The leading knowledge platform for the financial technology industry
The leading knowledge platform for the financial technology industry

A-Team Insight Blogs

Network Resilience in Financial Services – Why it Matters and How Firms Can Achieve it

By Alan Stewart-Brown, vice president EMEA, Opengear

Firms across the financial services sector are increasingly reliant on IT networks to deliver
core services, but this can leave them vulnerable to rapidly escalating security threats.
Hacking software is widely available and threats from social engineering, phishing, and
malware attacks are an ever-present reality.

To alleviate the more severe threats, we see financial networks having to implement alerting,
centralised logging, IPSEC or OpenSSL VPN tunnels, SSH key authentication, stateful
firewall, remote AAA and more. But it is not possible to guard against every threat. Cyber-
attacks are close to inevitable and becoming more so, and every device in a financial services
firm’s network is a potential target, including branch and edge devices.

Security must be factored into every element of an organisation’s network infrastructure. It’s
a complex undertaking that, even if successfully achieved, does not guarantee success, not
least because cyber-attacks are far from the sole threat to network resilience. System outages
can also be the result of natural disasters, construction or vehicle accidents, not to mention
environmental conditions and arguably the biggest threat of all, human error.

A broad array of network elements can also cause outages. Cable interconnects, dense
compute chassis, power supplies, switches, storage arrays, and even air conditioning are all
potential sources of problems. The impact security breaches and system outages have on
financial services firms can be severe. Firms’ systems and networks are typically business-
critical and even the smallest amount of downtime can potentially be disastrous. Reputational
damage caused by any outage, however caused, also factors greatly in the financial services
and banking sector that relies heavily on consumer trust.

Route map to the future

Whatever the origin of these threats, their prevalence highlights the importance of firms
developing networks that are resilient, reliable and secure. Financial organisations need edge
solutions that are as dependable as their data centres, eradicating the risk of a complex router
becoming a single point of failure. In an ideal world, this means uninterrupted internet
connectivity for all LANs and equipment over a link that is not incorporated within the
production network. Every site needs to be able to use high-speed networks whenever the
primary link is unavailable.

One solution is to leverage Smart Out-of-Band (OOB) technology, which delivers sufficient
bandwidth on an alternate path to enable critical functions to keep running until the network
event is resolved. OOB management allows admins to maintain and manage components like
power supply units, servers and WAN devices and resolve malfunctions via remote access. If
there is an issue with connectivity, out-of-band solutions offer a failover solution. Today this
is normally managed via cellular, although alternatives are available.

OOB management can ensure continuous remote access of network administrators to critical
components like switches and routers, and security applications like firewalls and encryption
tools. Typically, this approach means there is no requirement for an onsite visit. In the event
that it does prove necessary, the technician can ensure arrival onsite with the correct spare
part in hand to resolve any issues quickly.

Getting smarter

Deploying smart OOB platforms can help address security issues in innovative ways and
their deployment has several major advantages. The first is that they offer a simpler way to
deploy multi-factor authentication (MFA) that only needs to be integrated into the console
server to be enforceable across the whole security appliance layer.

Second, smart OOB console technology can become a system of record for all configuration
changes and patches with changes sent over an alternative pathway. An update failure that
renders the device unreachable via the production IP network can often be rectified via this
same OOB connectivity that accesses the service ports on most network devices to reach the
underlying console.

This approach assists the network and security managers in determining if critical
infrastructure has been patched and enables forensic investigators to discover if a breach was
aided and abetted by the actions of an insider or was simply an oversight.

Another proactive security benefit is the capability of the smart OOB appliance to bring the
event logs in directly from connected devices and forward these to a central SIEM or Security
Analytics platform for early detection and prevention of targeted attacks. Finally, smart OOB
connectivity is also useful during a cyber-attack that disrupts the production IP network such
as DDoS, a targeted switch attack or a rogue admin ‘lock out’ attempt, as the out-of-band
console server provides an encrypted direct connection to critical devices like routers and
firewalls using 3G/4G cellular modems. The ability to quickly and securely access logs from
impacted devices can help pinpoint root causes and enable remediation to begin faster as well
as significantly reducing consequential downtime.

Key Role of Resilience

Outages are bad news for financial institutions, but they are inevitable because of human
error, complexity of network devices, modern software stacks, hardware devices, and the
growing prevalence of cyber-attacks. To keep consumers happy and the institution’s
reputation intact, financial services must be prepared for outages. The good news is Smart
OOB with failover to secure cellular can keep services up and running even if part of the
network is down.

Related content

WEBINAR

Recorded Webinar: Trade surveillance: Deploying monitoring and surveillance capabilities for today’s new normal

Let’s face it: The old ways aren’t coming back. A plethora of challenges brought on by the covid-19 pandemic, coupled with unrelenting market volatility and uncertainty, have pushed financial service firms to look for rigorous monitoring and surveillance solutions to meet the demands of the emerging trading landscape. Working from home (WFH) has increased the...

BLOG

Options Extends SGX Footprint with Ultra-Low Latency Offering

Expanding on its introduction of managed colocation services for trading on the Singapore Exchange (SGX) last summer capital markets infrastructure provider Options Technology has partnered with the exchange to provide ultra-low latency (ULL) connectivity to SGX’s Tier 1 site. The addition of the new SGX capability follows on the heels of the company’s acquisition of...

EVENT

TradingTech Summit London

TradingTech Summit London will explore how trading firms are innovating in today’s cloud and digital based environment to create flexible, scalable trading platforms to support speed to market and business agility. Leveraging the cloud, AI and ML technologies to get an edge, automate processes and simplify operations in a cost effective way is the name of the game and will share practical insight from practitioners and technology leaders who are innovating and driving forward change in trading operations.

GUIDE

Trading Regulations Handbook 2021

In these unprecedented times, a carefully crafted trading infrastructure is crucial for capital markets participants. Yet, the impact of trading regulations on infrastructure can be difficult to manage. The Trading Regulations Handbook 2021 can help. It provides all the essentials you need to know about regulations impacting trading operations, data and technology. A-Team Group’s Trading...