Enhancing Security for a Leading Indian Stock Exchange with Managed Security Services

This project marks a pivotal moment in the Indian stock exchange landscape. An initiative by the Government of India, the broker platform has been designed as a critical fallback mechanism to safeguard investor interests. Even in the face of primary exchange failures, the platform ensures uninterrupted trading and allows investors to close open positions, safeguarding them from losing their money.

As a high-stakes initiative involving sensitive customer data and multiple stakeholders, including all major Indian stock exchanges, the project demanded exceptional execution. The technology arm of the leading stock exchange spearheaded this endeavor, entrusting Noventiq with the development and management of this broker platform.

In addition, the stock exchange recognized the imperative to evolve its infrastructure to meet the increasing demands of a dynamic market. This necessitated a highly adaptable and secure infrastructure capable of scaling rapidly to meet customer demands within a fraction of the time.

For this project, there was a strategic need to establish seamless and secure private connections with multiple stock exchanges to send multicast traffic over Direct Connect connections to update real-time values of securities parameters and prevent time lags. The application’s functionality needed both unicast and multicast communication types to support varied data transmission requirements.

Implementing robust access mechanisms for both internal employees and external users was another priority. Furthermore, ensuring that instances were protected from malware and inspecting traffic from both the internet and internal networks was essential. Lastly, the SOC team required continuous monitoring of incidents and the overall system health to maintain operational integrity.

In addition to deploying the secure AWS environment, Noventiq has also developed a comprehensive managed security service plan for their AWS environment. Our solution prioritizes infrastructure security and reliability through strategic planning, and ongoing management.

The security solution revolves around the following key pillars:

• Noventiq has established a secure and scalable infrastructure using AWS Landing Zone and Control Tower, implementing multiple security Guardrails.
• Centralized identity and access management (IAM) has been ensured through a robust authentication mechanism using a Privileged Access Management (PAM) solution and AWS Directory Services.
• Access to AWS components has been restricted via role-based policies on the PAM solution, with secure connectivity provided through VPN connections authenticated with external identity sources and multi-factor authentication.
• Service Control Policies (SCPs) enforce security restrictions, such as encrypted disks and prevent disabling of necessary logs.
• To protect against cyber-attacks and web traffic threats, robust perimeter security via multiple third-party firewalls has been implemented.
• Additionally, a SaaS-based Web Application Firewall has been deployed for protection against DDoS and OWASP Top 10 attacks, utilizing behavior-based and machine learning-driven web traffic inspection.
• Advanced threat protection has been configured with anti-malware and XDR policies, with agents dynamically deployed on new instances.
• Continuous monitoring by the Security Operation Center (SOC) has been established, utilizing robust correlation rules and automated malicious activity prevention via Security Orchestration, Automation, and Response (XSOAR) playbooks.
• Security misconfigurations are being prevented using market-leading SEBI Security Posture Management services, ensuring continuous posture assessment.
• Furthermore, vulnerability assessments and penetration testing are being conducted regularly to validate infrastructure and application security.