Our WAF has a new user interface – for more intuitive and efficient use. Learn more

IT security for BaFin-regulated crypto custody

SUCCESS STORY

Finoa

Industry: Fintech

Employees: > 50

Finoa operates as a financial institution for cryptocurrencies in a highly regulated sector. Founded in 2018 and based in Berlin, the fintech acts as a crypto custodian. Finoa offers its customers a custody solution for more than 185 crypto assets - from Bitcoin and Ethereum to new protocols such as MINA, NEAR and FLOW.

The technology for the custody and management of crypto assets requires the highest level of IT security and data protection. The accounts of Finoa customers must be protected against unauthorized access, sabotage and manipulation, as crypto assets are coveted prey for cyber criminals.

Download case study

The challenge

DDoS protection in line with strict financial regulation

To expand the protection of its crypto platform, Finoa opted for managed services from Myra Security at the end of 2021. The German provider's security-as-a-service solutions protect Finoa's web applications from distributed denial-of-service (DDoS) attacks and malicious tampering attempts.

As a regulated company, it is crucial for Finoa to rely on a GDPR-compliant provider from Germany with extensive industry expertise when outsourcing cybersecurity services. Myra meets these requirements in full. As a specialist provider, Myra supports customers from the financial industry with ready-made contracts to eliminate administrative hurdles in advance.

The solution

Industry expertise as a catalyst

Finoa relies on a holistic protection concept to secure its crypto platform. Myra secures the fintech's services against cyberattacks at application level (layer 7). As Finoa has also classified Myra's Security-as-a-Service services as essential outsourcing, this is subject to strict regulatory requirements. Such IT outsourcing must meet the requirements of the KWG (German Banking Act), BAIT (Banking Supervisory Requirements for IT), MaRisk (Minimum Requirements for Risk Management) and FISG (Financial Market Integrity Strengthening Act). Since going live, Finoa has benefited from a comprehensive protection concept for its platform, setting new security standards for crypto custody.

Michael Heinks

Chief Risk & Compliance Officer

In Myra, we have found a servie provider that not only has the necessary technical expertise to secure our platform, but who also actively supports us in compliance issues. This support helps us enormously in complying with the increasingly strict regulatory requirements."

The implementation

Managed security for a holistic protection concept

Myra secures the Finoa solutions fully automatically using DDoS protection at application level, Hyperscale WAF and Deep Bot Management. The systems are concealed from attackers behind a multi-layered filter system that only allows valid access. Myra's global content delivery network, which uses RAM caching to achieve low latency, short page load times and stable performance - even during unforeseen load peaks - ensures high-performance content delivery. With this technology, Finoa can react to even new types of threats or zero-day vulnerabilities in the shortest possible time to ensure the protection of customer accounts.