Challenge: Provide Regulatory Assurance Separately for Technical and Operational Environments
Miami International Holdings (MIAX) is a fully electronic options trading exchange approved by the SEC as a national securities exchange on December 3, 2012. Its trading platform has been developed in-house and designed from the ground up for the unique functional and performance demands of derivatives trading. MIAX Options now lists and trades options on over 2,300 multi-listed classes. MIAX Options’ unparalleled system throughput is in excess of 38 million quotes per second with an average latency for a single quote being 15.89 microseconds.
Watch the testimonial video.
As part of the process to open as a U.S. Securities Exchange, MIAX had to satisfy a multitude of security criteria. Auditing and logging were two critical requirements for MIAX. They needed a way to perform full keystroke logging of any activity in their critical systems. MIAX chose to deploy PowerBroker for Unix & Linux due to the high availability requirements of the hosts. It allowed them to not only capture all admin activity, but also provided full forensic auditability of the entire critical environment.
We required a solution which could handle the high demands of our environment, but yet not get in the way of our Admins daily job of managing the complexities of the environment. The PowerBroker for Unix & Linux solution helped us satisfy the ‘full auditability and accountability’ requirement of our trading system in an unobtrusive manner. – John Masserini, CSO, Miami International Holdings, Inc.
As MIAX grew and expanded into other business ventures, they needed to provide regulatory assurance of total separation of the technical and operational environments. MIAX wanted to ensure that any solution would position them to maintain and enhance the entire privileged access management process as well as provide strong auditability for the separation of the various environments.
With concerns about proxy-type solutions being able to keep up with the key capture requirements of the operational environment, MIAX required a solution that integrated with previously installed SSH applications on the local desktops.
MIAX also needed true high availability across geographic locations to support full disaster recovery in any of their data centers. Additionally, the solution had to be a self-contained, hardened deployment which precluded solutions which required usage of the corporate SQL database. Finally, integration with the existing PowerBroker for Unix & Linux and compatibility with their existing SEIM infrastructure were essential.
After a series of proof-of-concept evaluations, MIAX selected PowerBroker Password Safe. By deploying Password Safe, MIAX was able to provide a single login to the user and allow them to ‘pick and choose’ what environment needed to be accessed and with which account.
BeyondTrust PowerBroker Password Safe automates privileged password and privileged session management, providing secure access control, auditing, alerting and recording for any privileged account – from local or domain shared administrator, to a user’s personal admin account, to service, operating system, network device, database (A2DB) and application (A2A) accounts – even SSH keys, cloud and social media accounts.
Prior to Password Safe, the operations team would open 8-10 SSH sessions each morning to startup and monitor the production environment. Each of these required a one-time password, resulting in wasted time and inefficiency. Now their users are able to strongly authenticate one time, and have SSH sessions opened for them with a single click. As for the security team, prior to Password Safe, due to the complexity of the environment, it would take a significant effort to review the logs, find the correct recorded session, and then replay that session to see if it was in fact the one with the incident.
With Password Safe, the security team can now leverage the Google-like search capabilities to find the users and commands in question, replaying the sessions right from the GUI. The benefit of this approach is that it integrates their existing PowerBroker for Unix & Linux deployment and provides a full view into all actions within our various environments.
THE POWERBROKER DIFFERENCE
For MIAX, an unexpected side benefit of the Password Safe deployment was the ability to leverage the BeyondInsight IT Risk Management Platform for enhanced security analytics and risk reporting. MIAX was able in integrate feeds from various tools already in use to provide not only a self-service reporting tool, but a key risk dashboard which provided insight into the overall risk posture of the entire enterprise.
- Simplified SSH Key Management – Schedule SSH key rotation and enforce granular access control and workflow.
- Unified Password and Session Management – Use a single solution for both password management and session management, lowering cost and complexity.
- Application Password Management – Get control over scripts, files, code and embedded keys by eliminating hard-coded or embedded credentials automatically.
- Advance Workflow Control – Add context to workflow requests by considering the day, date, time and location when a user accesses resources.
- Threat Analytics & Reporting – Leverage a central data warehouse to collect, correlate, trend and analyze key threat metrics; customize reports for specific needs.
The addition of BeyondInsight was an unexpected benefit that has allowed us to provide an easy-to-use reporting and dashboard platform to the rest of the organization. We no longer need to rely on monthly reports or presentations – the data is at hand at all times. -John Masserini