About a-team Marketing Services
The knowledge platform for the financial technology industry
The knowledge platform for the financial technology industry

A-Team Insight Blogs

Network Resilience in Financial Services – Why it Matters and How Firms Can Achieve it

Subscribe to our newsletter

By Alan Stewart-Brown, vice president EMEA, Opengear

Firms across the financial services sector are increasingly reliant on IT networks to deliver
core services, but this can leave them vulnerable to rapidly escalating security threats.
Hacking software is widely available and threats from social engineering, phishing, and
malware attacks are an ever-present reality.

To alleviate the more severe threats, we see financial networks having to implement alerting,
centralised logging, IPSEC or OpenSSL VPN tunnels, SSH key authentication, stateful
firewall, remote AAA and more. But it is not possible to guard against every threat. Cyber-
attacks are close to inevitable and becoming more so, and every device in a financial services
firm’s network is a potential target, including branch and edge devices.

Security must be factored into every element of an organisation’s network infrastructure. It’s
a complex undertaking that, even if successfully achieved, does not guarantee success, not
least because cyber-attacks are far from the sole threat to network resilience. System outages
can also be the result of natural disasters, construction or vehicle accidents, not to mention
environmental conditions and arguably the biggest threat of all, human error.

A broad array of network elements can also cause outages. Cable interconnects, dense
compute chassis, power supplies, switches, storage arrays, and even air conditioning are all
potential sources of problems. The impact security breaches and system outages have on
financial services firms can be severe. Firms’ systems and networks are typically business-
critical and even the smallest amount of downtime can potentially be disastrous. Reputational
damage caused by any outage, however caused, also factors greatly in the financial services
and banking sector that relies heavily on consumer trust.

Route map to the future

Whatever the origin of these threats, their prevalence highlights the importance of firms
developing networks that are resilient, reliable and secure. Financial organisations need edge
solutions that are as dependable as their data centres, eradicating the risk of a complex router
becoming a single point of failure. In an ideal world, this means uninterrupted internet
connectivity for all LANs and equipment over a link that is not incorporated within the
production network. Every site needs to be able to use high-speed networks whenever the
primary link is unavailable.

One solution is to leverage Smart Out-of-Band (OOB) technology, which delivers sufficient
bandwidth on an alternate path to enable critical functions to keep running until the network
event is resolved. OOB management allows admins to maintain and manage components like
power supply units, servers and WAN devices and resolve malfunctions via remote access. If
there is an issue with connectivity, out-of-band solutions offer a failover solution. Today this
is normally managed via cellular, although alternatives are available.

OOB management can ensure continuous remote access of network administrators to critical
components like switches and routers, and security applications like firewalls and encryption
tools. Typically, this approach means there is no requirement for an onsite visit. In the event
that it does prove necessary, the technician can ensure arrival onsite with the correct spare
part in hand to resolve any issues quickly.

Getting smarter

Deploying smart OOB platforms can help address security issues in innovative ways and
their deployment has several major advantages. The first is that they offer a simpler way to
deploy multi-factor authentication (MFA) that only needs to be integrated into the console
server to be enforceable across the whole security appliance layer.

Second, smart OOB console technology can become a system of record for all configuration
changes and patches with changes sent over an alternative pathway. An update failure that
renders the device unreachable via the production IP network can often be rectified via this
same OOB connectivity that accesses the service ports on most network devices to reach the
underlying console.

This approach assists the network and security managers in determining if critical
infrastructure has been patched and enables forensic investigators to discover if a breach was
aided and abetted by the actions of an insider or was simply an oversight.

Another proactive security benefit is the capability of the smart OOB appliance to bring the
event logs in directly from connected devices and forward these to a central SIEM or Security
Analytics platform for early detection and prevention of targeted attacks. Finally, smart OOB
connectivity is also useful during a cyber-attack that disrupts the production IP network such
as DDoS, a targeted switch attack or a rogue admin ‘lock out’ attempt, as the out-of-band
console server provides an encrypted direct connection to critical devices like routers and
firewalls using 3G/4G cellular modems. The ability to quickly and securely access logs from
impacted devices can help pinpoint root causes and enable remediation to begin faster as well
as significantly reducing consequential downtime.

Key Role of Resilience

Outages are bad news for financial institutions, but they are inevitable because of human
error, complexity of network devices, modern software stacks, hardware devices, and the
growing prevalence of cyber-attacks. To keep consumers happy and the institution’s
reputation intact, financial services must be prepared for outages. The good news is Smart
OOB with failover to secure cellular can keep services up and running even if part of the
network is down.

Subscribe to our newsletter

Related content

WEBINAR

Recorded Webinar: How to make outsourced infrastructure work for trading

Transitioning from in-house to outsourced trading infrastructure is a significant challenge, but it can offer sizeable benefits including reduced costs, improved performance, access to diverse liquidity sources, and ability to stay abreast of technology changes. This webinar will discuss practical approaches to planning and implementing outsourced infrastructure for trading, the potential of hybrid solutions, and...

BLOG

Optimising High Performance Infrastructure for Growing Market Data Volumes

As market data volumes continue to grow, firms across the industry – both market participants and their service providers – are having to think strategically about what kind of infrastructure they need in order to accommodate this growth, particularly under peak loads, whilst optimising for high performance. Given the rising volume, what kind of decisions...

EVENT

RegTech Summit APAC

Now in its 2nd year, the RegTech Summit APAC will bring together the regtech ecosystem to explore how capital markets in the APAC region can leverage technology to drive innovation, cut costs and support regulatory change. With more opportunities than ever before for RegTech to add value, now is the time to invest for the future. Join us to hear from leading RegTech practitioners and innovators who will share insights into how they are tackling the challenges of adopting and implementing regtech and how to advance your RegTech strategy.

GUIDE

Trading Regulations Handbook 2022

Welcome to the third edition of A-Team Group’s Trading Regulations Handbook, a publication designed to help you gain a full understanding of regulations that have an impact on your trading operations, data and technology. The handbook provides details of each regulation and its requirements, as well as ‘at-a-glance’ summaries, regulatory timelines and compliance deadlines, and...