Rapid Security Assessment to Improve Bank’s Infrastructure and Optimize Vulnerability Management Processes2 May
A large banking institution with over 50 branches on the east cost, contacted Neovera to assess their current security architecture. They sought to increase their security posture by optimizing vulnerability and patch management processes.
When the bank first approached Neovera, it was discovered that they were faced with staffing gaps coupled with immature vulnerability management processes and inadequate tools. This resulted in a significant backlog of vulnerabilities. The bank planned to address this backlog and achieve a steady state of minimal to no outstanding vulnerabilities. The idea was via refinement and adoption of a mature vulnerability management and patching program integrated with the overarching IT enterprise architecture roadmap including IT service management tools (e.g., ServiceNow), and ITIL process best practices.
To achieve this goal, Neovera was asked to collaborate with the Senior IT Leadership and Security Team to refine and prioritize scope, skillsets and level of effort, and to develop RACI diagrams supporting a Vulnerability and Patch Management Program.
Once Neovera completed a thorough assessment in conjunction with the bank’s internal team, it was determined that multiple contributing factors were identified across the people, process, and technology domains.
Neovera recommended addressing immediate needs including implementing a 24×7 cross-functional vulnerability and remediation team, a CMDB, centralized tracking of vulnerabilities and patching, developing a simplified IT ecosystem, and adding additional staffing across the bank’s technology landscape.
To address the findings from the assessment, Neovera recommended establishing a multi-layered response that included three key components:
- Cross-Discipline Technical Process & Design IT PMO & Architecture Team
- Vulnerability & Patch Management Program
- 24×7 Cross-Functional Vulnerability & Remediation Team