DDoS Detection, Mitigation, Orchestration, and Threat Intelligence
Consolidated Security & CGNAT
TLS/SSL Inspection
Web Application Firewall
Application Security & Load Balancing
Analytics & Management
CGNAT & IPv6 Migration
The EU’s Network and Information Systems Directive 2 (NIS2) for cybersecurity resilience entered full enforcement in October 2024, and compliance with its requirements presents major challenges for many companies, particularly those in the financial services sector. And while most IT leaders are confident of achieving NIS2 compliance, they also acknowledge that this cybersecurity directive has exacerbated existing challenges such as resource constraints and skills gaps. Adding to this challenge, the Digital Operational Resilience Act (DORA) comes into force in January 2025, which is fully focused on the financial sector and aims to help organizations build operational resilience into their critical business systems by demanding higher levels of visibility, control, monitoring and reporting.
Both regulations have been implemented because of growing threats. However, even with the most advanced threat detection and prevention technologies in place, no environment can be 100 percent protected. After all, a security environment must succeed every single time, but an attacker needs to succeed only once. Unfortunately, the aftermath of an attack can be devastating – with data breaches, financial loss and reputational damage all contributing to the fallout.
DDoS attack frequency surged in the first half of 2024, with a significant increase in sophisticated application-layer attacks driven by hacktivist activities targeting global networks. Critical infrastructure sectors, including financial services and public utilities, faced a 55 percent increase in multi-vector DDoS attacks over four years, threatening essential services. Financial institutions are under constant threat due to the types of data they hold. Personal data as well as payment and bank account details are the most highly sought-after by cybercrime gangs. Therefore, financial institutions must look at how they build protection into their systems and how they can create more resilience in their critical application systems.
A10 Networks is a trusted provider to the financial industry, with a strong portfolio of solutions designed to smooth the path to regulatory compliance. Building resilience, managing risk and simplifying accurate, real-time reporting are in our DNA. Our portfolio of security solutions such SSL/TLS inspection, load-balancing and next-generation web application firewalls and DDoS protection align with key regulatory requirements and combine to protect customer data and corporate reputations against malicious disruption and regulatory risk. Below are a few examples of how we do this.
Encrypting sensitive data is essential for keeping it safe in transit and at rest. Indeed, 95 percent of all internet traffic is now encrypted, and having a robust encryption strategy is a cornerstone of compliance with regulations. Using appropriate data encryption is a specific requirement under Article 21 of NIS2, where the focus is also on the security and resilience of infrastructure, as well as protecting personally identifiable information (PII).
However, malicious actors are also leveraging encryption. Almost half of all malware attacks now use encryption to evade detection by security tools and extract data. Their efforts are growing more sophisticated as computers become more powerful, resulting in an encryption blind spot. This gives organizations a dual challenge. They need an encryption strategy that securely encrypts their own data to the required standard, and an inspection capability powerful enough to give full visibility into encrypted threats seeking to bypass security tools.
Financial institutions must implement solutions that decrypt TLS/SSL traffic and allow their full stack of security products to inspect the data. The TLS/SSL solution must be capable of handling large and exponentially growing volumes of encrypted traffic to ensure that decryption and inspection doesn’t impact network performance and customer experience. It must also be compliant with privacy and other regulatory requirements such as PCI-DSS and be capable of being tuned to selectively bypass sensitive traffic. A10 Thunder SSL Insight solution can help decrypt traffic into plain text, enabling it to understand who has initiated the request, where they are located and what they wish to access. Based on this, the solution directs the data to the appropriate security appliance. Once cleared, A10’s solution re-encrypts data to the required level and the request continues to its destination.
Additionally, network and system monitoring and incident reporting are key focus areas for NIS2 and DORA. A10 Thunder ADC delivers centralized network visibility, event monitoring and alerting, enabling security teams to meet the regulations’ strict time-dependent reporting requirements.
A10’s web application firewalls (WAFs) are central to NIS2 and DORA compliance. They provide the defense financial services companies need to guarantee that their applications are secure and always available, and that operational integrity is maintained. However, traditional WAFs are difficult to manage and maintain. They generate large volumes of false positives, putting a heavy burden on security teams forced to spend time chasing non-existent threats and potentially missing genuine issues. Thunder ADC with A10 Next Gen WAF, powered by Fastly, resolves these challenges and supports compliance. A10 Next Gen WAF can be deployed to full functionality in hours and its intuitive user interface and simple rule builders mean little expertise is needed for ongoing management. Its token-based approach to attack detection is more accurate than rules or static signatures and requires very little tuning or maintenance.
A10 also continues to broaden its cybersecurity solution portfolio, it has focused on expanding capabilities to meet large enterprise requirements for mitigating multi-vector and volumetric DDoS threats. This capability complements existing A10 Defend on-premises DDoS protection with the ability to mitigate large volumetric attacks in the cloud, adding enhanced protection against attacks that exceed the size of internet links or on-premises capacity.
Today, the world is becoming increasingly uncertain, and as risks proliferate, IT leaders in financial institutions must look beyond simply protecting their critical application systems to make them highly available, more robust and resilient. If you are interested in understanding more about how the A10 Networks portfolio of security solutions can help meet compliance requirements like NIS2 and DORA download our eBook.
