Industries · Finance

Back-office service paths — closed between approvals.

Core banking, trading, and treasury systems run on service paths that audit policy says are closed and runtime says are open. AirGapNet aligns the two: closed by default, opened for a window, auto-returned to a physical break.

Request a pilot See maintenance flow

Avg. bank breach cost · IBM 2024

$6.08M

Financial services averaged $6.08M per breach in the IBM Cost of a Data Breach Report 2024 — the second-most expensive sector. Service-path compromises dominate root cause across the report's 600+ surveyed orgs.

Source: IBM 2024

Attack surfaces

Four paths that almost never need to be reachable.

Each one carries a real operational need — and stays open between calls because no one wants to break the part that worked the one day it was needed.

Core banking maintenance windows

Patch and end-of-day windows open paths into core banking systems for hours at a time. The same path is reachable for the rest of the month — and stays in scope for any lateral attack.

Trading floor admin tunnels

Low-latency trading rigs have admin tunnels for parameter pushes and emergency intervention. Outside trading hours those tunnels sit open, unmonitored.

SWIFT / payment gateway service

Payment gateways keep reachable management ports for the bank's internal admin team. The same ports are the audit's #1 risk finding, year after year.

Audit and compliance data exports

Quarterly compliance pulls open a path from regulators' export servers to internal systems. The path stays addressable between quarters — a standard target for credential-reuse attacks.

How it maps

Real scenarios. Concrete fix.

Pick the scenario closest to your floor. The mapping below is what changes once AirGapNet sits on the service path.

Core banking nightly patch window runs 02:00–04:00 on Sundays.

AGN2 in front of the core opens the maintenance path only in that 2-hour window. Auto-close fires before market open Monday. No leftover state.

Compliance demands proof that admin access to SWIFT is time-boxed.

AGN1 audit log shows the exact open/close timestamps per access window — physical, not policy. Includes the SMS / app trigger that opened the window.

Trading desk runs an emergency intervention on Friday at 18:00.

On-demand SMS opens the admin path for 30 minutes. Window auto-closes at 18:30. No 'we'll lock it down on Monday' state.

Recommended setup

AGN2 on the rack. AGN1 per machine.

A typical mid-sized site uses one rack-mount AGN2 for vendor and admin networks, plus per-machine AGN1 units on the lines that matter most.

AGN2

Server room — between core banking and admin/back-office networks

Typical · 1–2 racks

AGN1

Per system — SWIFT, trading rigs, compliance export servers

Typical · 3–8 units

AGN1

Audit log export — between archival store and compliance auditor

Typical · 1 unit

What changes

After rollout, four things stop being possible.

AirGapNet is a hardware switch, not a policy. The change is measurable from the network side, not just in process documents.

Admin access is time-boxed at the hardware layer, not the rulebook
Audit findings around 'always-reachable management ports' close out
End-of-day windows return to a physical break before market open
Per-system audit log captures every window open/close locally

Go deeper on the Finance angle.

Concept

When a firewall fails, the path stays up. A hardware switch is different.

Every software control assumes the path exists. When the rule misfires, traffic still has somewhere to go. A relay on the line fails the other way — and that changes the security outcome.

Read article

Field notes

How to retire the always-on vendor VPN

The vendor account that opens one CNC in practice has line-of-sight to the whole subnet. A field guide to replacing the permanent integrator tunnel with a scheduled physical window.

Read article

Field notes

OT maintenance windows: closing is the hard part

Opening a maintenance window is easy. Closing it on time, every time, is the part incidents are made of. The pattern where the close runs on a timer, not on an operator remembering.

Read article

Or read across all of it:How it works Case studies Full blog

Pilot with your bank

Start with one back-office system, one nightly window.

We pick the system with the strongest audit finding, ship a single AGN2, and run one full maintenance window with your operations team.

Request a pilot Other industries