A leading stock exchange operates one of the world’s largest securities markets in India. The exchange serves millions of investors and provides a platform for thousands of listed companies. Known for its advanced trading technology, it offers a diverse range of financial products and is home to a widely tracked market index. Its technology subsidiary develops cutting-edge solutions for the financial industry, including trading platforms, risk management, and surveillance systems.

Strengthening Security and Infrastructure with Noventiq

This project marks a pivotal moment in the Indian stock exchange landscape. An initiative by the Government of India, the broker platform has been designed as a critical fallback mechanism to safeguard investor interests. Even in the face of primary exchange failures, the platform ensures uninterrupted trading and allows investors to close open positions, safeguarding them from losing their money.

As a high-stakes initiative involving sensitive customer data and multiple stakeholders, including all major Indian stock exchanges, the project demanded exceptional execution. The technology arm of the leading stock exchange spearheaded this endeavor, entrusting Noventiq with the development and management of this broker platform.

In addition, the stock exchange recognized the imperative to evolve its infrastructure to meet the increasing demands of a dynamic market. This necessitated a highly adaptable and secure infrastructure capable of scaling rapidly to meet customer demands within a fraction of the time.

For this project, there was a strategic need to establish seamless and secure private connections with multiple stock exchanges to send multicast traffic over Direct Connect connections to update real-time values of securities parameters and prevent time lags. The application’s functionality needed both unicast and multicast communication types to support varied data transmission requirements.

Implementing robust access mechanisms for both internal employees and external users was another priority. Furthermore, ensuring that instances were protected from malware and inspecting traffic from both the internet and internal networks was essential. Lastly, the SOC team required continuous monitoring of incidents and the overall system health to maintain operational integrity.

In addition to deploying the secure AWS environment, Noventiq has also developed a comprehensive managed security service plan for their AWS environment. Our solution prioritizes infrastructure security and reliability through strategic planning, and ongoing management.

The security solution revolves around the following key pillars:

  • Noventiq has established a secure and scalable infrastructure using AWS Landing Zone and Control Tower, implementing multiple security Guardrails.
  • Centralized identity and access management (IAM) has been ensured through a robust authentication mechanism using a Privileged Access Management (PAM) solution and AWS Directory Services.
  • Access to AWS components has been restricted via role-based policies on the PAM solution, with secure connectivity provided through VPN connections authenticated with external identity sources and multi-factor authentication.
  • Service Control Policies (SCPs) enforce security restrictions, such as encrypted disks and prevent disabling of necessary logs.
  • To protect against cyber-attacks and web traffic threats, robust perimeter security via multiple third-party firewalls has been implemented.
  • Additionally, a SaaS-based Web Application Firewall has been deployed for protection against DDoS and OWASP Top 10 attacks, utilizing behavior-based and machine learning-driven web traffic inspection.
  • Advanced threat protection has been configured with anti-malware and XDR policies, with agents dynamically deployed on new instances.
  • Continuous monitoring by the Security Operation Center (SOC) has been established, utilizing robust correlation rules and automated malicious activity prevention via Security Orchestration, Automation, and Response (XSOAR) playbooks.
  • Security misconfigurations are being prevented using market-leading SEBI Security Posture Management services, ensuring continuous posture assessment.
  • Furthermore, vulnerability assessments and penetration testing are being conducted regularly to validate infrastructure and application security.

Managed Security Services

In addition to keeping the environment secure, Noventiq is providing ongoing managed security services to ensure the continuous operation and optimization of the exchange’s AWS environment. As mentioned above, continuous 24/7 SOC monitoring is being provided to quickly identify and respond to potential threats, while automated incident response playbooks are being used to address security incidents promptly and effectively. Regular security updates and patch deployments are taken care of by the Noventiq team to maintain the integrity of the infrastructure. The performance of AWS resources is continuously monitored and optimized to ensure high availability and reliability. Additionally, a dedicated SPOC has been provided to address any issues or concerns promptly, ensuring smooth operations.

Benefits for the customer

Enhanced Security

The implemented solution offers several advantages. Centralized and controlled AWS console access, coupled with two layers of authentication along with centralized identity management, enhances security and access control. Role-based privileged access management strengthens security by limiting access to authorized personnel only. AWS services like Application Load Balancer, Access Logs, and AWS VPC Flow Logs provide detailed traffic analysis and monitoring, while AWS CloudTrail and AWS Config provide granular visibility into account activity and resource configurations, for informed decision-making.

Threat protection has been ensured through measures such as threat inspection and Layer 3 and Layer 7 DDoS protection. Further, preemptive web attack protection is there for the AWS infrastructure, and automatic malware protection has been ensured for dynamically created instances. Additionally, by employing services like Amazon GuardDuty, AWS Security Hub, and Amazon Inspector, we proactively identify and address vulnerabilities to ensure protection for sensitive data and fix vulnerabilities in the platform infrastructure deployed on AWS.

Data security has been prioritized through encrypting block storage volumes and restricting AWS region usage to Mumbai. This has been done to ensure the protection of sensitive information and reduce risk exposure.

Amazon Route 53, AWS Key Management Service (KMS), AWS Secrets Manager, and AWS Directory Service for EC2 collectively optimize DNS management, encryption, secret storage, and secure access control, contributing to infrastructure resilience.

Operational Excellence with Secure Access

AWS Lambda is being used for serverless automation tasks. SNS, and SES streamline notifications and messaging, while Amazon CloudWatch offers real-time monitoring for issue resolution.

AWS Direct Connect establishes a dedicated, high-speed network connection, enhancing data transfer security and reliability between on-premises and cloud environments.

Moreover, secure management access has been ensured via VPN tunnels. This streamlines infrastructure management while preserving security.

Compliance and Governance

Adherence and compliance to SEBI regulated Cloud Adoption Framework (CAF) and AWS best practices, including Landing Zone management and strong password policies, has strengthened the overall security posture. Continuous monitoring through 24/7 SOC surveillance and organizational controls via globally recognized third-party SIEM and XSOAR maintain a high level of security and compliance.

Conclusion

The project has enhanced investor protection, strengthened market resilience, and showcased Noventiq’s capabilities in executing complex, high-stakes IT initiatives. The stock exchange has successfully addressed its challenges, ensuring a secure, scalable, and robust infrastructure to support its essential role in growth of India’s financial ecosystem.

By delivering a robust failover platform and demonstrating successful collaboration with multiple stakeholders, Noventiq solidified its position as a trusted partner in the financial services industry.