Raymond James has built a layered security fortress for its network and surrounding VPN--not only to prevent well-known security threats from disrupting its operations, but to stop criminals from stealing or damaging sensitive financial data. So far, the company hasn't suffered any outages due to security breaches.
"Any general Internet traffic coming into the network is going to pass through three IDS/IPS [intrusion-detection/prevention systems] before it gets onto the backbone," Loach says. This includes the firm's public Web site and e-mail, which is scanned multiple times for viruses, malware and spam. "We scan inbound and outbound e-mail at the desktop and at the mail servers," he says.
Raymond James' security architecture is built around tools from a variety of vendors. A Cisco Internet router uses access lists to split traffic into two streams--one for the firm's branch-office VPN traffic and one for incoming Internet traffic. Both streams go through a series of Check Point Software firewall/VPN clusters and Internet Security Systems' IDS/IPS, as well as a Trend Micro VirusWall. Another Cisco router checks the traffic against its access list at the other end.
This multilayered security architecture ensures that Raymond James' independent brokers, who access the company's backbone through the VPN, are thoroughly authenticated and given access only to the tools they're authorized to use. It also helps prevent the brokers from unwittingly passing a worm or virus into the backbone network.
But managing so many layers of security isn't easy. Loach and the data center security team use the Check Point SmartCenter Pro management platform, which gathers logs from the Check Point equipment as well as from their Juniper Networks SSL VPN appliances and WholeSecurity system log (syslog) data. SmartCenter Pro can access Cisco router access lists, but the other security data Raymond James has at its disposal doesn't go through SmartCenter Pro.
To realize the benefits of cloud-native software, an application must actually be cloud-native—designed to run in the cloud, interacting with disaggregated cloud services, fully manageable as code—to deliver the expected benefits.
By combining resources and expertise, the AI-Enabled ICT Workforce Consortium will offer a blueprint for how industries can adapt to an AI-dominated future.
IT leaders should heed the guidance of cybersecurity insurance providers who think businesses should prioritize security education, incident preparedness, regular internal audits, and ongoing vulnerability scanning and patching.
