Date post: | 14-Apr-2017 |
Category: |
Technology |
Upload: | swift |
View: | 303 times |
Download: | 4 times |
SWIFT Reporting – Getting the most out of the available toolsEmma Pacheco, Service Manager – SWIFT
SWIFT Reporting
ObjectivesGet the most …• understanding• access• address questions
What are …• your challenges• we missing
SWIFT Reporting
Agenda Quiz• What? Where? How?
Exercise• Putting my reports to good use !!!!
Your turn• Your challenges
Recap & conclusions• What have we learnt?
QUIZ Time !!!
• Leased Line Utilisation Report
What?
• Swift.com > Support Tools
Where?
P+/P
QUIZ Time !!!
• Year/Month/Peak Day
• Per line• Segregation
• Resiliency• Browse traffic• Degradation
How?
P+/P
QUIZ Time !!!
• Support usage Report
What?
• Swift.com > Premium Doc Repository
Where?
P+
QUIZ Time !!!
• Disturbance index
• Case stats• Per month• Per channel• Per user• Per product …
How?
P+
QUIZ Time !!!
• Availability Report
What?
• Swift.com > Premium Doc Repository
Where?
P+
QUIZ Time !!!
• Availability of:• SWIFT• VPNs• SNLs• LTs
• Configuration via:• Service Mgr
How?
P+
QUIZ Time !!!
• Healthcheck Report
What?
• Swift.com > Premium Doc Repository
Where?
P+/P
QUIZ Time !!!
• Identify risks• Best practices• Focus:
• Service Availability
• Performance• Security
How?
P+/P
QUIZ Time !!!
Traffic Monitoring- Throughput- Volume- Queues
Reports- Certificates- Roles- Activity Log
Report Automatio
n O2MSWIFTNet Online
Operations Manager
P+/P
QUIZ Time !!!
O2M
P+/P
QUIZ Time !!!
P+/P
O2M > Throughput (TPS)
QUIZ Time !!!
O2M > Volume
P+/P
QUIZ Time !!!
• Watch• …
• Case review• …
• License• Systems• …
• Accounts• Ordering• …
Swift.com MyConfig
BusinessIntelligence
ServiceMeetings
Many other on-demand reports
P+/P P+/P
P+P+/P
CO
O Q
uest
ions
Cha
ngesAug 2015:
New business flow Important volumes Traffic: IA + browse
Same time: HW/SW changes New security policies enforced
Did incident risk increase since new flow?
Do you feel safe in terms of capacity?
Exercise Time !!!
What are your challenges? what are we missing?
Cap
acity
?
Ris
k in
crea
se?# incidents stable
but risk higher: support cases (system config/admin) BW usage HW/SW maturity & knowledge management
LL BW increase, still OK… growth? Staff? HW saturation? internal monitoring
Exercise Time
Conclusions
Request budget for in-depth analysis/prep for upscaling?
What are your challenges? what are we missing?
Recap Case review
O2M
HC swiftmon
LLUR
Availability
Support Usage
Recap Case review
O2M
HC swiftmon
LLUR
Availability
Support Usage
HC cases?
LLUR–O
2M=B
rowse
Training
DomainsIn
cide
nt v
s Q
uest
ion
Cer
tific
ates
Sec
Mgm
t
Ntwk BW vs System BWVB box used vs available?
Recap
• to assess current situation
Combine different reports …
• to prevent outages
Use reports proactively ...
• voice your requirements !
Reports are only one way SWIFT can help …
IT Update:CTO’s view of 2020 Strategy- Challenges and OpportunitiesCraig Young, Chief Technology Officer – SWIFT
USEUR
KL
IT at SWIFT
Presence in the 3 geographical regions is of strategic importance for business relevance and resilience.
Strategic business priorities:• Grow and strengthen core ‘many-to-many’ financial messaging, connectivity and closely adjacent products and services • Expand and deepen offerings for market infrastructures • Build our financial crime compliance portfolio to meet the full spectrum of related challenges.
Critical enablers:
OperationalExcellence
Innovationat the Core
Customers And Communities Talent Financial
Management
• Recognized systemic importance
• Invest in operational excellence & platform efficiency
• Security, technology and resilience
• Innovate core payments & securities
• Platform innovation
• Continued product innovation
• Leverage Innotribe and SWIFTLab
• Expand geographical reach
• Customer centricity
• Community dialogue
• CSR
• Develop to match business needs
• Developing critical capabilities for future
• Reduce message pricing
• Grow non messaging revenue
• Financial resilience
SWIFT 2020 – Grow the core, Build the future
TransformGrowRun
Security
Talent
Technology
Role of IT
Security –Challenges
Increased complexity to cyber attacks• Phishing, impersonation, DDoS, virus, …• Multiple hacking techniques to evade detection and
distract defender• Stealthy and diverting techniques• Weaponisation means less entry hurdle for hackers
Increased threat sources• Very powerful, resourceful and skilled actors• New categories of threats: losing trust in technology
(weakened crypto, backdoor added)
Increased technology vulnerability• More zero day exploits• IT consumerisation : usability vs security, technology
favouring end user• Weakest link in the chain: people
Changing business landscape• More Internet facing services• More business agility• Mobility, BYOD• Geopolitical tensions
It’s no longer a matter of if your cyber security defense will be compromised at some level – it’s when.
Prevent
Detect
Plan
LearnComplicate enemy’s life and prevent cyber attacks to succeed
Do not underestimate the enemyand detect attacks that woulddefeat your prevention
Know your enemyand understand
own exposure
Prepare for the worse and be ready to contain and
recover from detected attacks
Security - Holistic Cyber Framework
FNAO
FINSWIFTNet
Regional Processor
Slice Processor
FIN BridgeSwitchFront End Processor
Slice Control Processor
Certification Authority
SWIFTNet Directory
SWIFTNet LinkAlliance Gateway
SNL
Lite
Alliance Lite2
Alliance Access IntegratorAlliance Access
Alliance Entry
Alliance Connect Bronze
Alliance Connect Silver
Alliance Connect Gold
Alliance Messaging HUB
Autoclient
SWIFTNet Browse
SWIFTNet InterAct
SWIFTNet FileAct
Sanctions Screening
Accord
SWIFT WebAccess
KYC
Online Operations Manager
Swift.com
3SKey
HSM
VPN
Alliance Managed Operations
Alliance Lifeline
Alliance Remote Gateway
SWIFTRef
Sanctions Testing
Watch for Securities
IPLA
Increasing number of services
Scalability following strong growth
Common User Experience
Time to Market
Security Evolution
Platform - Challenges
Platform - Business Architecture Process
Ideation Ideation
Innovation - Challenges
Ideation Validation Proof of Concept Project life cycle
Security - Anticipating your future requirements
Mayank Bhatt, Security - Product Manager – SWIFTChetan Uka, Messaging - Product Manager – SWIFTBikash Mishra, Service Manager – SWIFTJithendra Manne, Service Manager – SWIFT
HSM Refresh and HSM Usability Enhancements
Mayank Bhatt, Security Product Manager - SWIFT
HSM Refresh: 2-phase project
Hardware Refresh Renew infrastructure
Usability Evolution
Simplify day-to-day management of HSM boxes Reduce cost & risk associated with complex processes
5653 4618 339
100% IS6 HSM Boxes shipped overall
IS6 HSM boxes Installed
Remaining oldHSM Boxes
HSM Refresh: key figures
HSM Refresh: 2-phase project
Hardware Refresh Renew infrastructure
Usability Evolution
Simplify day-to-day management of HSM boxes Reduce cost & risk associated with complex processes
HSM
O
PER
ATIO
NS
Q2 ‘14 Q3 ‘14 Q4 ‘14 Q1 ‘15 Q2 ‘15 Q3 ‘15 Q4 ‘15 Q1 ‘16 Q2 ‘16 Q3 ‘16 Q4 ‘16
SNL/SAG 7.0.29 (CLS users)SAG Admin GUI enhancements (CLS users)- Improved certificate monitoring- Easier/integrated certificate management
HSM cluster enhancementSupport higher latency limit on dedicated browse HSM clusters
SNL/SAG 7.0.40SAG Admin GUI enhancements- Improved certificate monitoring- Easier/integrated certificate management - Automate recovery of group certificates
SNL/SAG 7.0.50HSM enhancements- Simplified installation process & remote set-up- Unique PED token (option)- Cluster improvements- Controlled password management
CER
TIFI
CAT
E M
AN
AG
EMEN
T SNL/SAG 7.0.50 Certificate management enhancements- Option to avoid or minimize PED functions- Fully integrated certificate management
HSM Usability Enhancements
SNL/SAG 7.0.50Enhancements Benefits
Operational efficiency • Reduce manual PED operations• Streamline certificate management through GUI• Automate group functions• No physical box access required for initial remote PED
set-up• Reduce manual steps for installation/configuration• Limit number of PED keys to manage
Risk prevention• Reduce manual errors• Enhance control on certificates lifecycle• Ability to prevent password expiry• No need to manage accounts/passwords on each box separately
within a cluster
Enhance SAG Admin GUI • Delete certificate without PED operation• Integrated partition management
Simplify HSM configuration• Default remote PED access• Unattended backup• Flexible cluster configuration
Improve account administration• Account synchronization across cluster• Controlled password management
Limit PED operations• Unified PED token • Session-based PED authentication
HSM Refresh, a multi year project
2011 2012 2013 2014 2015 2016
Q1 Q2 Q3 Q4 Q1 Q2 Q3 Q4 Q1 Q2 Q3 Q4 Q1 Q2 Q3 Q4 Q1 Q2 Q3 Q4 Q1 Q2 Q3 Q4
New hardware selection started
PSF 2014: Planning for refresh Review potential changes
End of support for IS5 HSM boxes
Deliver remaining usability enhancements(patch 7.0.50)
Design potential usability changes
Launch IS6 HSM boxes shipment
Start program preparation
Usability enhancements (patch 7.0.40)
Initial usability enhancements (patch 7.0.29)
PSF 2015: HSM refresh status update
Launch customer consultation
Deliver remaining usability enhancements(patch 7.0.50)
Updated Release Policy
Chetan Uka, Messaging Product Manager - SWIFT
Describe type (major, minor, patch), naming convention, and releases cycles.
Provides supportability and migration framework of our products
Provides information about SWIFT framework for qualifying OS and patch levels
What is the SWIFTNet and Alliance Release Policy
The SWIFTNet and Alliance Release Policy is the rule-book describing the delivery of SWIFTNet and Alliance releases.
Foster community alignment on
features, enhancements & Security updates
Technology landscape
evolving faster and continuous monitoring
(OS and COTS)
Cyber Security roadmap
Release Policy – Ensure sound Release cycle post 7.2
Security and cyber threats requires more frequent
updates
SWIFT
Why an Updated Release Policy?
Rationale for refresh
SWIFTNet and Alliance Release PolicyCollaborate with the SWIFT Community for feedback
Propose updated Release Policy
Principles
Discuss with User groups and Vendors
to incorporate there
feedback
Release 7.2 Final Release
Overview to include updates
to Release Policy
SWIFT Proposal
SWIFT Community
Updated SWIFTNet and Alliance Release Policy- Applicable as of Release 7.2
Oct2015
Nov - Feb2015/16
June2016
Release PolicyPrinciples
• Clear End of Support date defined at the availability of an annual release
Life Cycle - End of Support
• One planned release per year• Annual version supported for 2 years of maintenance and 1 year of
migration support• Hotfixes / Patches provided as needed• Each annual release can be installed without prior installed version
Concurrence of Release
• OS baseline supported for 3 years
Operating Systems
Release Policy Roadmap: how this will work ( for example, SNL/SAG)
2018 2019 2020 2021
Q1 Q2 Q3 Q4 Q1 Q2 Q3 Q4 Q1 Q2 Q3 Q4 Q1 Q2 Q3 Q4
J F M A M J J A S O N D J F M A M J J A S O N D J F M A M J J A S O N D J F M A M J J A S O N D
Primary upgrade path – upgrade to following release24 month migration period
2019 to 2022 OS Baseline
2018 to 2021 OS BaselineRelease N+1 (7.2.10)
Release N ( 7.2)
Release N+2 (7.2.20)
Release N+3 (7.2.30)
2020 to 2023 OS Baseline
Unsupported
Unsupported
2017 to 2020 OS Baseline
Secondary upgrade path - upgrade to N+2 release12 month migration period
Customer Testing Policy
Bikash Mishra, Service Manager - SWIFT
SWIFT products Vulnerability testing
Allowed
• Alliance Access• Alliance Web Platform• Alliance Gateway• SNL• SIL• AMH• HSM devices• 3SKey
Not Allowed
• Alliance Connect• SWIFT Network• SWIFT Messaging
Solutions• Business Application
Services• SWIFT web sites• 3SKey Portal, Lite2
Conditions: • No connection to SWIFT Network• Latest and supported versions of Software/Hardware
Non- SWIFT products Vulnerability testing
Allowed
• Prior Vendor agreement
• Without physical/logical connection to SWIFT
Not Allowed
• M-CPE (Managed Customer-Premises Equipment) supplied by Network Partners
Performance Test
FIN Stress
CUG Stress
Best Practices
• SWIFT Approval• Rules - Tip
2008531
• Managed by Service Administrator
• ISAE 3402 type 2 report -Tip 2208810
• Customer Testing Policy document
• System Backup
SWIFT addressing your security needs
Jithendra Manne, Service Manager – SWIFT
Exercise Time !!
Objective : Secure the Infrastructure
• Each team has a SWIFT infrastructure diagram • Brainstorm amongst your team • Mark each entity/server to be secured • Use the techniques and tools available to secure them (SWIFT /
Internal )• Highlight your challenges and needs • One person from each team to Present !!
Time starts now !!
Customer Footprint
Third PartyInterface
AMH
Alliance Access
MQHA
SOAP
AFT
ADK WSSIPLA
Alli
ance
Web
P
latfo
rm
Web
GU
I
Alliance Connect
SNL
SNL
HS
M
Clu
ster
HS
M
Clu
ster
Third PartyInterface
Third PartyInterface
SWIFT network
AllianceGateway
RAHA
MQHA
IPsec• Authentication• Encryption
Remote PED
Customer Footprint
Third PartyInterface
AMH
Alliance Access
MQHA
SOAP
AFT
ADK WSSIPLA
Alli
ance
Web
P
latfo
rm
Web
GU
I
Alliance Connect
SNL
SNL
HS
M
Clu
ster
HS
M
Clu
ster
Third PartyInterface
Third PartyInterface
SWIFT network
AllianceGateway
RAHA
MQHA
PKI, ED, CRL, CARA
Remote PED
PKI, SSL, SSH, FIPS 140-2 Level 3
CertifiedEncrypted, PED Keys
Customer Footprint
Third PartyInterface
AMH
Alliance Access
MQHA
SOAP
AFT
ADK WSSIPLA
Alli
ance
Web
P
latfo
rm
Web
GU
I
Alliance Connect
SNL
SNL
HS
M
Clu
ster
HS
M
Clu
ster
Third PartyInterface
Third PartyInterface
SWIFT network
AllianceGateway
RAHA
MQHA
TCP Ports, FIPS 140-2 Level 3,
SSL, SSHPED Encrypted,
Passwords, Cluster Certificate
Remote PED
Customer Footprint
Third PartyInterface
AMH
Alliance Access
MQHA
SOAP
AFT
ADK WSSIPLA
Alli
ance
Web
P
latfo
rm
Web
GU
I
Alliance Connect
SNL
SNL
HS
M
Clu
ster
HS
M
Clu
ster
Third PartyInterface
Third PartyInterface
SWIFT network
AllianceGateway
RAHA
MQHA
Remote PED
FW, TCP Ports
Customer Footprint
Third PartyInterface
AMH
Alliance Access
MQHA
SOAP
AFT
ADK WSSIPLA
Alli
ance
Web
P
latfo
rm
Web
GU
I
Alliance Connect
SNL
SNL
HS
M
Clu
ster
HS
M
Clu
ster
Third PartyInterface
Third PartyInterface
SWIFT network
AllianceGateway
RAHA
MQHA
Remote PED
TCP Ports, FW, SSL,
SSHPED
Encrypted
Customer Footprint
Third PartyInterface
AMH
Alliance Access
MQHA
SOAP
AFT
ADK WSSIPLA
Alli
ance
Web
P
latfo
rm
Web
GU
I
Alliance Connect
SNL
SNL
HS
M
Clu
ster
HS
M
Clu
ster
Third PartyInterface
Third PartyInterface
SWIFT network
AllianceGateway
RAHA
MQHA
Remote PED
Ports, FW, TLS/SSL,LAU
SAA-SAG Server Authentication
Customer Footprint
Third PartyInterface
AMH
Alliance Access
MQHA
SOAP
AFT
ADK WSSIPLA
Alli
ance
Web
P
latfo
rm
Web
GU
I
Alliance Connect
SNL
SNL
HS
M
Clu
ster
HS
M
Clu
ster
Third PartyInterface
Third PartyInterface
SWIFT network
AllianceGateway
RAHA
MQHA
Remote PED
FW, Ports, SSL/TLS
SAG-AWP Server Authentication
Customer Footprint
Third PartyInterface
AMH
Alliance Access
MQHA
SOAP
AFT
ADK WSSIPLA
Alli
ance
Web
P
latfo
rm
Web
GU
I
Alliance Connect
SNL
SNL
HS
M
Clu
ster
HS
M
Clu
ster
Third PartyInterface
Third PartyInterface
SWIFT network
AllianceGateway
RAHA
MQHA
Remote PED
SSL/TLS Server Authentication, HTTPS, HTTP
Proxy, FW, Ports
Customer Footprint
Third PartyInterface
AMH
Alliance Access
MQHA
SOAP
AFT
ADK WSSIPLA
Alli
ance
Web
P
latfo
rm
Web
GU
I
Alliance Connect
SNL
SNL
HS
M
Clu
ster
HS
M
Clu
ster
Third PartyInterface
Third PartyInterface
SWIFT network
AllianceGateway
RAHA
MQHA
Remote PED
Ports, SSL + Server Authentication
Profiles/Operators/Passwords (SHA-256) ,
LDAP/OTP, Session Inactivity TimeOuts, SW
+ DB Integrity,
Customer Footprint
Third PartyInterface
AMH
Alliance Access
MQHA
SOAP
AFT
ADK WSSIPLA
Alli
ance
Web
P
latfo
rm
Web
GU
I
Alliance Connect
SNL
SNL
HS
M
Clu
ster
HS
M
Clu
ster
Third PartyInterface
Third PartyInterface
SWIFT network
AllianceGateway
RAHA
MQHA
Remote PED
Ports, SSL + Server Authentication
Profiles/Operators/Passwords (SHA-256) ,
LDAP/OTP, Session Inactivity TimeOuts, SW
+ DB Integrity
Customer Footprint
Third PartyInterface
AMH
Alliance Access
MQHA
SOAP
AFT
ADK WSSIPLA
Alli
ance
Web
P
latfo
rm
Web
GU
I
Alliance Connect
SNL
SNL
HS
M
Clu
ster
HS
M
Clu
ster
Third PartyInterface
Third PartyInterface
SWIFT network
AllianceGateway
RAHA
MQHA
Remote PED
SW Integrity , PKI Certificate,
Signing and Encryption
Threat: Steal Password or Session
Attacks
•Key logger•Session guessing•Shoulder surfing
• Session Mechanism• SSL Tunnel • Account Management
AWP-SE
• Strong Password Policy• OTP / LDAP• Account Management• Session Mechanism
SAA/SAG/SAI
• Secure Browsing PracticesUser
• Protection of System Used by Alliance Products
Customer Infrastructure
Pre
vent
ion
Threat: Data Eavesdropping
Attacks
• Phishing
• Sniffing
• SSL/TLS TunnelAWP-SE
• SSL/TLS TunnelSAA/SAG/SAI
• Secure Browsing PracticesUser
• FirewallCustomer Infrastructure
Pre
vent
ion
Customer Footprint
Third PartyInterface
AMH
Alliance Access
MQHA
SOAP
AFT
ADK WSSIPLA
Alli
ance
Web
P
latfo
rm
Web
GU
I
Alliance Connect
SNL
SNL
HS
M
Clu
ster
HS
M
Clu
ster
Third PartyInterface
Third PartyInterface
SWIFT network
AllianceGateway
RAHA
MQHA
Remote PED
SSL, LAU, Ports, FW, Digest (FA)
Threat: Data Tampering
Attacks
• Man in the Middle
• Server AuthenticationAWP-SE
• 4-eyes AuthorizationSAA/SAG/SAI
• Secure Browsing PracticesUser
• Network Segregation• Patch Management• Logical and Physical
Control• VPN
Customer Infrastructure
Pre
vent
ion
Threat: Weakness of Third Party Products
Customer InfrastructureNetwor
k Segregation
Patch Management
AWP-SEReverse Proxy DMZ
• Protect your infrastructure
Customer InfrastructureNetwork
Segregation Server
Segregation
Protection of the system
used by Alliance product
VPN
SAA/SAG/SAIPatch Management
AWP-SEPatch Management
• Protect your infrastructure
Threat: DDOS Denial of Service
Security : Best Practices
Do’s
•Updated Firewalls •Software and Security Patches•User Roles •Strict Passwords•Restart Browser sessions•Suspicious emails•Restrict unwanted traffic •Anti-Virus / Malware
Dont’s
•Internet from Alliance PCs•Keep sessions open •Saving / writing passwords•Pop-ups to install executables•Assign multiple roles•Open URLs from suspicious emails
Closing Remarks
Danny Smedley, Head of Customer Support – Americas SWIFT
April 23 •Cold Start DRI
Sept 26-29th •SIBOS Geneva
Oct 22 •Global OPC Recover Test
Nov 16 •FIN Standards Release ‘16
Upcoming Events
Your SWIFT Infrastructur
e
Health Check
s
Troubleshootin
g Training
• Be proactive about your SWIFT Infrastructure.
• Schedule your Health Checks & Troubleshooting Training early.
Getting the most out of your support package
www.swift.com