
Published: July 2010
