Background: Bolstering Security for a Leading Financial Institution
A prominent Korean financial institution, a major player in its sector, sought to significantly enhance its internal network security infrastructure and strengthen its IT security framework. This initiative was primarily driven by the need to comply with the Financial Supervisory Service’s (FSS) IT Protection Business Best Practices. The institution operates across its headquarters and numerous branch offices, managing a network of thousands of nodes.
Meeting Strict Regulatory & Operational Demands
The firm faced specific challenges in securing its distributed environment:
- Unauthorized Access Control: Preventing unapproved access to the internal network.
- Evolving Endpoint Security: Establishing a robust security diagnostic system for a continuously changing landscape of user operating systems.
- Infrastructure Improvement: The overarching goal was to improve the entire internal network security infrastructure.
Given that all branch traffic routed through the headquarters’ backbone, the institution required a solution that could effectively utilize the Mirror function of the headquarters’ backbone switch. Additionally, operating within an Active Directory (AD) environment, seamless AD integration was crucial, along with the ability to share AD-acquired information with other security solutions.
Solution: Genians NAC Delivers Integrated Network Control
The institution selected Genians NAC, which precisely met their stringent requirements for mirror functionality, Active Directory integration, and information sharing with other security products. The implementation focused on deploying and enforcing comprehensive NAC policies across their extensive network.
Key aspects of the Genians NAC deployment and policy enforcement included:
- Centralized IP Management: Real-time IP detection and proactive blocking of unauthorized devices across the headquarters and all branch offices.
- Unified User Authentication: Seamless integration with Active Directory to centralize user authentication.
- Mandatory Software Enforcement: Ensuring the mandatory installation of the institution’s internal essential programs on endpoints.
- Diverse Endpoint Security Management: Comprehensive security management for various user devices, including enforcing screen savers, operating system account passwords, shared folder policies, and security updates.
- Unauthorized Network Use Control: Preventing non-compliant devices or PCs from accessing the network.
- SSO Integration: Establishing Single Sign-On (SSO) authentication linkage between Genians NAC and multiple existing security products for a unified security experience.
The solution leveraged the headquarters’ backbone switch’s Mirror function, allowing Genians to gain visibility and enforce policies without disrupting the existing network architecture.
Summary: Enhanced Visibility, Streamlined Compliance, and Strengthened Security
By deploying Genian NAC, the financial institution successfully achieved enhanced visibility of its scattered IT assets across numerous branches, leading to automated management of all IT resources.
Optimized Security Infrastructure for Consistent Protection
The implementation of SSO through Genians NAC consolidated authentication processes for various individual security solutions. This significantly strengthened endpoint security through essential software installation, antivirus status checks, and Windows patch verification. The institution also gained robust control over unauthorized network usage by non-compliant devices or PCs. Ultimately, Genians NAC secured the stability and efficiency of their network infrastructure, enabling the operation of a consistent and integrated security policy framework. This comprehensive approach ensured adherence to stringent financial regulations and bolstered their overall cybersecurity posture.