55,000 incidents per year, of which hundreds involve attacks on DVB Bank SE’s security perimeter: The number of attacks on the financial sector in general has risen exponentially in recent years. And like its peers, DVB Bank SE, a financial service provider that specializes in international transport finance, is itself a target for countless cyber-attacks.
The advance of the digital transformation is spawning continual changes in network architectures. Faced with this challenge, DVB found that the regulatory landscape too is in a state of constant flux – and had to adapt its security strategy accordingly.
Having long since laid a solid virtual foundation, its journey was manageable. Robert Seidemann, Vice President Engineering & Operating Services at DVB Bank SE, has for many years trusted to the key player in the digital transformation. “As we have realigned our network and security activities, VMware has increasingly become an important strategic partner to our enterprise IT,” he says.
Comparison with conventional (physical) network and security solutions made it clear that the virtual option was not only more attractive, but would also save the bank considerably more time and money.
Seidemann and his team thus decided to deploy VMware Carbon Black Cloud™ Workload, formerly VMware AppDefense™, which provides security for DVB’s applications on the hypervisor level. Instead of merely responding to threats after the event, as in the past, the financial institution was thus able to proactively minimize potential points of attack. Carbon Black models intended application behaviors, identifies abnormal activities and combines application control with reputation appraisal (subject to central management) and extensive automation. The inherent security layer built into VMware gives the bank performance-based security.
Seidemann also tackled the micro-segmentation of the DVB network, which involves separating individual areas of the network from each other and assigning them to different protection classes. In this way, consistent guidelines can be applied to workloads across the data center, hybrid cloud and Edge infrastructure. VMware NSX® thus enabled DVB Bank SE to get away from physical firewall appliances while guaranteeing protection for each individual VM.
“During implementation, VMware’s vRealize® Network was instrumental in helping us automate the analysis of our existing communication both between VMs and with physical systems. We could then identify all necessary connections and create suitable rules before activating the distributed firewall on the VMs. The experience of going ahead with implementation and activation during live operation with no downtime whatsoever was phenomenal,” says a clearly excited Robert Seidemann.
The bottom line
Thanks to Carbon Black and the NSX service-defined firewall, none of the virtualized applications – which means almost all applications – are now left exposed to threats. Customer data and payment transactions are well protected.
“Life changed for our Security Officer too when we introduced Carbon Black,” Seidemann beams. “Instead of spending a week working through all the latest security regulations, he now has time to devote to implementing innovative projects.”