Cyber security attacks in 2023 reached a new level of sophistication as significant supply chain attacks and evolved malware tools have accelerated the risk facing financial institutions. With insider threat and supply chain risk presenting the weakest link in the chain, the threat facing financials is no longer if, but how they will be breached. And more importantly, how they can detect, contain, and defend against breaches as they occur.

Tool sprawl has created an operational challenge in that it adds complexity around the operational consistency of security information. There are a few approaches that can help, but one thing I am hearing loud and clear is the desire to use tools properly, and not add another tool when a current security control is present (but unutilized). One tool that has immense potential value because of inherent support existing infrastructure is Cisco’s Secure Network Analytics.

Cisco Secure Network Analytics in Financial Services

This tool allows financial institutions to turn almost all existing hardware into a malware detection engine through using features on the devices that they have already paid for. This can replace or augment intrusion detection systems (IDS) at smaller and medium sites. It can also provide this capability at line rate at 100g in the data center, and even inspect encrypted traffic in the campus and WAN, without decrypting. It can help with DDOS, data exfiltration, and help detect insider and supply chain threats using threat intelligence and AI/ML.

The Cisco Secure Network Analytics tool also helps banks meet their regulatory compliance — as compliance is not only a legal obligation, but also a crucial aspect of protecting a company’s reputation and its customers. Compliance regulations are set to ensure that financial institutions are operating under safe, secure, and ethical conditions. This is where Cisco Secure Network Analytics can be part of a comprehensive solution to help financial institutions meet their regulatory obligations.

Helping today’s infrastructure counter tomorrow’s threats

As earlier noted, a key benefit of Cisco Secure Network Analytics is its implicit support for the majority of equipment already used. You will be able to take an existing platform available in branches, data centers, and the WAN, and turn them into a pervasive, enterprise-wide IDS. With this, you can provide extensive visibility wherever the network itself is, without adding more complexity. It even integrates with Cisco Identity Services Engine to be able to quarantine malware as it is detected, through sending a change of authorization to the network.

Across the suite of supported devices there are a number of capabilities Cisco Secure Network Analytics can provide:

  1. Enhanced Visibility and Threat Detection: Cybercriminals go to the banks, because that is where the money is. Cisco Secure Network Analytics offers an advanced threat detection system that monitors network traffic, identifies suspicious activities, and helps mitigate threats. This aligns with many regulatory requirements that mandate financial institutions to have robust systems for identifying and mitigating potential security threats.
  2. Data Protection: Protecting customer data is a key regulatory requirement for all financial institutions. Cisco Secure Network Analytics helps safeguard sensitive data by providing insights into who is accessing the network, what data they’re accessing, and whether there are any potential data breaches.
  3. Auditing and Reporting: Regular audits are part of compliance requirements for financial institutions. Cisco Secure Network Analytics simplifies this process by providing detailed network traffic analysis and threat detection reports. These reports can be used to demonstrate to regulators that the institution is actively monitoring and managing network security, and show what countries or third party institutions are actively or historically communicating with the network. Through supporting the hardware already used, it provides an easy way to audit remote sites without deploying yet another box.
  4. Simplifying Network Segmentation: Regulations often require financial institutions to segregate their networks to limit the potential spread of threats and protect sensitive data. Cisco Secure Network Analytics simplifies network segmentation by providing full visibility into network traffic, allowing for easy identification and isolation of different network segments. Once you have grouped what things should be talking, it is easy to find what exceptions to your policy exist so they can be updated, or remediated.
  5. Compliance with Specific Regulations: Cisco Secure Network Analytics can help financial institutions meet specific regulations such as GDPR, PCI DSS, and the Dodd-Frank Act. It provides the insight to help meet the FFIEC regulations. For example, for GDPR compliance, the platform provides insights into the movement and location of personal data across the network. For PCI DSS, it offers visibility into cardholder data environments (and what is accessing this to validate the segmentation control), which is critical for demonstrating compliance.

The tool is foundational in providing broad visibility without adding more tools and sprawl. Existing hardware using licenses that you already own, can be turned into malware detection sensors that can allow you to extend your ability to sense and detect malware and stop ransomware before it spreads. With the native integration to tie back into Identity Services Engine, it can then quarantine this traffic on the network. It does this with what you own today, to help counter the threats you face tomorrow.

Read more about Cisco Secure Network Analytics or ask your account manager to do a proof of concept, so you can see what you are not seeing, today.


William Nellis

Business Transformation Systems Engineer