Why Micro-Segmentation Needs to be a Priority for Banks

Micro-segmentation allows financial institutions to achieve a number of key goals while protecting their crown jewels through a single, straightforward approach.

Financial institutions have a strong requirement for cost-savings through automation, resources optimization, and agile technologies. They need a solution that can increase security while also promoting operational efficiency.

Moreover, financial institutions have always been prime targets for crime. According to Forbes, cyberattacks cost financial institutions more to address than firms in any other industries. Given that remote and indirect transactions are the norm these days, attackers have even more opportunities to break through perimeter security. This further increases the risk of breach and the remediation costs.

How can banks use micro-segmentation to solve these issues? Let’s take a look.

What are the cyber-security challenges banks face?

Managing cyber security controls in financial services is a complex task. There are numerous drivers that make the work time-consuming and resource-heavy, such as:

  • There are country- and state-level cyber security requirements that need to be followed, not to mention vendor security mandates and various privacy regulations. Altogether, they impose a vast number of reporting and risk-management challenges.
  • Modern banking heavily relies on a large number of third-party applications, partners, and outsourcing vendors accessing the data center via a variety of access routes.
  • The evolving network infrastructure leaves organizations with a cloud technology and legacy systems mix, in a tangled environment that is hard to visualize, audit, and protect.

All those factors combined with a multitude of tools, users, and outside pressures makes financial institutions especially vulnerable to cybercrime.

Enabling digital transformation for better customer service and availability leads to even more ways for banks to be vulnerable to fraud and unauthorized transactions. Customers are well aware of these growing issues and want reassurance that their privacy and finances are protected.

“Customers are becoming increasingly aware of cybersecurity threats and they expect their banks and credit unions to secure and protect their private financial information.”
~ Credit Union Council (CUC), FS-ISAC, 2019

“Banks have validated this trend by reporting that losses due to operational disruption and losses in customer trust are more financially damaging than losses due to regulatory fines.”
~ Deloitte and FS-ISAC Cybersecurity Benchmarking Analysis, 2019

Four ways banks can benefit from micro-segmentation

The best way to address these challenges is to create a single pane of glass for security, with complete network traffic visibility and full isolation of the digital crown jewels. Using flexible, quickly deployed, and easy-to-understand micro-segmentation controls, financial institutions can protect their core assets simply and effectively.

In order to get the most from a micro-segmentation solution, there are four critical steps to take:

1. Simplify and accelerate regulatory compliance

To achieve this goal, start by mapping everything and isolating all compliance-related applications and systems. Granular visualization will help you understand how best to reduce the risk of breaches quickly and easily.

2. Protect your essential systems

Separate critical applications such as money transfers, payments, and customer applications from the general IT infrastructure.

3. Prevent unauthorized lateral movement

Properly isolate IoT and third-party access. In addition, manage access routes and terminate access at the target applications, preventing further movement within the data center.

4. Adopt Cloud, PaaS, and other emerging technology cost-effectively and securely

Use a single pane of glass for visibility and setting security policy across all infrastructures. In addition, be sure you enforce security via a unified set of tools.

How micro-segmentation works in real life

Need proof that the micro-segmentation approach works? Here is an example of a Guardicore customer – a US regional bank – which was able to produce vast improvements utilizing Guardicore Centra’s visualization and micro-segmentation capabilities.

This bank had a few initiatives in place:

  • Comply with the Fedline mandate to isolate any Fedline Service-connected application from general IT.
  • Ring-fence ten of their most critical applications to significantly reduce cyber risks and ensure business continuity in case of breach.
  • Limit third-party access to enforce Zero Trust access controls.
  • Make it possible to migrate applications securely to the cloud.
  • Maintain a single set of security controls across the entire hybrid infrastructure.

With a single security architect, over the course of two months, the customer was able to meet all of their goals beyond original expectations. Ultimately, they were able to:

  • Achieve granular east-west traffic visibility.
  • Ring-fence their business critical applications.
  • Restrict and properly route third-party access.
  • Map applications’ dependencies for seamless cloud migration.
  • Achieve full process automation with the DevOps integration.

Looking for more? Here’s what some of our other customers have to say:

“Guardicore enables us to enhance our overall data center security strategy and help our IT security team to avoid today’s advanced threats.”
~ Marino Aguiar, CIO, Santander Brasil

“Deutsche Bank is committed to the highest standards of security, and a high priority for us is implementing tight network segmentation in our on-premises and cloud environments. Guardicore gives us an effective way to protect our critical assets through segmentation.”
~ Alan Meirzon, Director, Chief Information Security Officer

Use micro-segmentation to protect your crown jewels today

With simple and easy to manage micro-segmentation controls, financial institutions can reduce attack surface and quickly detect breaches within the data center. Deep visibility into applications’ dependencies and traffic flows helps to enforce precise network and process-level policies that isolate critical applications and systems.

Don’t forget to look for a tool that provides complete security coverage for applications, regardless where they reside. After all, most financial institutions need to protect workloads that span across platforms and environments: on-premise, legacy and bare metal, VMs, containers, and public and private clouds (including Amazon Web Services, Microsoft Azure, Google Cloud and Oracle Cloud Infrastructures).

Want to delve into more details? Watch the Regional Banking Webinar and learn more about how Guardicore can help you today!


Securing the Edge with Micro-segmentation and NVIDIA EGX

In recent years, the “Edge” has taken on a vital role in cloud computing. The Edge represents the growing need to deliver a better cloud model that enables locations and methods to place workloads, compute, storage, applications and data closer to the point of action.

Cloud edge computing moves the processing closer to the user and IOT devices, where the data is generated and consumed. This solves the problem caused by these highly distributed edge sites, by minimizing latency, maximizing bandwidth, and performing computation and data compression right at the point of action. Edge computing even addresses compliance requirements which can vary between different states and countries.

The Edge is decentralizing the cloud itself and creating a better model to support emerging use cases like self-driving cars, augmented reality (AR) and virtual reality (VR), connected homes and offices, 5G and more.

Guardicore is excited to partner and work together with NVIDIA to leverage their high-performance, cloud-native NVIDIA EGX Edge AI platform to deliver AI, IoT and 5G-based services efficiently, powerfully, and securely.

  • There are many verticals that can benefit from Edge computing. Here are just two examples:
    Healthcare organizations can run machine learning and analytics models on their health management platforms, especially where low latency processing requirements dictate that they remain on-premises. When it’s time to retrieve data, this information is stored locally and therefore quick to retrieve.
  • Financial services are another vertical that can leverage edge computing to handle the real-time processing of data that must reside within the confines of local data requirements.

Decentralizing the cloud has many benefits, but it also creates and amplifies the security challenges that are already present in the cloud. The distributed cloud edge creates a larger attack surface, spread across diverse IOT technologies and multiple unprotected physical locations. This provides attackers more opportunities to penetrate the organization and achieve their malicious goals.

Edge-related security challenges are compounded by the accelerating pace of change of infrastructure and the more dynamic application deployment models required to support the Edge. (But this is a topic for a different blog post).

In other words, the security of the cloud, which has always been a top priority, is becoming even more important with Edge.

To address these unique challenges, security must be built into the edge to ensure quality and transparent operations across the entire extended organization: at the core data center, public cloud, and the Edge.

Ironing security into workloads, compute, storage, critical application, and data in any environment and any platform is considered a huge challenge.

Fortuitously micro-segmentation has recently become available, and when implemented correctly, addresses the security challenges inherent in the distributed and decentralized nature of the Edge. Gartner recently named micro-segmentation as one of their top 10 security initiatives. They cited micro-segmentation’s ability to reduce risk and protect the critical assets and information that matter most to the business.

Gartner also described micro-segmentation as being well suited for thwarting “the spread of data center attacks in both on-premises and cloud environments.”

Micro-segmentation is a granular way to create secure zones in data center and cloud deployments, allowing workload isolation and protection. Since legacy perimeter protection is painfully inadequate, micro-segmentation is an essential technology to implement a zero-trust security model. Furthermore, it provides both real-time and historical visibility to understand application dependencies and then easily create network and application security policies based on various business owner contexts.

The cloud killed the enterprise’s legacy perimeter and the Edge is killing the cloud’s perimeter, making micro-segmentation more important for securing the distributed, hybrid cloud that includes an Edge component.

Micro-segmentation, when well-executed, provides benefits at the earliest stages of deployment. Many enterprises start out with easily implemented and achievable projects that eliminate the most fundamental risks first. Whether separating development environments from production, isolating a compliance-driven infrastructure or series of applications from the non-compliant ones, or merely segmenting most critical applications first, these early-stage projects provide the enterprise with immediate value and measurable gains.

It’s important to select a micro-segmentation approach that works consistently across multiple cloud providers. By decoupling security from the cloud infrastructure provider, organizations can prevent vendor lock-in from driving costs up and avoid unnecessary complexity when mergers and acquisitions create mixed cloud environments.

Our solutions are able to address both the security and performance requirements by taking advantage of the advanced hardware capabilities of NVIDIA Mellanox BlueField and NVIDIA Mellanox ConnectX SmartNIC technology, which include dynamically reconfigurable firewall offloads in hardware, encryption offloads and the ASAP2 flow engine for virtual switching offloading. We are excited to see secure NVIDIA Mellanox ConnectX adapters being integrated into the new NVIDIA EGX Edge AI platform, and look forward to the benefits that secure, accelerated computing will bring to the edge.