Securing Legacy IT Systems from Modern Application Threats in the Financial Sector

The rhetoric surrounding mainframes and their uses in modern enterprises tends to be largely negative. Mainframes are seen by many as outdated legacy IT systems that are, or will be, obsolete in the near future as businesses increasingly move to the cloud.

However, these notions are one-sided. The reality is that mainframe computing remains alive and well within many infrastructure-critical industries, including some of the largest organizations in the world. It’s reported that 71 percent of Fortune 500 companies still run much of their core business on a mainframe. And for a number of reasons, reliance on these “legacy” IT systems remains particularly strong in the financial services sector, with 92 percent of the top 100 banks continuing to use mainframe computing.

Why Financial Services Firms Rely on Legacy IT Systems

The primary reason mainframes remain a critical part of financial enterprise data centers is due to the considerable processing power they possess.74 percent of IT professionals say the use of mainframe computing is very important for large-scale transaction processing on mission-critical applications. This is important because banks need to be able to process high volumes of transactions quickly and accurately tin order o track and report on the movement of often highly volatile financial accounts. Additionally, mainframes perform analytics on marketplace and user trends, provide mobile and cloud support, and monitor for signs of fraudulent activity.

As consumers increasingly perform financial transactions such as deposits, and transfers from their mobile devices, the processing power, terabytes of RAM, and limited downtime provided by mainframes are necessary to properly execute and store the high volume of requests and data received.

Security and compliance are also key factors contributing to the continuing use of mainframes in financial services. These machines have long been considered impregnable data storage centers because of how isolated they have traditionally been from outside threats, as they historically were not exposed to external traffic. This isolation has also been beneficial for compliance – especially PCI compliance – as data has been stored in one isolated location within the protected network.

However, this is beginning to change as mobile web applications and IoT functionality become increasingly necessary to competitive consumer offerings from banks and other financial institutions. Digital transformation, mobile device use, and the IoT have given way to the connected mainframe. This includes mainframes integrated with mobile applications, APIs, and other modifiers to give consumers increased access to their data. Moving forward, as applications continue to gain increased access to mainframes and their data, financial services firms will have to incorporate further security measures at the application layer in order to ensure that vulnerabilities exploited by internet and application-based attacks are mitigated. 

Mainframe Data Security Threats

Today, there are a couple of core cyber threats that use applications as their attack vector to gain network and data center access.

• Application DDoS attacks: Distributed denial of service (DDoS) attacks have traditionally occurred at the network layer. These attacks pose as legitimate application traffic, but can leverage a few megabits of packets to do as much harm as an attack requiring hundreds of gigabytes. DDoS attacks are also easily scaled using compromised IoT devices formed into botnets.
• Vulnerable applications: It is impossible to write perfectly secure code; therefore, it’s impossible to know whether all applications operating within your system are secure. Vulnerable code and the zero-day exploits that exploit them are top attack vectors for cybercriminals. Exploiting application vulnerabilities with common attacks such as cross-site scripting and SQL injections provide cybercriminals with easy access to data stored on mainframes or elsewhere in the data center.

Ensuring Data Center Security in Financial Services Firms

Financial services firms have to implement security controls that go beyond the signature-based detection of firewalls to protect themselves from advanced persistent threats at the application layer and beyond, while securing confidential business and consumer information stored on mainframes. These security controls include web application firewalls, DDoS attack mitigation appliances, and encryption with advanced application delivery controllers (ADCs). Fortinet offers comprehensive Application Security to ensure data center and mainframe protection from internet-based attacks at the application layer as well as from advanced threats that utilize multi-vector attacks and advanced detection evasion techniques.

Protecting the Data Center at the Application Layer

• Web Application Firewalls (WAFs) go beyond traditional signature detection to deeply inspect every application in your data center to determine what normal application behavior looks like. From this baseline, the WAF is able to identify unusual application behaviors, such as DDoS attacks, cross-site scripting, SQL injection, and more to determine when an attack is occurring and what steps need to be taken to stop it.
• FortiDDoS protects against bulk volumetric attacks, as well as smaller, more difficult to detect layer seven application attacks. Application layer attacks can use small traffic volumes to appear completely normal to most traditional DDoS detection methods, making them much harder to detect than other types of DDoS attacks. FortiDDoS not only detects these attacks but then uses sophisticated filtering to remove network and application layer DDoS attacks while still allowing legitimate traffic to continue through.
• Today’s users and consumers demand a highly responsive mobile experience, and are not patient when applications do not respond immediately. However, with the bulk of mobile traffic now encrypted using SSL, which requires additional processing power, many network devices struggle to keep up with demand. Application delivery controllers (ADCs) absorb SSL traffic from the servers, resulting in reduced response rates for end users, allowing organizations to scale secure applications up to 100 times. 

Each of these components of Fortinet’s Application Protection suite can be fully integrated into the Fortinet Security Fabric to provide end-to-end protection across your applications and network. With the Security Fabric in place, these application layer security controls share security updates with each other in real-time while receiving the latest threat intelligence from FortiGuard Labs to provide effective protection against the newest application layer attacks and advanced persistent threats. In addition, integration within the Security Fabric provides actionable insights through automated tools, single pane of glass management, and simplified scalability.

Final Thoughts

Mainframes have proven themselves to be a critical technology for financial services organizations due to their unparalleled processing power, and for the time being, they are here to stay. However, as networks continue to evolve though their digital transformation efforts, these platforms are becoming increasingly connected, meaning they are no longer isolated from internet-based attacks. As a result, threats that were once common only for traditional web applications are now becoming common for mainframes and data centers as well.

In order to continue to evolve technology to meet consumer demands while also maintaining data security and compliance, financial services firms need to adopt robust application security in order to protect valuable data stored on their connected mainframes.