Banking and Financial Services
Top Bank Complies with EU’s DORA
After implementing MazeBolt RADAR™, a global, European bank was able to meet the compliance requirements for the DORA and EBA regulations.
The Challenge
A large, European bank was looking for a DDoS vulnerability testing and validation solution that could help them meet the Digital Operational Resilience Act (DORA) and European Banking Authority (EBA) compliance requirements. It was crucial for them to ensure the business continuity of their online and mobile banking services, which serve as their main channel for all customer-related services.
Key Takeaways
Customer Challenges
- Meet DORA and EBA compliance requirements
- Ensure business continuity of online and mobile banking services
Our Impact
- Improving automated DDoS protection by up to 2X
- No downtime for any critical online services
- Access to the necessary data and reporting for DORA compliance
- Time savings for the SOC and IR teams
- Reduced cyber insurance costs
Our Solution
MazeBolt RADAR was quickly deployed in parallel to the bank’s existing DDoS protection solution, so that it could deliver continuous visibility of DDoS vulnerabilities across all online services.
Even when different DDoS protection services were deployed by different branches, RADAR was able to clearly identify vulnerabilities– allowing the protection vendors to quickly remediate the high-risk vulnerabilities, and re-test them to validate that the fix was performed properly.
This entire process had no impact on ongoing operations. In addition, RADAR delivered prioritized reports to multiple teams across its many locations. Overall exposure to DDoS attacks that bypass protection layers, mostly related to layers 3, 4, and 7, as well as SSL DDoS attack vectors, was reduced from an initial vulnerability of 43% to under 4%.
Understand Your DDoS Risk
Without RADAR
No Visibility
RADAR Deployed
Initial Protection Status
Continuous Simulations
Protection Enabled By RADAR
Customer Benefits
MazeBolt RADAR exceeded all the requirements defined by the customer:
| Customer Requirement | MazeBolt Solution |
|---|---|
| Preliminary analysis, in the context of anti-DDoS tests, to identify the functionality and limits of services and tools used in the simulation of DDoS attacks | MazeBolt conducted a preliminary DDoS simulation of 10% of the customer’s attack surface. This initial test identified significant vulnerabilities in all of the customer’s DDoS protection layers. Based on the preliminary results, it was decided to expand the simulation to all critical services. |
| Definition and formalization of DDoS Vulnerability Management activities, to guarantee anti-DDoS tests are carried out both now and in the coming years – as per the regulations | MazeBolt methodology provides the customer with an ongoing testing and simulation service that operates continuously, with no disruption. The service runs automatically, based on an agreed plan, to ensure tests are carried out now and in the future. |
| Replication of the range of types of malicious traffic, that are perpetrated by known threat actors operating in the financial sector such asK Killnet, NoName057(16), Anonymous Sudan, and Mysterious Team Bangladesh | MazeBolt provides coverage of over 150 DDoS attack vectors from layers 3,4 and 7. Our research team adds new attack vectors (AV) on a quarterly basis – based on the threats that are seen in the wild and used by known threat actors. |
| Verification of how the combination of different multi-layered defense mechanisms work together to mitigate DDoS attacks | MazeBolt’s product architecture is designed to analyze hybrid, multi-layered DDoS mitigation solutions in parallel. For example, when tested against a specific AV, the result covered the vulnerability analysis of each layer: CDN, scrubbing centers, on-prem. defense, WAF, etc. |
| Development of a detailed plan for executing anti-DDoS testing activities, including a risk assessment of the execution | MazeBolt follows the Gartner CTEM framework, which includes: mapping the attack surface, testing continuously, prioritization, remediation and validation. RADAR’s continuous workflow and validation reduces the risk of partial execution. |
| Identifying the team and the specific individuals who are responsible for the anti-DDoS testing process (as part of the planning phase) | MazeBolt assigned a Solution Architect and Technical Account Manager who worked directly with the customer, as well as with the teams from the mitigation vendors. Together, they built a RADAR DDoS program that defined ongoing testing, remediation, and validation activities. |
| Risk mitigation measures aimed at reducing possible impacts caused by the execution of the test must be defined (as part of the planning phase) | MazeBolt’s RADAR is an enterprise-grade patented, non-disruptive DDoS testing and simulation solution. It runs DDoS simulations with no interruption to business continuity i.e. with no maintenance windows and zero downtime. |
| Asset owners must be involved in selecting a date and time for executing the test | MazeBolt customers can run RADAR continuously. RADAR includes an automated scheduler where customers define when to run the simulations. A date and time stamp appears on all results produced by RADAR. |
| Definition of the scenarios that should be tested and the malicious traffic techniques that should be replicated | MazeBolt’s knowledgebase covers all known attack vectors (over 150). The exact rate of the testing is customized after a system functional test in the customer’s production environment. See: https://kb.mazebolt.com |
| Tests must include at least: 1. A volumetric DDoS attack aimed at the network infrastructure 2. A targeted attack on the Internet Banking production Perimeter | Volumetric testing of the network infrastructure can be scheduled at regular intervals and is mainly aimed at testing the response teams (and not necessarily the protection equipment). Tests are conducted in a production environment using volumes that trigger DDoS protection mechanisms, while being nondisruptive. Test results are the only accurate way to identify all vulnerabilities across all public-facing IPs. |
| Development of a remediation plan, that is shared with the ICT Governance and Security Governance functions | MazeBolt’s remediation report is an integral part of the RADAR solution. Vulnerabilities found in the protection solutions can be fixed and validated in every testing cycle. |
| Production of a report that contains: 1. All evidence regarding the identification and mitigation of cyber events 2. Details of the approach that was followed 3. Findings and observations 4. Advice recommending areas for improvement in terms of technological, policy and procedural controls | MazeBolt’s RADAR Vendor Report is used by the customer and the mitigation vendors. It includes detailed findings of all protected and vulnerable targets, along with a detailed scope of any additional environments, targets, and systems that should be covered. |
| Drafting of a final report (executive summary) that reports the main findings of the test, to be shared with the CIO and CISO | MazeBolt’s RADAR Executive Report is generated to cover the main findings, progress, and recommendations. These reports are presented to senior management and, in some cases, is shared with board members. |
| Integration of specific vulnerabilities identified during test execution into the tracking platform – and their assignment to an owner for resolution | MazeBolt RADAR includes SIEM integration via Syslog and it can send all or filtered results to the integrated system. |
MazeBolt RADAR helps us reduce the risk of DDoS attack while ensuring business continuity. MazeBolt provides us with critical DDoS insights.
