The financial network protection action is timely, Ruijie helps large state-owned banks find the correct way to conduct "physical examinations"!

With the continuous improvement of informatization construction and the rapid development of technologies such as big data, the Internet of Things, and cloud computing, the importance of network security has become increasingly prominent, and the tentacles of cyber attacks have also extended from general enterprises to some key areas of the country. Therefore, regular network protection work has become a necessary defense measure for the financial industry. Through the form of attack and defense drills, it turns passivity into initiative, improves the overall network security protection capabilities of the financial industry, and better protects information security. In March 2021, the financial industry network protection action was fully launched. Ruijie Networks was the first to receive network protection needs from two large state-owned bank customers . This action focused on the stable operation of the network. After a preliminary evaluation by the service team, it was found that this time's network protection work was more challenging than in the past:

[[437296]]

Challenge 1

In addition to their headquarters, the two banks also have many branches across the country. The large number and different situations in different places make the network protection work more arduous and difficult, requiring a large amount of manpower, energy and time to complete.

Challenge 2

In addition to its office network, one of the banks has also deployed guest Wi-Fi in more than 30 outlets across the country, which is mainly used to provide Internet access and financial services to the public. It is more vulnerable to attacks and has a higher level of protection.

Challenge 3

Banks use a variety of software systems, which are more likely to be attacked. The need to ensure the orderly development of business and prevent attacks has undoubtedly increased the difficulty of this network protection work.

Based on this, Ruijie Financial Services Team immediately formed a special network protection team within the company. The team has 13 members, covering multiple front-line and second-line departments. They are from switching, router, wireless and other product departments and financial services teams, as well as members of the quality department and security service team. In order to ensure the smooth implementation of this action, all departments worked closely together and divided the network protection work into three stages .

Prevention is better than cure: Safety prediction

Early security prediction is the most critical action. Without a clear analysis of the current situation, it is difficult to provide guidance for subsequent security reinforcement and other work. This stage of the project alone lasted nearly half a month.

Led by security product representatives, a special task force will coordinate and first classify the current network vulnerabilities of the two banks as high-risk/low-risk, thereby determining the corresponding processing time and forming a preliminary processing model for financial industry security services.

At the same time, the special team did a lot of preliminary analysis work. Since the products used by the customer involved multiple product lines within Ruijie, they not only conducted penetration checks on the product’s own vulnerabilities and risks, but also went to the customer’s site to investigate the current network situation and understand the network architecture of the two banks’ business scenarios, including the overall solution, the number of equipment models used, the distribution of equipment... and then conducted a comprehensive analysis based on the business and traffic of the entire network to output a comprehensive security prediction.

[[437297]]

Ruijie Network Protection Special Team organizes preliminary meetings at the customer site

In view of the special circumstances of the two banks, the project also made targeted treatments: risk identification was carried out for the wireless product vulnerabilities, existing network architecture, and operation and maintenance management of the head office of one of the banks, and the hidden dangers of the products that have been shortlisted for the bank and its application scenarios in each branch were analyzed. A total of 20 problems were identified, optimized, and reinforced, and 9 historical product vulnerabilities were repaired ; for another bank customer, the focus was on security identification of external guest wireless networks, reinforcement identification of the core backbone system at the head office, and the hidden dangers of terminal products at more than 30 branches across the country were collected to prevent external hidden attack risks. A total of 30 compliance inspections were issued to reinforce guidance, and 16 historical product vulnerabilities were repaired . It is worth mentioning that no problems occurred during the 14-day network protection process .

On-site support and safety reinforcement

According to the prediction results, Ruijie's network protection team tailored a reinforcement plan for the two customers, and the plan can only be implemented through professional application. To this end, Ruijie sent a dedicated service manager to the headquarters of the two banks and the provincial branches of one of the banks to apply and guide security reinforcement to ensure the smooth implementation of security reinforcement . At the same time, the special team output documents such as "Product Security Configuration Baseline" and "Product Baseline Version Vulnerability Correction Guide" as professional guidance and suggestions for each branch.

[[437298]]

On-site testing after customer site security reinforcement

Comprehensive containment and safe disposal

The key to security handling is "speed": quick handling of product safety risks, rapid recovery of key equipment... Ruijie Financial Network Protection Special Team took quick action to fix more than 5 0-day vulnerabilities , responded to customer emergencies and handled more than 20 vulnerabilities . At the same time, it iterated the system version for repair more than 8 times in the systemic emergency of one of the banks, accounting for 60% of the system iterations and launches throughout the year.

In this network protection operation, Ruijie Networks adhered to the customer-centric service concept and ensured customers' network security with its proactive response attitude, agile execution and professional service level. It output more than 30 documents on security self-inspection, self-inspection vulnerability repair, special response, etc. to facilitate customers' future security precautions. At the same time, it participated in the formulation of network security standards, making security defense a normal practice and winning unanimous praise from customers.

In order to plan ahead and prepare for the future, Ruijie Networks will continue to refine and optimize its service model to ensure stable network operation for more financial customers!