Security

Shielding the CBS

Syndicate Bank is using Fortinet’s UTM appliances to secure its core banking application both at the core of its banking network and at the gateway. By Abhinav Singh

Security is an important concern for a bank as it has to protect customer data at all costs. Syndicate Bank’s core banking solution (FLEXCUBE) links about 1,500 branches across the country. The bank had also kicked off an initiative to bring its non-networked branches into the web of its core banking initiative and therefore securing its network became imperative. This propelled the bank towards adopting an integrated security approach by deploying an Unified Threat Management (UTM) appliance from Fortinet Inc.

Standalone systems didn’t cut it

Prior to going in for an UTM appliance from Fortinet, the bank was using standalone systems from Cisco and others, which were difficult to manage and expensive to maintain. Atul Kumar, Assistant General Manager, IT, Syndicate Bank said, “Being a bank we cannot compromise on security and we had different standalone systems from different vendors both at the edge as well as the core of the network. There were separate firewall, Intrusion Prevention (IPS) and Intrusion Detection (IDS) systems that had been deployed by the bank as part of its security measures. Running different security boxes and having different SLAs for each box was a logistical nightmare to manage. Additionally we had to maintain additional staff to manage the various security boxes and that came at a cost.” The bank was facing the challenge of dealing with multiple annual maintenance contracts, patches (virus signature upgrades), upgrades (versions) and subscription services of standalone security products added to the complexity of managing standalone security devices.

Syndicate Bank’s operations had been burgeoning with the success of its core banking initiative and it found that standalone systems were not sufficient to deal with viruses, Trojans and other emerging threats. The bank wanted to go in for an integrated solution that required low manageability while at the same time it wanted to avoid compromising security of its networks and the core application. At the same time the bank also wanted retain the standalone systems to act as an extra layer of security.

Zeroing in on Fortinet

The bank underwent a through evaluation exercise wherein it evaluated solutions from the likes of Cisco, Check Point and Fortinet before closing in on the latter. Kumar said, “The reason that we chose Fortinet was because there was perfect interoperability in the functions such as IDS, IPS and

anti-virus in Fortinet’s boxes. Additionally due to the blade-like architecture of UTM, it is easier to upgrade the system without facing any issues.” Wipro Infotech, which was the system integrator for the bank’s project, executed it in about six months. The solution has been deployed at the bank’s data center and disaster recovery site. Syndicate Bank has gone ahead with Fortinet’s 5020 series UTM appliance to secure its core banking application. It has used four units of FortiGate-5020 ATCA compliant multi-threat security systems, four units of FortiGate 5001 blades and one unit of FortiManager 400. The bank is using UTM appliances both at the gateway as well as the core of its banking network.

Easier manageability with UTM

The bank found the throughput of the UTM boxes to be good and that there was perfect interoperability between different functions in the UTM box. Moreover it was easy to upgrade and add modules to a UTM box unlike the case with the standalone systems where it was a challenge to add new modules. Four UTM boxes secure the bank’s core banking system at its data center in Mumbai and at its DR site. Kumar explained, “The cost of managing the system is now a third of what it used to be earlier.” However, the bank has not done away with its standalone systems and they have been deployed at less critical zones with the core of the network now being handled by UTM boxes. Syndicate Bank was mainly concerned about the protection of its mission-critical applications and not concerned with RoI. Kumar explained, “Investment in security solutions are never measured in terms of RoI for a bank but maintaining the faith of its customers by securing their transactions and assets was more important.”

In the aftermath of the UTM deployment, the bank has a platform that minimizes administrative effort for deployment, configuration, monitoring and maintenance of the full range of network protection services. The deployment has provided it with an array of essential security applications and services, including firewall, anti-virus, VPN, intrusion prevention, Web content filtering, anti-Spam, Instant Messaging (IM) and Peer-to-Peer (P2P) controls as well as traffic shaping. Fortinet also provides constant update on the latest threats to the bank through its subscription services for the FortiGate series. The integrated solution supports functions such as encryption and compression, something that is quite complicated to implement otherwise. It has been found that the UTM boxes have the capability to do deep packet inspection (look inside e-mail attachments, downloads and the like), thereby shielding a bank’s network and systems from content-level threats and ensuring secure content-level management.

Many security devices apply checks to less than half of the available bandwidth through the appliance. As the amount and types of traffic continues to increase in the enterprise network, these appliances will needed to support higher packet volumes as well as dig deeper into application-level protocols. Kumar said, “Since we are a bank and security is of utmost importance we did not completely do away with the standalone systems and have decided to continue with them but in less critical areas.”

After UTM

After the successful deployment of UTM appliances from Fortinet the Syndicate Bank plans to go a step further with its security initiatives by implementing an identity management solution for its employees, customers and mission-critical applications. The bank is evaluating solutions from IBM, Oracle and CA and plans to go live by March 2008.

abhinav.singh@expressindia.com