Large Banking Organization Enhances Their Information Security Posture

DOWNLOAD PDF

Financial Industry Security Challenges

Today, security has become more complex for the financial industry with the progression of technology and moving to the cloud. Identity and data theft are still on the rise, and data compliance regulations are still trailing behind the quickly moving threat landscape. The banking and financial services industry are heavily regulated, and those mandates are ever evolving. Waiting for a regulation to go into place to drive security innovation and fully secure the business is no longer an option if a financial institution wants to retain its customers’ trust, as well as gain a competitive edge.

Supply and demand isn’t just something that affects tangible goods and services, it also affects the job market. The threat landscape moves at lightning speed, and keeping up with it is next to impossible if you don’t have the right strategy, people, processes, and cutting-edge technology in place. Organizations are finding it hard to achieve their security goals with the supply of highly qualified security experts being low and the demand astronomically high.

Financial institutions rely on third-party vendors to help them accomplish particular security goals, such as protecting websites or operational software. Our client’s Information Security Officer (ISO) shared, “Relying on third-party service providers is becoming more and more of a necessity. While this takes the responsibility somewhat off of the institution, it still requires intensive due diligence and risk management of these providers. No one wants to be a Target or Home Depot.”

Compliance mandates can’t keep ahead of the threats, and security leaders struggle with what to do in the meantime.

Solution

According to the bank’s ISO, “Initially, I needed to get the lay-of-the-land and find out where we were susceptible to an attack so we could prioritize what technology to invest in upgrading or replacing first. Knowing our vulnerabilities and managing them to protect our infrastructure from being hacked was key to building an innovative, cutting edge foundation our customers deserved.

This was 10 years ago so we needed the best product for the best value and price starting out. The more success I was able to prove, the more budget I was able to get to continue to implement new security solutions. It was evident at that time we would need to constantly innovate to try to stay ahead of new threats, and of course that still rings true today.”

As this financial institution was selecting a vendor, they had a set of criteria. They wanted:

  • A partner and someone proven and trusted in the industry already.
  • Solid tech but also great service because this was going to be a marathon, not a sprint, to ensure everything was the best of the best within their budget.
  • Clear, automated reporting that could be easily presented at a detailed or high level to the board and C-levels in order to explain their security story’s bottom-line.
  • A managed service to cover all the bases while they grew the team.
  • Solid technology that was dependable, reliable, constantly innovating and cutting-edge, as chasing down false positives would slow them down from reaching their security goals.
  • Robust, user-friendly technology that wasn’t just a scanner but actually part of the bigger vulnerability management picture
  • A personal touch with advisory partnerships so they could have guidance as they constructed the security program.
  • A one-stop-shop for vulnerability management, penetration testing and social engineering to identify risks.
  • Time to value. In the beginning, there wasn’t a big budget and they needed to crawl before they could run. The ISO needed a solution that could help create benchmarking, establish KPIs for success, and show overall value quickly.

“What’s great is that 10 years later, I’m still pleased with the decision to go with Fortra Vulnerability Management.”

Vulnerability Scanning – As a Managed Security Service, Fortra VM provides the same industry leading vulnerability scanning solution subscription as Fortra Advanced Vulnerability Scanner, but adds a Personal Security Analyst (PSA) to help lift the burden of vulnerability management.

Social EngineeringFortra Social Test creates conditions and scenarios that lure personnel into engagement – just as if driven by a crafty cyber attacker. Techniques can include phishing calls, targeted emails, and more. Findings are used to educate employees on how to become more astute at discerning legitimate human engagement from trickery.

Internal and External Penetration (Pen) Testing – Performed by trained and certified security analysts, our ethical hackers utilize proven penetration testing methodology and industry best practices to get into the mind of a malicious hacker to find weaknesses the way they do. Our pen tests provide clarity around which vulnerabilities are truly exploitable, and which ones could lead to critical data compromise.

Results

Their ISO shared, “What is great is that 10 years later, I’m still pleased with the decision to go with Fortra. The relationships I have with the people in their organization are strong, and their solutions and guidance help me stay successful in my role by protecting our organization’s customers. Fortra helps me measure my overall risk and where I should focus remediation efforts, with the benefit from clear, easy-to understand reports.

I’ve worked with other vulnerability management vendors in the past, but Fortra has remained tried and true. They have continued to meet our evolving criteria and know my company’s needs well to help us see what is coming on the threat horizon. Fortra aids me in continuing to strengthen my security posture. Not to mention, the proof is there when I have to attest compliance to examiners. Their solution is superior to others I’ve used and they continue to commit to making it better.”

Solution Spotlight

Our market leading platform’s key features include:

  • Fully and seamlessly integrated with Fortra RNA™ – the industry’s most thorough and accurate vulnerability scanner.
  • Advanced filtering of recurring scans to easily identify new risk areas.
  • Robust reporting with clear, actionable remediation guidance.
  • Fortra Security GPA® – unique, but simple security rating scorecard which reflects each and every improvement – with an appropriate ‘relative’ score – as vulnerabilities are assessed, and active remediation is performed. Unlike other vulnerability scoring algorithms, Security GPA takes into consideration whether a scanned device is an iPhone, a Domain Controller, etc. – and then rates them accordingly.
  • Integrated compliance auditing.
  • Patented, endpoint scanning correlation that eliminates “network drift”.
  • Lightweight, agentless scanning minimizes network and endpoint footprint.
  • Industry leading customer support lauded by clients for its responsiveness, expertise, and professionalism. Needs are met from the get go and throughout the life of the relationship.