Businesses embrace digital technologies that modernize their operations and enable innovation. Yet these same technologies introduce new security vulnerabilities and new data that must be secured. The result is a costly cybersecurity arms race, in which businesses introduce new security products to counter new attack vectors. Individually-managed or standalone security products add complexity, reduce visibility, and strain under-resourced security teams.
Bank Central Asia is one of Indonesia’s leading retail banks. The bank has approximately 16 million customers, 1,213 branches, and 17,207 ATMs. It also manages a growing mobile and internet banking operation.
While ATMs use dedicated connectivity for transactions, mobile transactions rely on the internet to ensure everyone has full, anytime access. However, such high exposure comes with major security risks, therefore demanding the need for advanced security protection.
Fiserv is a global leader in financial services technology and helps more that 12,000 clients worldwide. Tony Gravanda, Director of Network Security Architecture and Engineering shares how Firserv saved the equivalent to 3 engineers time or approximately 6,500 hours in a span of 8 months by moving to automation on the Palo Alto Networks Security Operating Platform. With the help of the Security Operating Platform Fiserv can onboard their customers and provision their services quickly while ensuring everything is secure. Tony and his team now have the visibility into the traffic at Fiserv and can take quick action when needed.
There are no flawless software systems or applications. When flaws result in security vulnerabilities, threat actors exploit them to compromise those systems and applications and, by extension, the endpoints on which they reside. Although software vendors issue patches to remediate flaws, many financial institutions do not apply all available patches to their production environments. In addition, when systems or applications reach their end-of-support, they no longer receive vulnerability patches from their vendors. These two scenarios describe the conditions under which a system or application is considered "unpatchable." When patching or upgrading is no longer feasible, security professionals need to identify alternative ways to secure the unpatchable systems and applications to support their ongoing use in the environment.
Thousands of banks, institutional investors, asset managers, mutual funds, broker-dealers and other financial institutions across the globe prevent successful cyberattacks with the Palo Alto Networks Security Operating Platform.
Palo Alto Networks is uniquely qualified to protect financial transactions, customer data, and support regulatory compliance by providing advanced security prevention capabilities in one security platform. Automation and tight integration between components of the platform prevent successful cyberattacks. By eliminating routine tasks, security personnel may then focus on what matters. The extensibility of the platform allows financial institutions to consume security innovations quickly whether they are provided by Palo Alto Networks, third-parties, or even home-grown.
Download the whitepaper to learn how the Security Operating Platform provides layered protection across a financial institution’s network, endpoints, and cloud environments. Read about several popular use cases for the financial sector including network perimeter protection, network segmentation, security for cloud computing initiatives, protection of even difficult or impossible to patch endpoints, and as well securing both corporate and unmanaged mobile devices.
Successful cyberattacks against a number of financial institutions across the globe from 2015-2018 have resulted in multiple instances of fraudulent fund transfers over the Society for Worldwide Interbank Financial Telecommunications, or SWIFT, network. As part of an effort to enhance the cybersecurity of the entire eco-system, members of SWIFT must annually self-attest to sixteen mandatory cybersecurity controls as of year-end 2017. In future years, non-compliance with these controls may result in notification to SWIFT counterparties and/or appropriate regulatory bodies. Furthermore, eleven advisory security controls are provided as best practices to further improve overall cyber hygiene across the SWIFT eco-system.
No single vendor can provide complete compliance with the entire set of SWIFT mandatory and advisory controls. However, the Palo Alto Networks Security Operating Platform delivers the following:
Support for nearly 75 percent of the SWIFT Customer Security Controls Framework, where various elements of the Security Operating Platform are able to address 12 of 16 mandatory controls and eight of 11 advisory controls.
Definitive least-privileged access control and other essential security capabilities to effectively segment and protect the local SWIFT environment.
Capabilities above and beyond the baseline specifications to more thoroughly protect your local SWIFT infrastructure and the rest of your organization’s computing environment from the latest unknown malware and advanced threats.
By leveraging the Palo Alto Networks Security Operating Platform, financial institutions will be well on their way to complying with or exceeding the SWIFT mandatory and advisory controls. Beyond merely an exercise in compliance, the prevention philosophy behind the platform will improve a financial institutions overall cyber hygiene and provide better security outcomes for the organization. The result will be a more secure environment for your financial institution – one in which legitimate traffic is known and limited, with automated security enforcement to detect and address deviations. Future annual self-attestations to SWIFT will be much less stressful as your institution’s cybersecurity posture will be above and beyond their required baseline level.
An overview of the Palo Alto Networks Next-Generation Security platform for the financial sector
The financial services industry remains a favorite target for cyberattacks. The lure of sensitive data and funds is quite strong to malicious actors. Additional challenges in securing financial institutions include their complex IT environments, continued use of legacy technology, and preference for defense in depth (which is often equated with vendor diversity). Regulators continue to impose new obligations to strengthen controls and better protect the industry.
Top threats to the industry over the past two years include various families of ransomware, remote access Trojans, and information stealers. All of these target the endpoint as this is the path to the valuable data held by the financial institution.
The traditional approach of point products for specific security functions and network perimeter-centric protection has proven to be ineffective. Reports of data breaches in the financial services industry have become commonplace. A different, and better option is a multi-layered approach based on natively integrated, security enforcement points that share threat information and revise protections accordingly. This results in automated prevention and next-generation security for the network, endpoints (servers, desktops, laptops), and the cloud.
Moreover, the use of cloud-based, dynamic malware analysis and threat intelligence enables updated preventions in as little as five minutes - across our entire customer base after the initial discovery anywhere. This applies to the local network, endpoint devices, or even the public cloud.
Download the whitepaper to read more about how our next-generation security approach is better able to protect the highly targeted financial services industry.
As the financial services industry undergoes a digital transformation to streamline operations, become more competitive, and remain relevant with their customers, they face increasing volume of cyber threats. Attackers continue to be tempted by the vast quantities of easily monetizable personally identifiable information (PII).
Despite the cloud computing trend, financial institutions still have significant capital investments in traditional IT infrastructure components within their existing data centers. These facilities typically contain essentially flat, open networks, as network segmentation for cybersecurity was not a consideration many years ago. However, malicious actors have recently found success in such open environments, where much of the lucrative data and systems are readily accessible after compromising a device elsewhere in the network. Certain legacy and mainframe applications may be unsuitable for migration to the cloud, and will continue to run in private data centers with traditional architectures. Consequently, this legacy infrastructure with its indigenous applications and their associated data also needs the protection afforded by network segmentation.
Download this use case to see how one of the largest financial institutions in the world created network segmentation with the Palo Alto Networks Next-Generation Security Platform to increase security and protect data in their traditional data centers with minimal business disruptio
Public cloud Infrastructure as a Service (IaaS) offerings, such as AWS, can quickly accommodate unexpected or temporary business computing workloads. However, proper alignment of security and resiliency to enterprise standards and policies is still required.
Significant concerns over the security of data, workload and infrastructure have slowed the adoption of public cloud services by the financial services industry. Regardless of where it resides, the financial institution’s data is, ultimately, the target of malicious entities. Consequently, measures to appropriately protect the data must be enacted for the public cloud as well.
Download our use case to learn how Palo Alto Networks can help your organization protect IaaS hybrid clouds in financial services.
Governments and businesses must continuously assess the use of new applications and services that improve processes and operations. As such, they must weigh the business benefits from the adoption of newly sanctioned applications against potential risk to the business, its data and other resources. Applications themselves, such as remote access, can represent undue risk. In addition, if applications are not appropriately secured in the business network, today’s attackers can hide communications within the very communication mechanisms the applications use. Adoption of security that appropriately identifies, granularly controls and secures enterprise applications can be slow if those charged with such controls don’t understand the necessity, value or ease with which appropriate controls can be adopted.
Download our use case "Secure the Network through Application Visibility" for the benefits of this approach, along with some common concerns over adoption, and read about the experiences of several customers across different industries who made this transition.
At Bank OCBC NISP, Palo Alto Networks PA-5060 next-generation firewall prevents threats and safely enables applications over the bank’s internet gateways across two data centers. In addition, the WF-500 appliance provides WildFire™ threat analysis service as an on-premise, private cloud to analyze suspicious files in a sandbox environment without the need to send them outside the bank’s network.
Advanced attacks have been able to evade traditional security measures, target specific users and vulnerable applications, steal sensitive information or commit outright fraud. One approach to preventing such advanced persistent threats (APTs) is to identify and protect against new exploits, malware and malicious URLs. This can be accomplished by “sandbox” analysis of unknown threats. Organizations such as financial institutions that are uncomfortable with cloud-based threat analysis may choose on-premise threat analysis solutions to address any data privacy concerns.
Download this whitepaper to read about how Financial Services organizations can use on-premise threat analysis solutions to mitigate compliance risks and maximize prevention against cyberattacks.
Establishing, maintaining and demonstrating compliance with the Payment Card Industry Data Security Standard (PCI DSS) is a necessity for all entities involved in payment card processing – including merchants, processors, acquirers, issuers, and service providers, as well as all other entities that store, process or transmit cardholder data (CHD) and/or sensitive authentication data (SAD). For all system components included in or connected to the Cardholder Data Environment (CDE), organizations must comply with more than three hundred requirements. It is in every organization’s best interest, therefore, to take advantage of network segmentation provisions stated in the PCI DSS to effectively isolate their CDE and thereby decrease the amount of infrastructure that is considered in scope.
Download our use case "Simplify PCI Compliance With Network Segmentation" to learn how Palo Alto Networks Next-Generation Security Platform delivers maximum protection for an organization’s entire computing environment while greatly reducing the scope of PCI compliance.
Private cloud computing provides businesses with flexible, scalable, on-demand IT resources. However, security remains a significant challenge. The very principles that make cloud computing attractive run counter to cybersecurity best practices, such as separation and segmentation. Malicious actors seek these open environments where much of the lucrative data they desire can be found, and if a virtual environment, without proper security and segmentation in place, is compromised, the attacker has access to everything – critical data included.
Download the Network Segmentation use case to see how the Palo Alto Networks Next-Generation Security Platform applies segmentation to increase security and protect applications and data in a virtualized data center.
The Security Reference Blueprint for Financial Services IT enables institutions to augment the security of existing infrastructure, enable new applications, provide greater access to data, and prevent advanced threats without disrupting vital operations.
By taking a pragmatic approach to introduce network segmentation, financial institutions can minimize business disruption and reap benefits, such as limited exposure after an intrusion, and reductions in lost productivity, remediation costs, and reputational damage from actual loss of personally identifiable information (PII) or financial data. This white paper discusses how network segmentation enables financial institutions to survive intrusions and minimize or prevent data breaches.
The AUTR provides visibility into the real-world threat and application landscape, helping security teams to understand how adversaries are attempting to attack organizations around the world and build proactive, actionable controls. Built by the Unit 42 threat research team, the report correlates data from more than 7,000 enterprise organizations, providing broad visibility into critical trends.
In the face of government regulation such as the Health Insurance Portability and Accountability Act (HIPAA), personal health information (PHI) continues to leak into the public domain at an alarming rate, resulting in fraudulent insurance claims, identity theft and other costs to the health care industry. Research indicates PHI can easily be found on peer-to-peer (P2P) filesharing networks. But why?