Large Financial Institution with a Global Presence

THE CHALLENGE

A large financial Institution with headquarters in the US has offices and data centers located throughout the world. They offer complete banking and asset management to both individuals and business customers worldwide. As a provider of financial services, they are obligated to comply with government regulations protecting the privacy and security of its customers’ confidential information while maintaining virtually 100% uptime. However, until a few years ago they did not have an effective solution to managing devices that were located beyond firewalls (i.e. in DMZs). The Security personnel did not allow management protocols to be transferred freely through the firewalls. The Security team wrote thousands of firewall rules to allow for management traffic to flow into the Management Center. There were two significant issues associated with the firewall rules: first the cost to write and maintain the firewall rules was significant and secondly the firewall rules allowed the risk associated with management protocols which are inherently insecure.

The ZoneRanger Solution

In 2008, this financial institution was one of the first companies to implement Tavve’s ZoneRanger solution to securely manage devices located in the DMZ. They deployed redundant pairs of ZoneRangers to several data centers throughout the world. The ZoneRanger provided a mechanism to securely extend the reach of their existing management applications, avoiding the need to configure risky firewall rules, or to deploy additional applications instances in their DMZs. The ZoneRanger allowed the financial institution to use their existing management applications to securely communicate through the firewall to managed devices using a variety of protocols (e.g. SNMP, ICMP, Syslog, SSH, NetFlow). The SSL/TLS encrypted connection between the ZoneRanger and the existing management applications along with the data inspection performed on each protocol ensured the DMZs were being managed securely and effectively.

Results

The bank’s results were increased security, decreased cost, and decreased time to deploy new devices as the network grew. The ZoneRanger provided multiple security benefits: protocol break in all TCP connections and UDP datagrams, application-protocol-specific packet inspection, hiding management servers from DMZ devices. It reduced the risk of hackers penetrating the network to gain an understanding of the network architecture and the ability to reconfigure network devices. The significant reduction in firewall rules reduced the management cost associated with maintaining them and reduced the potential for human errors, such as ports unintentionally left open. The ZoneRanger provided the benefit of the being able to deploy additional devices in the DMZ without the burden of writing new firewall rules. This decreased the time needed to deploy new devices in their network as it grew. In conclusion, the financial institution now has a clear picture of what is occurring in the DMZ without worrying about security and the cost to maintain a large number of firewall rules.

Please contact Sales@Tavve.com for more information about our ZoneRanger product.