Fortifying Security for a Financial Advisory Leader with Noventiq’s Managed Security Services for AWS

As the financial services customer expanded operations, their existing infrastructure needed to be strengthened to keep up with the growing demand. Scalability and effective resource allocation became critical imperative. Moreover, stringent security and compliance requirements necessitated a robust cloud and security framework capable of addressing operational challenges and meeting compliances.

Identifying the need to establish a secure framework and its management on an ongoing basis, the customer partnered with Noventiq, trusting our proven expertise in the financial sector. Our successful implementation of complex security solutions for India’s leading stock exchange solidified our reputation as a trusted advisor.

Recognizing the capacity limitations of on-premises infrastructure and the need for quick turnaround time, security, and scalability, Noventiq strategically guided the company toward adopting the AWS cloud platform. The trading application was deployed on the AWS Cloud, aligning with the industry-standard cloud and security framework set by Securities and Exchange Board of India (SEBI). By utilizing managed security services from Noventiq, the firm further strengthened its security posture.

Our approach for the security services aligned with the client’s needs for a comprehensive solution, which included a thorough evaluation, strategic planning, and the implementation of key enhancements to ensure security of the infrastructure.

These specifications revolve around the following key aspects:

• To follow AWS best practices, AWS Landing Zone architecture is designed to enforce separation of duties by creating distinct organization units and accounts for core AWS services and applications. This structure is automated using AWS Control Tower, enabling customers to adhere to AWS security best practices, implement Amazon Guardrails, and apply stringent organization-wide controls.
• Security architecture has been made using various AWS Native and third-party security solutions. The solutions have been considered to provide enhanced infrastructure visibility, compliance management, DDoS protection, web application and API security, URL filtering, centralized access control, traffic inspection, and stringent identity and access management (IAM).
• IAM is centralized with CyberArk Privilege Access Management solution, for enhancing security and reducing the risk of unauthorized access.
• A secure and redundant connection to on-premises infrastructure is established through AWS Direct Connect.
• Data is encrypted both at rest and in transit by using an AWS service.
• Security solutions such as Palo Alto and Fortinet firewalls are deployed across multiple availability zones. These solutions provide comprehensive protection with Intrusion Prevention System, antivirus, anti-bot, and URL filtering.
• Indusface Web application firewalls, utilizing both signature and behavior-based detection, protect web applications from DDoS attacks and other internet-borne threats.
• All internal and traffic from on-premises to AWS is subject to rigorous inspection by dedicated firewalls.
• Noventiq has integrated AWS setup with client’s Security Operations Center (SOC) to proactively identify security vulnerabilities. Our team implements security controls for the client based on the findings, leading to a strengthened security posture.
• Advanced Zscaler Smokescreen deception techniques have been deployed to proactively identify malicious activities.
• We have implemented an AWS DRS-based DR solution to enhance application availability and resiliency by securely replicating data from Mumbai to Hyderabad. This enables quick recovery in case of a disaster, with an RTO of 2 hours and RPO of 30 minutes. To ensure uninterrupted access to on-premises exchange data, we have established separate Direct Connect lines with failover at the DR site.
• To further fortify the DR environment, we have deployed separate perimeter Palo Alto firewall and internal Fortinet firewall to inspect external internet bound and internal traffic between web and application layer. Security group configurations are replicated from the primary site to maintain consistent protection.