By Alan Stewart-Brown, vice president EMEA, Opengear
Firms across the financial services sector are increasingly reliant on IT networks to deliver
core services, but this can leave them vulnerable to rapidly escalating security threats.
Hacking software is widely available and threats from social engineering, phishing, and
malware attacks are an ever-present reality.
To alleviate the more severe threats, we see financial networks having to implement alerting,
centralised logging, IPSEC or OpenSSL VPN tunnels, SSH key authentication, stateful
firewall, remote AAA and more. But it is not possible to guard against every threat. Cyber-
attacks are close to inevitable and becoming more so, and every device in a financial services
firm’s network is a potential target, including branch and edge devices.
Security must be factored into every element of an organisation’s network infrastructure. It’s
a complex undertaking that, even if successfully achieved, does not guarantee success, not
least because cyber-attacks are far from the sole threat to network resilience. System outages
can also be the result of natural disasters, construction or vehicle accidents, not to mention
environmental conditions and arguably the biggest threat of all, human error.
A broad array of network elements can also cause outages. Cable interconnects, dense
compute chassis, power supplies, switches, storage arrays, and even air conditioning are all
potential sources of problems. The impact security breaches and system outages have on
financial services firms can be severe. Firms’ systems and networks are typically business-
critical and even the smallest amount of downtime can potentially be disastrous. Reputational
damage caused by any outage, however caused, also factors greatly in the financial services
and banking sector that relies heavily on consumer trust.
Route map to the future
Whatever the origin of these threats, their prevalence highlights the importance of firms
developing networks that are resilient, reliable and secure. Financial organisations need edge
solutions that are as dependable as their data centres, eradicating the risk of a complex router
becoming a single point of failure. In an ideal world, this means uninterrupted internet
connectivity for all LANs and equipment over a link that is not incorporated within the
production network. Every site needs to be able to use high-speed networks whenever the
primary link is unavailable.
One solution is to leverage Smart Out-of-Band (OOB) technology, which delivers sufficient
bandwidth on an alternate path to enable critical functions to keep running until the network
event is resolved. OOB management allows admins to maintain and manage components like
power supply units, servers and WAN devices and resolve malfunctions via remote access. If
there is an issue with connectivity, out-of-band solutions offer a failover solution. Today this
is normally managed via cellular, although alternatives are available.
OOB management can ensure continuous remote access of network administrators to critical
components like switches and routers, and security applications like firewalls and encryption
tools. Typically, this approach means there is no requirement for an onsite visit. In the event
that it does prove necessary, the technician can ensure arrival onsite with the correct spare
part in hand to resolve any issues quickly.
Getting smarter
Deploying smart OOB platforms can help address security issues in innovative ways and
their deployment has several major advantages. The first is that they offer a simpler way to
deploy multi-factor authentication (MFA) that only needs to be integrated into the console
server to be enforceable across the whole security appliance layer.
Second, smart OOB console technology can become a system of record for all configuration
changes and patches with changes sent over an alternative pathway. An update failure that
renders the device unreachable via the production IP network can often be rectified via this
same OOB connectivity that accesses the service ports on most network devices to reach the
underlying console.
This approach assists the network and security managers in determining if critical
infrastructure has been patched and enables forensic investigators to discover if a breach was
aided and abetted by the actions of an insider or was simply an oversight.
Another proactive security benefit is the capability of the smart OOB appliance to bring the
event logs in directly from connected devices and forward these to a central SIEM or Security
Analytics platform for early detection and prevention of targeted attacks. Finally, smart OOB
connectivity is also useful during a cyber-attack that disrupts the production IP network such
as DDoS, a targeted switch attack or a rogue admin ‘lock out’ attempt, as the out-of-band
console server provides an encrypted direct connection to critical devices like routers and
firewalls using 3G/4G cellular modems. The ability to quickly and securely access logs from
impacted devices can help pinpoint root causes and enable remediation to begin faster as well
as significantly reducing consequential downtime.
Key Role of Resilience
Outages are bad news for financial institutions, but they are inevitable because of human
error, complexity of network devices, modern software stacks, hardware devices, and the
growing prevalence of cyber-attacks. To keep consumers happy and the institution’s
reputation intact, financial services must be prepared for outages. The good news is Smart
OOB with failover to secure cellular can keep services up and running even if part of the
network is down.
