The Client
Is a large financial institution that aims to reach every individual in the country with one or more payment services in addition to providing a robust payment infrastructure.
Background and Key Challenges
In recent years the digital payment space has witnessed a huge transformation in India and the country has embraced digital payment usage. With a spike in usage and the sensitivity of the financial realm, the need for maintaining the highest level of security is high.
The Indian financial institution has a diverse infrastructure spread across multiple geographical locations, offering cutting-edge payment services. As the institution expanded, its digital footprint grew, demanding robust cybersecurity solutions to safeguard sensitive financial and customer data. With the explosion of cyber threats and the significant increase in the volume of daily transactions, the Client recognized the need to implement effective network access control (NAC) and privileged access management (PAM) systems.
Challenges Faced by The Client
- Distributed network across 6 different geo locations made it difficult to control and monitor the network.
- With more than 3,000 devices and 2 data centers, it was getting increasingly complex to control and monitor the network.
- Implementing uniform security policies and access control measures was extremely difficult.
- With 2,200 users across 6 geo locations, more than 8,000 servers, and 800 network devices, securing and monitoring privileged accounts and access to critical systems was a daunting task.
Goals
Acknowledging the importance of protecting its critical infrastructure and network, the Client sought to strengthen its cybersecurity posture.
- Health check for all the devices across the 6 geo locations to validate the compliance policy.
- Restriction of the users on the network (user-based access).
- Validation of certificate during 802.1X authentication.
- Complete visibility into the privileged accounts.
- Implementation of Privileged Access Management (PAM) solutions across all locations to ensure employees only have the necessary levels of access just required to perform their tasks.
The Solution: Inspira Enterprise Approach
The financial institution partnered with Inspira, the global Cybersecurity, Data Analytics, and AI services provider to address its cybersecurity challenges. Inspira proposed a comprehensive solution that involved implementing Network Access Control and Privileged Access Management.
Network Access Control (NAC)
- Highly scalable and reliable policies with dynamic role-based ACLs were designed and pushed to the switches and controllers.
- Security Posture policies were based on RBI guidelines and ensured they were compliant.
- AAA (Authentication, Authorization, and Accounting) security framework was established for all the devices connecting to the corporate network. This controlled access to computer resources. Any non-compliant device was not allowed to connect to the corporate VLAN.
- Implementation of Privileged Access Management (PAM) solutions across all locations to ensure employees only have the necessary levels of access just required to perform their tasks.
Privileged Access Management (PAM)
- Just-in-Time Access Control model was implemented where approvals were granted on a limited and as-required basis. Here access controls and approval workflows were configured accordingly.
- A password vault to automate and control the entire process of password management was implemented.
- Various flavors of DBs, Windows servers, Linux servers, network devices, and application web UI were integrated.
- DR-Drill was conducted every quarter.
- Video log management and backup on Commvault were established.
- RSA token management for multi-factor authentication and license review were also established.
Benefits of the Solutions
The implementation of the solutions led to significant improvement in the organization’s security posture,
- Only compliant devices were connected to the Corporate VLAN. Regulatory compliance was achieved by the implementation of robust security policies.
- Authorized network access was provided leveraging the AAA solution.
- Users and customer experiences were enhanced with faster and more seamless transactions.
- The network transformed into being highly scalable, reliable, and future-ready.
- The comprehensive visibility into the privileged accounts enabled better management and monitoring.
- Users’ access was automatically provisioned and de-provisioned as and when their roles changed or they left the organization. This reduced the risk of account takeovers and provided security for users and their accounts.
- Damage caused by malicious insiders was limited as the PAM solution ensured users only had access to the systems they worked with.
- This reduced the risk of data breaches and unauthorized access by effective management of network access and privileged accounts.
- Operational efficiency was enhanced with the streamlining of network management and privileged access control thereby reducing the administrative load on the IT team members.
- Business continuity was established with the high availability of data centers and by proactively identifying and mitigating threats.
Client’s organization said, “We are happy with the Inspira team for enhancing our organization’s cybersecurity posture by successfully implementing the NAC and the PAM solutions and addressing the complex challenges. The NAC systems were centrally managed and integrated with Active Directory Controls delivering role-based network access. This mitigated the risk posed to the data and improved our organization’s network security posture.” He further added, “Inspira team configured and integrated the PAM solution with Identity Access Management system protecting all user identities, prevented privileged account attacks and saved a significant amount of time for users as well. Continuous monitoring of privileged users also ensured they did not misuse their access rights. Additionally, achieving compliance with industry and government regulations became a lot easier too and our organization now enjoys increased security, regulatory compliance, and cost savings.”