Despite the cloud computing trend, financial institutions still have significant capital investments in traditional IT infrastructure components within their existing data centers. These facilities typically contain essentially flat, open networks, as network segmentation for cybersecurity was not a consideration many years ago. However, malicious actors have recently found success in such open environments, where much of the lucrative data and systems are readily accessible after compromising a vulnerable device elsewhere in the network through phishing, malware or social engineering. As examples, across the multiple SWIFT member attacks and in ATM malware attacks (Ripper and Cobalt gang), the malicious actors moved laterally in search of items of value after gaining initial footholds within those targeted organizations.
Certain legacy and mainframe applications may be unsuitable for migration to the cloud, and will continue to run in private data centers with traditional architectures. Consequently, this legacy infrastructure with its indigenous applications and their associated data also needs the protection afforded by network segmentation. With more sophisticated adversaries, multiple attack vectors and insider threats, even legacy environments warrant compartmentalization to limit exposure of sensitive data and resources, as well as to minimize financial and reputational damage in the event of a data breach. Proper segmentation of the internal network can also reduce the scope of PCI audits by demonstrating clear separation of cardholder data environments from the rest of the IT infrastructure.
Download this use case to see how one of the largest financial institutions in the world created network segmentation with the Palo Alto Networks next-generation firewall to increase security and protect data in their traditional data centers with minimal business disruption.
For more information on cybersecurity for the financial sector, visit our Financial Services industry page at https://www.paloaltonetworks.com/products/security-for/industry/financial-services.html