The financial services industry continues to be a favorite target of cyberattacks. Network security with legacy firewalls at the perimeter is no longer sufficient as additional attack vectors have been utilized by malicious actors. However, network segmentation will protect financial institutions from being completely exposed after an initial penetration by cyberattackers. By containing the compromise to a just portion of the environment, the overall risk to the institution can be reduced.
In spite of the fact that network segmentation may also be used to improve cybersecurity posture and to reduce the risks and impact of cyberattacks, adoption has been slow due to the perceived effort required to deploy this in existing environments. Part of this concern stems from the fact that the actual composition of application traffic on the network is unknown. No one asks for permission to add an application onto the network.
By taking a pragmatic approach to introduce network segmentation, financial institutions can minimize business disruptions during implementation, and create a governance process to introduce new or modified applications onto the network. The actual segmentation of network resources can be done based on criteria such as function (e.g., production, development, test), network layer, or line of business based on what’s appropriate for the financial institution.
The benefits of network segmentation include limited exposure after malware intrusion on compromised devices, and reductions across the board in lost productivity, remediation costs as well as reputational damage from actual data breaches. In the end, this allows for a more speedy return to business as usual after security incidents whether they involve malware, ransomware, or are part of some other cyberattack.
For more information on cybersecurity for the financial sector, visit our Financial Services industry page at https://www.paloaltonetworks.com/products/security-for/industry/financial-services.html