In the past decade, governments and financial institutions have become increasingly targeted by criminal organizations and nation state operators who seek to extort and disrupt key societal functions (see examples from countries Martinique, Tonga, and Vanuatu, and public healthcare system UK National Health Service). Individual organizations have been exploited for financial gain and entire banking sectors have been disrupted for political or financial purposes (see examples from countries Ukraine and Taiwan, and cyber espionage group Fancy Bear). Ransomware is a key focus of regulatory bodies in adapting to the new environments, and with this, the cybersecurity regulations and guidance are being updated to adjust to the new threat landscape.

The cybersecurity resource guide was released in 2018 to assist financial institutions with sourcing best practices and third party resources for helping mitigate their exposure to cybercrime, and manage responses. This guide was updated in 2022, with the main expansion being a focus on new resources for controls and guidance around managing ransomware.

The FFIEC’s guidance to use the CISA (Cybersecurity and Infrastructure Security Agency) resources leverages their best practices as the nation’s cyber defense agency. As part of a holistic ransomware and threat defense CISA leverages PDNS as a core capability.

“Due to the centrality of DNS for cybersecurity, the Department of Defense (DoD) included DNS filtering as a requirement in its Cybersecurity Maturity Model Certification (CMMC) standard (SC.3.192). A core capability of PDNS is the ability to categorize domain names based on threat intelligence.”

One of the industry leaders in the CISA guide to ‘selecting a protective DNS service’ is Cisco Umbrella. What was once called OpenDNS is now part of Cisco Umbrella, and is a key part of a holistic security approach to defend against ransomware disrupting financial institutions. Through blocking the reach-back it can disrupt the attack chains attempt to download the ransomware package, as well as disrupt the command and control. This can help prevent malicious links from being unintentionally used by trusted insiders, and help control impacts to social engineering attacks.

Cisco Umbrella has a number of capabilities to help financial institutions meet their FFIEC (and other regulatory) requirements. These include:

  • DNS-layer Security: Cisco Umbrella provides a cloud-delivered security service that blocks malicious domains and IPs at the DNS (Domain Name System) layer. This helps prevent users from accessing phishing websites, malware-infected sites, or command and control infrastructure used by cybercriminals. By implementing DNS-layer security, a financial institution can significantly reduce the risk of data breaches and unauthorized access.
  • Secure Web Gateway: Cisco Umbrella acts as a secure web gateway by inspecting and filtering web traffic for potential threats. It can enforce granular policies to control access to specific websites or categories of websites, ensuring compliance with FFIEC guidelines regarding appropriate web usage within the financial institution’s network.
  • Threat Intelligence: Cisco Umbrella leverages threat intelligence from a vast global network, analyzing billions of internet requests and identifying emerging threats in real-time. By continuously monitoring and updating its threat intelligence, Cisco Umbrella can provide proactive protection against new and evolving threats, enhancing a financial institution’s cybersecurity posture and compliance with FFIEC requirements.
  • Cloud Application Control: Cisco Umbrella enables financial institutions to gain visibility and control over cloud applications used within their network. By enforcing policies that govern the use of cloud services, financial institutions can ensure compliance with FFIEC requirements related to data protection, privacy, and vendor management.
  • Reporting and Analytics: Cisco Umbrella provides detailed reporting and analytics capabilities, allowing financial institutions to monitor and analyze their network traffic, security events, and user behavior. This helps financial institutions meet FFIEC requirements related to audit trails, incident response, and monitoring of security events.

Cisco Umbrella fits in with the extensive Cisco security portfolio to help financial institutions protect themselves, protect their customers (and their data), and meet the regulatory requirements in doing so. Through managing the DNS vector as part of a comprehensive ransomware posture, Cisco is helping protect financial institutions.


William Nellis

Business Transformation Systems Engineer