Asian Bank Transformed Attack Response

A leading banking and financial services provider in Hong Kong needed to strengthen resilience across its highly interconnected global environment. After a phishing attack exposed major visibility gaps and inconsistent east-west monitoring, the bank sought a solution that could isolate traffic, contain threats, and support compliance requirements. Akamai Guardicore Segmentation helped the bank gain complete visibility across its infrastructure, reduce lateral movement risk, and protect mission-critical systems.

Banking environments are complex, globally distributed, and deeply interdependent. A disruption in one system can cascade across operations, markets, and customer services. Even a single compromised endpoint can trigger a chain reaction.

That was the situation facing a bank in Asia. Hybrid IT architectures, legacy systems, and expanding third-party ecosystems increased the bank’s attack surface. Despite heavy security investments, gaining end-to-end visibility remained difficult. Yet numerous regulatory frameworks demanded far stronger evidence of control, containment, and resilience, such as the Hong Kong Monetary Authority Operational Resilience (HKMA OR-2), Monetary Authority of Singapore Technology Risk Management (MAS TRM), and PCI DSS.

“Banks can’t protect what they can’t see,” the bank’s CISO explained. “And we didn’t have a clear picture of our traffic flows.”

The tipping point came when a malicious phishing attack infiltrated its systems. While the bank’s EDR (endpoint detection and response) and SIEM (security information and event management) systems detected unusual activity, neither solution provided full east-west visibility. The SOC team had to manually reconstruct the attack by stitching together logs from multiple systems.

As the CISO said, “We were blind to lateral movement. We had to gather logs from everywhere just to understand what happened.”

This attack revealed two urgent needs. The bank required complete visibility across internal and external traffic, plus the ability to isolate suspicious activity instantly. The bank needed a reliable, scalable microsegmentation solution that wouldn’t destabilize critical systems.

A trial with Illumio resulted in agent crashes — causing unexpected downtime. As an existing user of Akamai App & API Protector, the bank turned to Akamai. After a successful proof of concept of Akamai Guardicore Segmentation, the CISO confirmed the decision to implement the solution.

Akamai Guardicore Segmentation is a microsegmentation solution providing real-time visibility, containment, and east-west traffic control. “Akamai’s solution is built for the real world,” said the CISO. “The stability was unmatched.”

The bank also appreciated the solution’s flexible asset labeling and Layer 7 process-level visibility. “These features gave us real visibility. We could label assets in business language, track every process connection, block lateral threats, and apply one policy across all systems — making compliance far easier,” he continued.

Akamai’s Professional Services team guided the bank through a two-stage rollout of best-practice segmentation across multiple sites. In phase one, Akamai Guardicore Segmentation was deployed in monitoring mode, providing full traffic visibility and application dependency mapping. In phase two, the agents were put in blocking mode to enforce microsegmentation rules and policies, and contain unexpected lateral movement in real time.

The bank applied microsegmentation to its most sensitive systems:

• Internal ticketing system
• Core system for branch connectivity and digital banking
• Interbank remittance system (IBRS) supporting payments
• Active Directory domain controllers
• Real-time gross settlement (RTGS) system

“We finally had a way to isolate mission-critical systems without slowing them down,” the CISO explained.

After implementing Akamai Guardicore Segmentation, the bank gained complete north-south and east-west visibility across its environment. Security teams could monitor all server-to-server communication and isolate suspicious processes in seconds.

“With Akamai Guardicore Segmentation, containment went from hours to a click,” said the CISO. “That’s a game changer in banking.”

Benefits included:

• Full visibility into internal traffic
• Real-time attack isolation
• Reduced lateral movement risk
• Stronger operational resilience
• More efficient SOC investigations

Microsegmentation helped the bank reduce its attack surface and satisfy requirements for operational resilience, disaster containment, and network visibility — all key components of HKMA OR-2, MAS TRM, and PCI DSS.

“Akamai Guardicore Segmentation checked the compliance boxes while solving real problems,” the CISO explained.

With segmentation in place, the bank is now evaluating Akamai API Security to further strengthen protection across systems and third-party integrations. “We see Akamai as a long-term partner. Its solutions evolve as quickly as the threats,” concluded the CISO.