How Financial Services Firms Can Mitigate Risk and Ensure Compliance Through Automate Network Testing

By Anil Kollipara, Vice President of Product Management, Spirent Communications

For financial services firms, a secure, resilient, compliant network infrastructure has long been a top imperative. Today, as digital transformation upends traditional IT supply chains and new cyber threats emerge, the stakes are even higher. Even a short outage caused by cyberattacks, software updates, or supply chain failures can disrupt essential services, putting customers at risk, damaging reputations, and impacting the bottom line. In 2024, the CrowdStrike outage caused by a software update error cost the banking sector an estimated $1.15 billion.

As risks grow and the pace of change accelerates, government and industry regulators are responding with new regulations to protect the reliability of critical infrastructure. For example, the Digital Operational Resilience Act (DORA), introduced by the European Union, became active in January 2025. Designed to ensure that financial services firms can respond to and recover from cyberattacks and other disruptions, it requires institutions to report incidents within hours and conduct operational security resiliency testing. DORA also defines stringent test methodologies, from network security and vulnerability assessments to end-to-end information and communication technology (ICT) testing. Organisations that fail to comply could face fines, remediation, and violation reports.

Network resilience is challenging in dynamic, distributed environments

Although compliance testing is a critical process for strengthening network resilience and business continuity, today’s enterprise environments are increasingly distributed and diverse. Workloads and storage are no longer isolated in the data centre but extend across multiple sites and cloud environments. Infrastructures are enabled by extensive, interdependent supply chains that rely on third-party solutions and services such as public cloud, Secure Access Service Edge (SASE), connectivity, and more.

The traditional network perimeter has become a thing of the past, and gaining visibility, managing, and protecting these distributed environments is more complex than ever. The challenges only escalate when it’s time to introduce new technologies into these fast-changing, complex environments.

Moving beyond the limits of manual testing

As digital transformation redefines enterprise networks, it’s clear that past approaches to resilience testing can no longer meet today’s expectations. Traditionally, organisations looked to their vendors to thoroughly test solutions before deploying them to their data centres and branch sites. But as enterprise networks evolve, legacy approaches to testing and validating them are no longer effective.

Modern supply chains are based on multiple vendors delivering a nonstop torrent of software versions, updates, and patches. In this dynamic environment, vendor testing alone is not sufficient; it’s up to financial services organisations to take responsibility for assuring end-to-end resilience across their infrastructures. However, current manual testing methods face significant challenges, such as:

• Isolated testing approaches: Enterprise resiliency testing often takes place in siloed environments by different teams, each with a different focus, making it difficult to manage infrastructure changes in a unified, strategic way.
• Redundant, inefficient processes: Separate teams performing tests in multiple labs can hamper efficiency.
• Slow, manual test cycles: Manually created test cases and sporadic testing can take months, making it difficult to keep pace with changes and increasing the risk of incidents and outages.
• Lack of automation: Traditional testing methodologies are not integrated into a continuous integration/continuous delivery (CI/CD) pipeline, making it challenging to validate changes seamlessly.
• Limited test scope: Most current testing approaches are narrow in coverage, focusing only on validation of discrete functions, without considering other critical factors like performance and resilience under changing loads, evolving security threats, and other dynamic conditions.

Today’s complex, fast-changing enterprise networks require new tools to efficiently and cost-effectively test the resilience of today’s test loads at scale.

Automating for improved resiliency

How can organisations put themselves on a path to operational resiliency? A strategy based on test process automation is essential. Automation empowers organisations to support the speed, scale, and accuracy that complex distributed enterprises demand.

Automation also lets organisations test multiple scenarios continuously. This is critical because a robust approach to operational resiliency should support continuous testing, from lab environments to live deployments.

In a complex supply chain, even a small change in the network could disrupt operations. Changes should be tested automatically, considering the full context and variables of the entire network and its traffic, before being deployed to production.

Most traditional testing technologies and scripts aren’t designed to evaluate network resilience, so specialised tools like emulators and digital twins will be required. Emulators enable IT to vary test traffic, without the time and expense needed to create a test network in a lab. Digital twins also facilitate testing by simulating real-world scenarios to test operational resilience accurately.

Choosing the right platform is critical. A modern operational test platform should:

1. Fully automate end-to-end delivery through design, certification, and deployment
2. Replicate real-world challenges and scenarios to test and minimise risk accurately
3. Provide resilience and non-functional testing
4. Test continuously to reduce outages
5. Speed certification of software updates and patches to accelerate deployment
6. Enable consistent deployment and validation to maximise quality

Applying the AI advantage

AI is unlocking exciting outcomes across every industry, and resilience testing is a powerful showcase for its capabilities. As part of an automated, continuous testing solution, AI can deliver major benefits for financial services companies. It can enhance efficiency by making more innovative test selections, to help organisations determine the best test cases to run in a specific change or situation.

The technology can also accelerate root cause analysis by quickly identifying the exact cause of failures. It can communicate the cause of issues and associated context, such as logs, to technicians, to minimise mean-time-to-repair. To further mitigate risk, AI can also apply insights to predict future failure patterns before they happen.

Minimising risk and enabling innovation

Financial services remain a competitive, fast-moving market environment where minimising risk is paramount. By adopting a strategy of automated, proactive, continuous operational resilience testing, financial services firms can mitigate risk, meet their compliance mandates, and maximise business continuity. They can also sharpen their competitive edge, freeing their IT teams to work more efficiently, innovate faster, and deliver new products, services, and value to their customers.