Big Finance Reveals Dual Network Security Strategy

Financial services adopt comprehensive network security strategy for breach detection and remediation post-event.

Being a senior network engineer charged with ensuring secure financial services to tens of thousands of customers can be a lot of pressure. However, a more robust security strategy including close alignment with security teams can help keep everything running smoothly. The first step is to more effectively use network monitoring tools, something not all enterprises have figured out how to do.

“For security purposes, it’s two-fold,” says the senior network engineer. “When there’s any type of threat that’s detected or reported to us, one of the first things we do is confirm that nothing has happened. On the flipside when we do get alerts that there may be some sort of a DDoS attack or something like that, we have our cybersecurity engineers get the alerts out of the IPS, but the packets are where they are going to find out exactly what is being attempted against us and how successful those things are.”

Getting at the packets is often easier said than done as many network performance monitoring and diagnostics (NPMD) tools are moving almost exclusively to metadata or NetFlow data, ignoring the important and useful packet-level capture in favor of faster and less bandwidth-intensive analytics.

“Paydays, the first of the month, the 15^th of the month tend to have different behavior than any of the other days, so we need to be able to go back and look at what was happening thirty days ago to determine if what we’re seeing is something to be concerned about.”

“That’s just more the day-to-day type stuff,” says the senior network engineer. “What we are really striving and moving more towards is looking for anomalies in the environment. There is bad stuff happening out there that’s not known publicly yet. There’s been no disclosure. There have been no announcements. So, it’s up to us to try to figure out what’s going on or what might be attempted right now that no other tool is picking up. We are really fine-tuning skills and abilities and using the software and tools that we’ve got to look for things that are different. Are there new systems communicating? Are there existing systems that are transmitting or receiving a lot more data than they have before? Has there been a shift in the pattern to those traffic flows? Are they outside of the business hours of what they normally are? Baselines being deviated from? All that type of stuff. So, we are really, really focusing more on the anomaly detection side of the house now.”

With that in mind, choosing NPMD tools that provide that packet-level data is increasingly important.

“We need to have those packets available at our disposal for anomaly detection,” the senior network engineer says. “If you’re researching an issue that’s happening right now and you’re only able to see what’s going on right now, that’s great. But if you don’t know what the norm is, if you don’t know how things are supposed to be looking, it’s really difficult to determine if what you’re seeing is really bad or not.”

The ability to go back in time and view packet-level analytics is a feat that does require more CPU muscle and often specialized capture cards that can handle both capture and analysis at line rate, 40 gigabits per second. Financial institutions especially are beginning to adopt this type of comprehensive detection, and remediation strategy with the ability to rewind and view what happened post-event.

“We need to be able to go back and look at what this behavior was or what was going on twenty-four hours ago, a week ago, even a month ago because everything that we do especially in the banking world is very cyclical,” the senior network engineer says. “Paydays, the first of the month, the 15^th of the month tend to have different behavior than any of the other days, so we need to be able to go back and look at what was happening thirty days ago to determine if what we’re seeing is something to be concerned about or not. So having all those packets at our disposal, on-demand? Invaluable.”

Learn more about how network monitoring solutions with packet-level analytics are moving financial enterprises in the right direction in the fight for security.