Finishing up on the previous post, the illustration below presents a close-up look to how a next generation Chase CDN CyberSecurity Defense Shield would look like. It’s a mixture of B2B CDN (Aryaka Networks) and B2C CDN. At the outer edge, there is the CDN POP that accepts end user requests and responds appropriately – this can be the first layer of defense. It will consist of standard caching/storage infrastructure and custom built DDoS mitigation servers that can absorb attacks, perform deep packet inspection, and filter out the junk. The second line of defense is the intelligent security layer that not only records the origin of each packet, but also injects an ID# that enables the banks to track each packet through the global ecosystem.
A proper name would something like the CDN Global Packet Tracking System. The banks can go as far as dropping the ancient TCP/IP protocol at the core, and create a special Banking IP Protocol for use only by international financial institutions. Of course, there will have to be some conversion going on from the standard packet to the new packet. The third layer of defense is the FireEye, Palo Alto, Symantec layer that operates within the corporate perimeter. The new banking global threat prevention system will be costly, but the banks and Uncle Sam are in a position now to invest a few billion dollars into the project. The SecOps team can be 2,000 to 3,000 strong spanning several countries that are responsible for monitoring traffic, attacks, alerts and mitigating threats.
Chase New Generation Hybrid CDN Security Shield
- Three Layers of Cyber Security Defense
- 1st Layer Security is B2C CDN – Chase POPs interact with clients
- 2nd Layer of Security is B2B CDN – converts IP packets. Injects ID into each packet in order to track origin and destination. Record packets that enter the ecosystem.
- 3rd Layer of Security – FireEye, Palo Alto Networks, Symantec…
- SecOps Team is 2,000 – 3,000 strong across US, UK, Paris, Germany, Tokyo….
- Infrastructure providers: Equinix, Arista Networks, Juniper Routers at the edge, and custom built SDN type routers at the core
- 2xCabinets Caching Serves, 2xCabinets DDoS Filtering/DPI Severs minimum
- Custom high capacity servers
- Core Network consist Redundant 10Gb Waves
- Level 3, Deutsche Telekom & British Telecom Connectivity