Bradford Networks
 

NAC DIRECTOR ™ FOR FINANCIAL SERVICES ENVIRONMENTS


Institutions in the finance, banking and insurance industries face a number of unique network management challenges that make a comprehensive NAC solution a key component of the IT strategy.

Your company likely supports large volumes of commercial transactions around the clock, 365 days a year. A few minutes of downtime can cost millions of dollars. And increasingly sophisticated criminals see your systems and data as high-value targets. Financial services IT professionals must balance these challenges in an increasingly competitive environment that pushes IT systems to their limits, demanding always-on, flexible networks in an environment where every investment is scrutinized.


Financial Services Industry IT Issues

IT professionals in the finance, banking and insurance industries must ensure real-time access to data, while at the same time, protecting that data. Network threats – from non-compliant devices carrying viruses or malware – unauthorized users, highly distributed and often disparate networks and the need to document regulatory compliance all combine to drive complexity in the network access control process.

  • Distributed workforces require centralized, consistent control via wireless, wired and VPN access
  • Headquarters, regional and branch offices require flexible yet stringent data access policies
  • Large workforces with varying tasks require data access to be driven by role, location, time of day, and other variables
  • Device proliferation means that employees, guests and contractors may be accessing systems from their own devices, necessitating an automated, auditable system for validating identity and ensuring device compliance
  • Industry consolidation has resulted in diverse network topologies that must be centrally monitored and controlled
  • Regulations such as Sarbanes-Oxley (Section 404), the Gramm Leach-Bliley Act, and standards like PCI, are protecting consumer data, but require stringent controls and auditing processes

Network Complexity

Industry consolidation means that financial services networks are almost universally heterogeneous. In this complex environment, with tight IT budgets, centralized network controls are a business imperative as organizations must document compliance with security standards.

Financial networks are further complicated by a diverse universe of devices accessing the network using a diverse set of access technologies. Vendors, contractors and other guests often require internet and data access through wireless connection points in conference rooms, guest offices and other locations. At the same time, an increasingly mobile workforce working in an “always-on” business environment is accessing systems from coffee shops, hotels, home offices, or other remote locations, often using their own devices. This phenomenon introduces a new level of complexity as new variables are introduced into network operations.

Regulations and Standards

With fears of identity theft on the rise, and greater concern about the integrity of online transactions, companies in the financial services must protect the integrity of customers’ financial information. Regulations such as GLBA, Sarbanes-Oxley and SAS 70, and the PCI Data Security Standard require organizations to take all necessary precautions to safeguard this data. Among the IT responsibilities finance, banking and insurance companies complying with these regulations face are:

  • Identifying security risks to sensitive customer information
  • Assessing existing safeguards and implementing any new ones that are necessary
  • Monitoring the effectiveness of security safeguards
  • Continually improving network security

Real World Challenges, Real Solutions

According to Grant Thornton’s 2007 14th Annual Survey of Bank Executives, 96 percent of banking executives cited “protecting customers’ data” as an IT imperative, but only 71 percent said they were “somewhat comfortable with their ability to do so.” In addition, only 59 percent said that they were confident about their ability to verify systems and control technology risks.

These gaps are serious. With more than 570 financial data security breaches recorded by the General Accounting Office between January 2006 and December 2006, and regulatory and standards guidelines such as GLBA and the PCI Data Security Standard demanding an audit of network activities, grappling with data security and managing security risks have become key IT operational drivers.

What makes this so hard? And how can financial services IT executives bring best practices to their network security processes?

In a survey conducted by the Ponemon Institute, only 13 percent of respondents in the financial services industry have a centralized identity and access management process for their networks. Often, this is done on a regional or branch office basis. Centralizing access and identity management – through the use of a comprehensive NAC solution like Bradford’s NAC Director – is the first step in securing your network, and ensures that you are protecting customer data, guarding against network threats and monitoring the effectiveness of your security policies.

Network Access Control Addresses Finance Issues

A relatively new approach to addressing network access and security issues, Network Access Control (NAC) provides solutions to problems that financial services organizations are experiencing with network access and security. What an individual can do on a network is a function of three factors – who they are; what device they are using; and when, where and how they are connecting. Unlike firewalls, which protect access at a specific point in the network, NAC is user-centric and mitigates the risk association with each user wherever and however they connect.

A complete NAC solution assesses these factors in real-time to protect the network and endure adherence to established policies. This includes:

  • Providing network access based on user identity
  • Assessing pre-connect host posture
  • Quarantining non-compliant devices and offering self-remediation
  • Providing policy-based access to network resources
  • Monitoring post-connect posture and behavior and enforcing network use policy throughout the network session
Financial Services IT Security Challenge NAC Capabilities
Controlling access to sensitive data
  • User and device registration
  • Identity management
  • Role- and location-based access
Ensuring the health and security of individual devices; guarding against network threats
  • Endpoint compliance checks
  • Forced updates to anti-virus, anti-spyware and other required software programs
Providing visibility into exactly who is accessing the network, when, and how
  • Device authentication
  • Physical address and logical address correlation
Protecting the main network and data while providing guest and contractor internet access
  • Wireless connection authentication that mirrors wired and VPN experience
  • Role-based authentication limits exposure to data and systems
Providing remote access to employees
  • Consistent wireless, wired and VPN access policies
  • Location-based rules
Documenting regulatory compliance and user access to meet SOX, GLBA and PCI standards
  • Alarms and alerts
  • Sophisticated logging and reporting functionality
  • Audit log of all devices, users connected to the network at all times

NAC Director Solves Financial Services Security Challenges

Bradford’s NAC Director solution is particularly well-suited to the needs of financial services organizations. NAC Director's architecture provides edge enforcement in an out-of-band configuration with existing switch infrastructure. This means no single point of failure, no need for expensive and hardware-intensive inline NAC deployments, and no need to replace your switched network backbone just to implement NAC. NAC Director leverages your existing switch infrastructure, which is important given the budget constraints which are a reality for most financial services IT organizations.

Key NAC Capabilities NAC Director Features and Benefits

Controlling access to sensitive data

  • Forced registration provides comprehensive view of all connected network devices
  • 7-point identity profile enables precise identity definitions for granular policy assignment

Guarding against network threats

  • Pre- and post admission checks provide continuous endpoint posture analysis
  • Self-remediation empowers users to update their systems, reducing helpdesk intervention and protecting network resources
Providing real-time visibility into network activity
  • Standards-based authentication leverages existing infrastructure and ensures quick and accurate authentication
  • Forced registration delivers log of all device and user activities

Providing and controlling guest/contractor network access and providing remote access to employees

  • Dynamic VLAN assignment ensures that users access only appropriate network resources
  • Wireless connection process mirrors forced registration, rules and policies of wired access
  • Port-level role assignment further enforces rule-driven access and ensures data integrity

Documenting regulatory compliance

  • Alarm traps and triggers automates the process of stopping unauthorized activity at the network access point
  • Audit log captures all network activities and can be exported to pre-defined or customized report templates to document compliance

NAC Director uses SNMP and RADIUS to provide dynamic control of your existing network switches. VLANs are used extensively by NAC Director to segregate access to resources based upon user roles. Bradford provides unmatched interoperability with popular network switches, security devices, operating systems and security software products, so you can be confident that NAC Director will simply “plus and play” with your existing network.

NAC Director provides both persistent and dissolvable agents for endpoint compliance. This is a key requirement for financial services networks, with distributed, always-on workforces, guests, contractors and staff who may work on the road or from home. Bradford’s agent technology supports Windows, MAC, and Linux Operating Systems. For other Operating Systems, the Bradford solution leverages Nesses scanning to determine device vulnerability status. The Bradford agent technology runs without requiring administrative user privileges.

NAC Director helps financial services organizations comply with GLBA, PCI and other regulatory and standards requirements in critical areas of identity management, data access, and systems activity reporting.

The NAC Director product family provides configurations to accommodate small networks with as few as 100 users, and large networks with tens of thousands of users.

Summary

With increased regulatory demands, and technological advancements that increase network complexity, financial services CIOs and CISOs are challenged to ensure that network availability and security do not suffer. Network Access Control technology can provide the capabilities that you need to regain control. Bradford NAC Director solution provides an industry leading NAC feature set, and a solution architecture that is ideal for financial services organizations. NAC Director lets you preserve your existing network investment, and extend it to deliver advanced security and network control capabilities.

 
home | about us | products | solutions | news & events | partners | support | contact us
© 1999-2008 Bradford Networks. All rights reserved.        Privacy Statement