New technology initiatives like Service-Oriented Architecture (SOA), IP Telephony, identity management and consolidation may introduce risk, including exposure to new security issues, unplanned downtime and network conflicts. Mitigating risk requires a network architecture that can deliver network predictability and pervasive security to ensure reliable and timely delivery of critical applications. This "real-time" network must provide the agility to adjust to application specific requirements, and the flexibility to respond to changing business specific requirements. For example, networks must be agile enough to ensure low latency and high availability for real-time applications, while maintaining security and providing sufficient access control. At the same time, network implementation and management must be flexible enough to leverage existing network investments while delivering the latest capabilities and functionality.

Network Predictability

Because of the incredibly high costs of downtime, as in other industries, financial institutions must ensure that applications are always available irrespective of internal downtime, malicious attacks or external disasters. Furthermore, providing a high level of service is critical to remaining competitive. Poor performance and delays can cost financial institutions enormously in terms of lost productivity and can even drive away customers. Given the high total lifetime value of customers to many financial institutions, customer defections and negative publicity can result in long-term damage to the organization. Network predictability - comprising high availability, high performance and network intelligence - is an important pillar for the real-time network. To ensure network predictability, operational stability and performance must be optimized in all critical areas of the network and across all network products:

• Firewalls must feature highly resilient hardware architectures that can operate at high enough speeds to accommodate financial applications like market data feeds while providing sub-second fail-over
• Routers of every size should include operating systems that ensure operational stability, while delivering advanced performance features like QoS and MPLS support for VPNs and traffic engineering
• Intrusion prevention systems must severely curtail false positives so that critical network resources can be reached even as attacks are stopped
• Application acceleration in the data center and branch offices increases availability and optimizes application delivery for fluctuating business requirements

Pervasive Security

More than most organizations, financial institutions must protect their networks, applications and data from a wide range of security threats. Viruses, worms, malware, denial of service attacks and increasingly sophisticated application-layer intrusions of all kinds can cost financial institutions dearly in lost assets and expensive downtime. These intrusions and attacks originate both from outside and from within financial institutions' network perimeters. Also, financial institutions provide internal and external users secure and encrypted access to critical resources, while segregating these resources from unauthorized access. Real-time networks let financial services firms ensure that internal applications are only accessed by authorized personnel from trusted networks, and that attacks are mitigated so that dangerous traffic is removed from authorized traffic. Examples of pervasive security include:

• Firewalls and routers placed throughout the network that prevent IP spoofing
• SSL VPN rules that allow conditional network access to specific users at an application level and rules that incorporate device state, such as verifying the installation of up-to-date virus protection, before allowing network access
• Access control that combines identity-based policy and endpoint intelligence to give real-time visibility and policy control throughout distributed and local networks
• Intrusion detection and prevention system signatures (updated daily) that remove known worms from the network, while ensuring the availability of applications to legitimate traffic
• Network-based anti-virus, deep inspection and URL filtering to ensure that no unauthorized software runs on the network

Real-time networks provide the operational stability, pervasive security and high performance that enable financial institutions to take control of their risk mitigation costs by consolidating resources and introducing operational efficiencies. For example, when security devices that combine firewall, VPN, anti-virus, intrusion detection and prevention, and other features are available in different sizes for different areas of the network, financial institutions can control security capacity and cost while enabling more granular control through resource consolidation. Likewise, by deploying application acceleration solutions, financial institutions achieve greater performance and efficiencies from existing application and database servers, while centralizing data and backup systems. This eliminates the need to undergo costly and ineffective backup, restore and management in remote offices. By deploying real-time networks, financial institutions meet the technological, business, and regulatory requirements with which they are faced, while minimizing networking costs.

Doron Abrahami is Senior Manager at Juniper Networks, 201-913-9975; email: dabrahami@juniper.net; web: www.juniper.net.