Unpatched VPNs Present Existential Risk

Recently, Finastra was hit with ransomware attacks and was forced to shut down a number of its products and services over the weekend. According to initial reports, the attacks may have been facilitated by the use of unpatched VPNs with known vulnerability issues.

While Finastra has not released the full details and scope of the breach, they have notified customers that they were forced to take a number of their servers offline to neutralize the threat.

The news of such a large and well-respected firm such as Finastra falling prey to an attack like this can have many thinking about their own security posture. Do we have unpatched VPNs? Do nefarious actors have the ability to move laterally once inside of our perimeter-based security? Can we globally monitor all connections in real-time to know the moment anomalous activity is occurring?

Finastra’s troubles highlight the importance of updating the legacy network architectures many fintech providers are built upon.

As the connectivity solution connecting fintech applications to financial services institutions, Trustgrid has built a platform that is designed for maximum security and compliance. From the beginning, security and compliance have been treated as first class citizens and are baked into every element of the Trustgrid Data Mesh Platform.

Let’s look at a few of the most important features:

Automated Patching and Updating. Unlike VPN connections all Trustgrid-enabled connections between fintech applications and FIs can be patched simultaneously during scheduled maintenance windows. This ensures that all connections are continuously compliant and have the latest security patches without the time consuming burden of patching each connection individually. 

Zero Trust. An inherent block is placed on all traffic that does not originate from a known application or data source. Certificate-based authentication ensures that each resource is known and trusted. This can limit the blast radius of a breach by eliminating the ability for bad actors to spread laterally if a single resource is compromised.

Role-Based Access Controls. Access to the network control plane is locked down by user. User’s permissions can be granularly defined to allow least privileged access based on a users role. All user activity is logged and audited.

Centralized logging. All network access and change events are logged in the Trustgrid portal. These logs can be searched from within the portal or shared with 3rd party security tools for deeper real-time inspection via API.

Centralized Monitoring and Alerting. Through the Trustgrid Management Portal, traffic flows and status of all connections can be monitored. Thresholds can be set to alert administrators to anomalous traffic activity. Should something fall out of the pre-defined thresholds, alerts can be sent via Slack, Teams, Pager Duty or SMS.

Remote On/Off Switch. Should a breach ever occur, individual connections can be easily disabled and re-enabled without being connected to the network. All network and policy settings are stored so that traffic can be instantly reinstated once the threat has been mitigated.

As threats have become more sophisticated, connectivity solutions must keep pace. Unpatched VPNs, continuing to use perimeter-based solutions and limited access controls not only put your application and reputation at risk, but can mean downtime for your customers should the worst occur.

Managing legacy networking infrastructure and wondering if there is a better approach? 

Learn more by reading our white paper: Connecting Appliations to Community Banks and Credit Unions