Application Protection

Protecting SWIFT Application Stacks
Reduce exposed SWIFT attack surfaces and tightly control Alliance component communications
More sophisticated attacks require more granular security controls

In recent years, reports of cyber attacks and fraud utilizing or compromising SWIFT applications have increased significantly. In 2016, the Bangladesh Central Bank and the New York Federal Reserve were involved in a cyber heist that netted $101 million - most of which has not been recovered. An additional $850 million would likely have been stolen if a typo in one of the transactions had not been noticed and questioned. Other attacks on the SWIFT network have since been reported in Vietnam, Ecuador, and Ukraine, though the majority of banks and countries affected by the dozens of breaches being investigated have not been made public.

Attacks on payment systems, including SWIFT, are nothing new. Financial institutions have been combatting fraud and theft since day one and attackers have kept pace with changing technologies to exploit vulnerabilities wherever they exist.

A few years ago, the strategy of choice for attackers was to compromise a user’s computer and then submit fraudulent financial transactions “as the user.” This drove the prevalence of banking malware and remote access trojans (RATs) that were a primary concern for financial institutions. And although these strategies still exist and are a threat to individuals, businesses, and banks, awareness of these threats has led to better safeguards and a lowered success rate for criminals.

Not ones to back down from a challenge, attackers began shifting their attacks from the user endpoints to the applications and networks that drive the banking systems themselves. As attacks moved “down the stack” to the core application components, the need for inter-component visibility and policy control has become increasingly necessary.

SWIFT recently released their Customer Security Programme which provides guidance for improving security protections around the Swift Alliance Software or any custom applications which interact with the SWIFT network. Although the guidance is a step in the right direction, actually securing a SWIFT application stack can be easier said than done as many components of SWIFT applications are typically legacy physical systems which don’t support newer security software, don’t receive security updates, and often exist in data centers struggling to adapt to new security protocols themselves.

The vArmour Solution

vArmour designed the industry’s first distributed security system built entirely in software to provide granular, Layer 7 security controls across physical, virtual, cloud, and container infrastructures. With an agentless architecture, vArmour enables application owners and operators to embed security functions without impacting the operation of the applications. For SWIFT, this means protecting each component of the application stack individually as well as holistically.

Figure: SWIFT Alliance Software Architecture

vArmour’s microsegmentation capabilities enable the deployment of policies around individual workloads, providing far more granular control than perimeter-based solutions.

Infrastructure Agnostic

Supporting the heterogeneous environments that exist across nearly all organizations, the vArmour DSS Distributed Security System can be seamlessly deployed across physical, virtual, cloud, and container infrastructures.

Layer 7 policies

Providing far greater policy controls than basic Layer 4 solutions, the vArmour DSS delivers full Layer 7 policy capabilities so that applications can be secured without the guesswork of implementing security only at Layer 4.

  • Reduce exposed SWIFT attack surfaces by deploying fine-grained Layer 7 microsegmentation around and in between the various components of the Alliance software stack or custom SWIFT integrations
  • Deploy best practice approaches for SWIFT application security including environmental separation, microsegmentation, and Layer 7 policy controls
  • Layer 7 monitoring of all communications ensures workloads continue to operate as expected and any unexpected activity can be investigated easily