European banking leader conquers compliance, out of band vulnerability with Opengear

Highlights

• After learning that their current out of band provider was behind in their vulnerability disclosure, the French banking leader started looking for a replacement.
• The technology services team implemented Opengear after a flawless POC and a responsive team.
• The team reports 30 minutes of time savings with each critical device they install. Over time, this is significant, especially for a small team covering four data centers across Europe.

Customer Story

With 18 regional member organizations and over 5,000 branches spread across Europe, this French banking leader handles the funds and personal information of more than 36 million customers. As one of Europe’s leading banking organizations, it is an attractive target for cybercriminals and a risky place for a breach. 

Founded more than 30 years ago, the organization’s technology services subsidiary supports all internal and external customers by supplying high-quality service, security, data protection, and continuous innovation. Additionally, to minimize any cyber risks and to avoid a data breach, the technology services organization prioritizes and maintains this leading bank’s PCI DSS compliance, which it must prove during yearly audits. 

Challenge

“Time is of the essence when you’re dealing with security,” according to the data center network (DCN) engineer at this technology services organization. He explained that they are a small team of 15 responsible for the data center networking, including setting up, maintaining, and renewing hardware. The team also oversees the review and redesign of network architecture projects while ensuring efficiency and reliability. Hence, the DCN engineer pointed out, working with responsive technology partners is critical for this lean team overseeing four data centers across Europe.

Security, in terms of managing assets, controlling access, and protecting data, is crucial for any IT organization; it is even more critical for those within finance organizations. The technology services team caters to the needs of the business by holding themselves accountable to high-quality service and security standards. Likewise, they expect the same from their technology and business partners. 

When the security services team learned that their current out-of-band provider was behind in their vulnerability disclosure to the Common Vulnerabilities and Exposures database (CVE) they reached out to the vendor for more information. They also wanted to disable Telnet for their out-of-band solution because the Telnet vulnerability was affecting their out-of-band appliance. Initially, the vendor did not respond to queries. Finally, the team received a mini patch and unfortunately, it didn’t work. Disappointed with their experience, and the vendor’s handling of the issue and communication, the technology services team began exploring new out-of-band solutions.

“It is important that our technology partners are responsiveness and proactive when communicating with us.”
Data Center Network Engineer

Solution

Once they decided to find a new provider to refresh and revamp their current out-of-band network, also known as an independent management plane, they reached out to several vendors for POCs. They needed a highly secure, vendor agnostic out-of-band solution. They also hoped to work with a knowledgeable, responsive and a communicative technology partner.

They conducted several POCs to test solutions from different vendors. One of the other vendors didn’t pass the PCI DSS compliance audit requirements and was out. Conversely, according to the DCN engineer, the Opengear appliance POC went exceptionally well. The console manager met all their requirements. It was easy to implement, easy to use, vendor-agnostic, and passed their rigorous security tests. Additionally, the Opengear team was knowledgeable and communicative throughout the entire process. 

With a flawless POC and a responsive team ready to support the solution, the choice was easy. The technology services team chose to implement Opengear CM7148 console server. Designed for data centers and large compute locations, the CM7100 offers 16-96 serial console ports with simple straight-through cabling to Cisco-style serial consoles. Furthermore, each unit has dual GbE ethernet connections, and interfaces with Opengear’s Lighthouse Centralized Management platform making it easy to access and manage.

Results

After deploying CM7148 appliances, the technology services team gained the critical security and peace of mind they had sought. Their previous out-of-band appliances had issues with connecting to some of their devices. However, with the vendor-agnostic Opengear console servers, they can console into their routers, switches, and firewalls with no issues. Opengear also helped boost the lean team’s productivity, instead of working with a local technician to configure a new device they are using their new console servers. 

Moreover, the developed bash script that easily detects and configures new devices. This is invaluable with over 1,000 devices in their data centers, this comes in handy and saves time. The team reports 30 minutes of time savings with each critical device they install. Over time, this becomes significant, especially for a small team covering four data centers.

The DCN engineer also adds they have been very pleased with the timely communication of the Opengear team. Although Opengear devices were not impacted when the log4j vulnerability was released, the technology services team received a prompt notification from Opengear assuring them that Opengear CM7100 devices were not affected. This timely communication provided peace of mind and further proof that the team made the right choice with Opengear.