BLOG

How Security Automation Can Mitigate the Risk in Cybersecurity

F5 新闻中心工作人员 缩略图
F5 新闻中心工作人员
Published September 07, 2021

The banking and financial services industry has been experiencing digital transformation for several years and customer digital expectations combined with COVID-19 are accelerating key initiatives, such as Open Banking and Platform Banking. Today’s financial services are more open to external partners due to consumer demand, but many are concerned about growing cybersecurity challenges. Consequently, a traditional isolated approach in banking and financial services is still critical. Because of this reason, a large number of financial institutions are still focusing on protection at the edge. 

Open Banking = New Security Challenges

When it comes to modern financial services like Open Banking and Platform Banking, attack surfaces are no longer limited at the Gateway level but extended to areas that include containerized environments. In containerized environments, security operations are more complex because it is necessary to monitor all transactions the Kubernetes or OpenShift clusters. This is due to the design principles of Kubernetes and OpenShift which allow developers to quickly test their code in real time. Unlike a traditional model, containers are often ephemeral in a cluster for internal testing purposes. Container environments may expose a security hole that is prone to human error, and can lead to one of the worst consequences - a breach.

attack-remediation

So how can one apply the right security strategy for a containerized environment? First is the requirement of full visibility into critical applications that should allow one to apply application-level protection for containerized applications. This is often easier said than done. Customers may have hundreds of containerized applications in their Kubernetes or OpenShift clusters, making it not easy to achieve visibility and protection in real time. This necessitates the need for Security Automation. F5 and Red Hat team have worked closely in the ‘Network Automation’. Extending automation to security is the next frontier. 

Considerations for Security Automation

Security Automation can be a useful tool for financial companies to manage security policies in Open Banking and Platform Banking services. There are, however, some considerations when building your own Security Automation. First, the automation playbook should be easy to configure. Most Security Automation engines require advanced programming skills. While the programming of automation engines has its own advantages in terms of flexibility, it generally is not a good choice from an overall Security Automation design perspective. Second, the automation engine should be able to support various types of security solutions without major re-engineering. Finally, you must have the right security solutions to integrate with the automation engine. If a security solution provides a layer-7 level of visibility regardless of its encryption status, it can help the SecOps team to design the proper automation processes.

F5 Solutions for Security Automation

F5 has a variety of products to support security operations teams for different purposes. For example, we have F5 Advanced WAF, SSL Orchestrator, BIG-IP Access Policy Manager, and BIG-IP Advanced Firewall Manager to support traditional NetSecOps teams.

Ansible automation platform

NGINX App Protect provides a superior level of application security for a container environment. F5 provides programmable interfaces to incorporate automation such as Red Hat Ansible. Security teams can use F5 solutions in combination with leading SIEM products to provide deep visibility and automated remediation of security threats. This ability to log, analyse and automatically remediate security threats provides SecOps teams the ability to remedy most common attack vectors and focus their energies on hardening their infrastructure to address more sophisticated attacks.

F5 BIG-IP Application Delivery Services provides unified monitoring capabilities for your network and export capability for critical network telemetry data at the application layer. This includes user authentication data, firewall logs, Web firewall logs and load-balancing data. With F5 BIG-IP, customers can replace the complex steps of data gathering with a single F5 device deployment.

pre defined attack-remediation

Conclusion

According to the 2021 Data Breach Investigation Report by Verizon, 721 incidents in the finance industry and more than 50% of cases were confirmed with data disclosure. 

actors in finanace breaches over time

However, the more important point is that 44% of total breaches did not happen by advanced attackers or state-sponsored attackers. They were caused by human error. This number clearly proves that Security Automation is no longer a choice but mandatory, especially for the banking and financial services industry. F5 can help you start your Security Automation journey to with our strategic alliance partner, Red Hat, and its industry-leading solution – Ansible.  Learn more at www.f5.com/ansible