The Head of IT security services at a leading Australian bank was interviewed about the security challenges facing his bank, from its investments to its success in detection technology, to ensuring a smooth system migration from a legacy environment to a new environment. The Head of IT Security Services highlighted the bank’s 300 percent increase in customer response time for its internet banking service and gets excited about the implementation of Nokia’s VSX firewall technology and the Nokia intrusion prevention system.
Q. What do you see as being your most prominent security challenges in terms of your bank’s business security? And how do you intend to address these security challenges in the current security environment as well as in the future?
There are a number of significant challenges affecting us right now in the IT business security industry. These challenges include new types of malware such as zero-day attacks which are unable to be detected by the traditional security systems. And these kinds of attacks have increased their hostility in the external threat landscape. And in the midst of emerging data leakage threats, there are criminals who are using different types of exploits to steal company intelligence and logon credentials.
Q. What were the key business drivers that led you to look for a solution to address these significant security challenges?
Our participation in high risk new financial markets led us to address certain prominent security challenges. But in addition to this, placing some of our business and technical functions offshore, having a faster speed to market and the prospect of reducing our operating costs were also taken into consideration.
Q. What do you see as being an important part of a bank’s security infrastructure and what are some of the ideal solutions that a financial organisation such as your’s should put in place?
There are a wide range of security features that most banks and financial institutions have in place such as firewalls, intrusion detection and prevention, malware detection systems, surveillance systems, fraud detection systems and forensics capability supporting investigations.
Q. Before your bank decided to install a completely new system, what were some of the predominant technological challenges that your bank faced?
The company required a massive re-working in order to support our new business requirements. At first, we didn’t have the ability to provide adequate detection capabilities, which meant that we required heavy investment in preventative technology.
And there were also a number of other significant issues including disparate systems which were spread across multiple data centres, cumbersome management of technical systems, high costs and support issues.
Q. Which products from Nokia’s diverse product range have you chosen to implement at your bank?
We have implemented both the Nokia VSX firewall technology and the Nokia intrusion prevention system. And we are also using Sourcefire coupled with a tactical surveillance system, because the market is still yet to mature in SEIM technologies.
Q. What are the key benefits of Nokia’s business security solution?
It provides a defence in depth security model, real-time threat detection and blocking, faster deployment time to new business applications, enhanced management and ease of patch deployment. It gives your business the ability to manage a higher risk profile and to detect and respond to security incidents.
Q. How did the bank arrive at such an important decision to choose one particular security infrastructure provider over the other? And how has this decision played a role in the improvement of the security infrastructure at your bank?
While we took the firewall type into consideration, we initially had a small investment in Checkpoint. We settled with Checkpoint as our preferred firewall type, and then per- formed formal evaluation of Checkpoint appliances like Nokia, Crossbeam and Secure platform. A contributing factor to our decision was the life costs, the ability of the vendor to support next generation (VSX) technology, the commitment of the vendor to resolve issues promptly and a strategic partner that could provide a range of security products and services.
Q. In what manner was the Nokia solution deployed in your security infrastructure?
Two sites were configured as Active/Active with load-sharing across both sites. Large systems with high-end throughput were created in order to cater for extensive growth. In addition to this, all hardware will be configured with automatic failover for full redundancy.
Q. How was the implementation of the Nokia solution received by your bank?
Overall it went very well. We had some major issues which were quickly resolved by Nokia’s development teams. Nokia also managed to provide full, mission critical support precisely when it was needed. Migrating systems from the legacy environment to the new environment has also been a big challenge, mainly due to the lack of corporate knowledge on how the legacy systems are to be configured. As a result, we had to reverse engineer many of our systems to ensure a smooth migration.
Q. How long did the implementation of the new solution take? And what were the key factors behind the success of the implementation process?
The new solution was implemented in just over 6 months. We built a staging environment where we were able to test systems before placing them into production.
We also had a fully qualified and experienced staff. Nokia also supplemented our expertise to ensure that we had the best chance of success and had direct access to Nokia’s full resources when we had any issues or problems.
Q. How noticeable were the changes to the security infrastructure at your bank after the implementation took place?
The changes were very noticeable. We now have a world-class security infrastructure pre-configured to lodge new systems as required by our business.
We were also recently able to lodge a new on-line banking system within the security infrastructure over a few days, which was truly impressive. Our intrusion prevention system is operating well and we are using it to detect and block malicious activity.
Q. Describe your approach to handling IP sessions and detecting and preventing threats. And how is the traffic handled differently now?
We have several types of threat detection mechanisms, such as DDOS, external IDS, internal IPS and also Sourcefire analysis capability called RNA.
All these systems are connected to our SEIM for event monitoring and correlation.
These alerts combined with our surveillance and vulnerability management framework allow us to detect and manage threats based on their risk profile.
Q. Have you noticed any changes to the network performance of your bank?
We have achieved an amazing 300 percent increase in customer response time for our internet banking service. And our large Nokia firewalls now has at least 8 gigabytes throughput in addition to our IPS devices which are now capable of supporting our gigabyte requirements.
Q. How has this new solution improved your bank’s security?
We now have a next generation VSX installation which provides several security zones and a defence in depth architecture. And our IPS devices provide good visibility of threats and actively block suspicious activity as well as alerting us to unusual events. The combination of these alerts, performing event correlation and log monitoring has enabled us to provide a real-time alert capability that has already proven itself.
Q. Did the solution meet your requirements?
It definitely met our objectives and provided a stable, high throughput as well as a secure environment.
Do you know more about this story? Contact us anonymously through this link.