Major financial institutions experienced 80% more cyberattacks over the past 12 months, a 13% year-over-year increase, with a 238% surge in cyberattacks against banks during the coronavirus pandemic.¹ According to a new analysis by the Federal Reserve Bank of New York, a single cyberattack on one of the top U.S. banks would likely have a major effect on the global financial system.²

The banking industry faces a whole range of risks as they evolve in the interconnected edge enterprise landscape while battling a growing list of software attacks including denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks, man-in-the-middle (MitM) attack, phishing, and spear-phishing attacks, credential stuffing, and ransomware.

While a majority of threats target software vulnerabilities, banks also risk hardware vulnerabilities that could put the organization’s digital infrastructure at risk, from an employee device to a router connected to an unsecured network, through the Internet of Things (IoT) and cloud exploitation.

The core concept for the banking Cyber Security strategy is to safeguard customer assets and their transactions. As breaches lead to damage banks’ standing in the financial market, consequences, and penalties for FDIC non-compliance, monetary losses, and customer confidence.

Challenge

This was the environment when one of the United States’ largest financial corporations, who specialize in Business and Commercial Banking and Financing came to Garland Technology looking to future proof their security deployment with a cost effective, scalable connectivity strategy that provides resilience and redundancy.

This organization’s security strategy involved the use of Intrusion Prevention Systems (IPS) and DDoS protection for all critical links. IPS is a network security tool that examines network traffic flow to detect and prevent vulnerability exploits. A DDoS protection tool specifically blocks denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks.

Both security solutions are deployed inline, meaning the tool sits directly in the path of network traffic to actively protect and block potential threats. The company reached out to Garland Technology as a leader in inline security, whose CTO Jerry Dillard invented bypass technology, knowing they needed a scalable connectivity strategy that accounted for inline deployment sensitivities.

Architecting networks with High Availability (HA) or redundant designs, creates added challenges for security and networking teams, in not only effectively deploying and updating tools without creating a single point of failure for each device but how to adjust once an HA has been triggered.

Goal

Solution

Garland’s engineering team worked with the IT team to design an HA architecture that solved all of their challenges, while providing additional value and functionality, leading them to expand this use case throughout their enterprise.

Our teams worked through questions like, do we have to buy two of everything? What happens if traffic switches from primary to secondary? How are we going to track that data? How do we correlate everything? While working through expectations, urgency and availability of each device.

High Availability

There are two options for incorporating High Availability (HA) solutions, Active/Standby and Active/Active. Active Standby (Or Active/Passive) deploys to a secondary tool, providing failover from primary device to backup appliance. Active/Active deploys to a redundant link, providing failover if either active device fails.

The EdgeLens^® Inline Security Packet Broker transformed their network security capabilities, instead of relying on a single bypass TAP for each device, they were able to not only provide the same reliability and management controls of a bypass, but also managing multiple inline and out-of-band tools from the same device with packet broker functionality, which easily complemented either HA architecture.

For each link deployment the IPS was deemed critical, so each EdgeLens deployed two redundant IPS tools in an active standby scenario, one IPS as the primary or “active” appliance brought inline through the EdgeLens and the secondary IPS or “passive” appliance, which still receive live traffic, but is not considered inline. This provides “Hot Standby” redundancy. In the event the primary appliance goes down and the heartbeats stop being received by the TAP, the secondary appliance will immediately and automatically take over as primary and be brought inline.

Each deployment also incorporated one DDoS protection tool, which was managed by the bypass functionality, providing heartbeat health checks and “inline lifecycle management” which allows you to easily take tools out-of-band for updates, installing patches, maintenance or troubleshooting to optimize and validate before pushing back inline.

Simplified Security Stack

Benefits

• Provide High Availability [HA] redundancy to inline security tools, ensuring 24/7 availability
• Reduced risk of unplanned downtime
• Simplify security stack and reduced network complexity by managing multiple inline tools
• Provide filtering, aggregation, and load balancing to inline links
• Distribute traffic before and after an inline tool (WAF, NGFW, or IPS) to out-of-band tools

1-VMware Carbon Black third edition Modern Bank Heists report https://www.carbonblack.com/resource/modern-bank-heists-3-0/
2-https://www.newyorkfed.org/research/staff_reports/sr909

By Chris Bihary

Today, 50% of large enterprises are spending over $1 million annually on cybersecurity. The worldwide information security market is forecast to reach over $170 billion by 2022, as enterprises are making huge investments when it comes to securing mission-critical applications and data-center performance quality.

This result reflects growing breaches across the networking landscape costing on average $3.92 million in 2019 alone, including the cost of networking infrastructure to combat these threats, as well as the impact the company faces through downtime, recovery and reputation.

We’ve talked about the 3 keys to network resiliency being bypass technology, failsafe technology, and network redundancy, as well as understanding your single points of failure. But let’s dig deeper and review what network redundancy is, when it is needed and how to deploy High Availability (HA) solutions in your network.

What Is Network Redundancy?

Enterprise IT operations strategize failure, recovery and business continuity plans that typically include redundancies for critical servers, network segments, security tools and internet connectivity, where a failure would cause significant downtime. In the event of a failure, redundancy allows your network to remain in service by providing alternative data paths or backup equipment.

Network redundancy is introduced to improve reliability and ensure availability. The basic concept that if one device fails, another can automatically take over. With the goal to maximize availability with minimal complexity.

The concept of network redundancy is accomplished through what is referred to as High Availability (HA) deployments. HA network designs incorporate redundant components for critical power, cooling, compute, network, security and storage infrastructure with the goal of eliminating any single point of failure that could compromise the network.

When Is Network Redundancy Needed?

Many companies can minimize their downtime through bypass TAPs. However, for industries that have the highest cost of downtime, unplanned downtime is not an option, including Financial Services, Energy, Telecom, Manufacturing, Retail and Healthcare, where critical services and information must be secure and available 24/7/365. Just last year, 86% of worldwide enterprises reported an average hourly downtime cost of their servers at over $300K, with 15% being over $5M.

Despite the enormous investment in infrastructure and security tools, many IT teams continue to experience database, hardware, and software downtime incidents that can last a few minutes to days, accruing not only these revenue losses but enduring negative customer experiences and having sensitive data compromised. Many times the repercussion of a down security tool like a firewall or Intrusion Prevention Systems (IPS) can lead to additional breaches or security events.

Downtime can happen for a variety of reasons, through cyber attacks, human errors or misconfigurations, understaffed IT departments, power failures and hardware failures. To reduce downtime, it is essential to plan for unexpected events that can bring down the systems. HA systems minimize the impact of these events, and are designed to automatically recover from failures.

Adding Reliability to Your Security Strategy

Inline security tools like IPS, Web Application Firewalls (WAF), and firewalls are typically architected inline, meaning they are sitting directly in the path of critical links. The purpose is to block threats in real-time before they get into the broader network. Unfortunately this introduces potential single point of failure (SPOF) challenges like what happens if the device failed, and how do you properly update or optimize once it is inline?

As a recent EMA [Enterprise Management Associates] report states, “An oversubscribed device can degrade network performance and a device failure can bring down the network. Managing the risk of downtime is a critical consideration when connecting security devices to the network.”

Industry best practice encourages all inline tool availability to be managed by an external bypass TAP. The next step is taking this technology and applying redundancy to critical links ensuring that in the event of a failure to critical links, High availability (HA) bypass deployments are your foundation to cybersecurity redundancy.

Garland offers two scenarios for incorporating High Availability (HA) solutions into your network, Active/Standby and Active/Active. Active Standby (or Active/Passive) deploys to a secondary tool, providing failover from primary device to backup appliance. The Active/Active Crossfire design incorporates a secondary tool, bypass TAP and redundant link, providing the ultimate failover if either active device fails.

Deploying Redundant Inline Security Tools

HA Bypass TAPs can connect two inline tools with a primary / secondary or an active / standby design. These Bypass TAPs sit inline on a single network link and can connect to redundant tools without adding additional complexity or a new point of failure to the network.

In these single link situations, the Bypass TAP will send live traffic from the network to both tools. One tool will be the primary or “active” appliance managed inline with the Bypass TAP. The secondary or “passive” appliance also receives live traffic out-of-band, but will not forward traffic back onto the network. This provides “Hot Standby” redundancy. In the event the primary tool goes down triggering the bypass heartbeats to stop, the secondary tool immediately takes over as primary and is brought inline by the Bypass TAP.

Deploying Inline Security Tools with Redundant Links

In architectural designs where redundant network links are used, a similar bypass TAP design can be incorporated. This time the redundant security tools are cross-connected between the two HA Bypass TAPs. In this Active/Active Crossfire design, each tool and Bypass TAP should be the primary appliance for their respective link, and the redundant for each other, usually resulting in asymmetric routing. If an appliance goes down, the network link’s traffic will fail-over to the secondary link, allowing all the traffic to be seen by the remaining active appliances.

Cybersecurity relies on redundancy to ensure network availability, because for critical links, downtime is not an option. Using Bypass TAPs on inline appliances will not only ensure these tools are constantly protecting the network, but providing functionality to expedite troubleshooting and shorten maintenance windows.

If you are deploying redundant security solutions into your network, Garland has specifically designed HA Bypass TAPs and Inline Security Packet Brokers that not only provide the same reliability and management controls of a standard bypass, but also provide the ability to manage multiple inline and out-of-band tools from the same device with packet broker functionality. This was the case recently when a large financial corporation, who specialize in Business and Commercial Banking and Financing came to Garland Technology looking to future proof their security deployment with a cost effective, scalable connectivity strategy that provides resilience and redundancy.

We achieved this HA solution deploying Garland’s EdgeLens® Inline Security Packet Broker, which transformed their network security capabilities with added functionality, easily complementing the new HA architecture.

Looking to add an HA solution to your security deployment, but not sure where to start? Contact us and we would be happy to help you find your solution.