TechTarget

Bank aims to link scanning and patching

Standard Chartered Bank is developing technology to speed up and prioritise its patching processes, as pressure grows to protect...

Standard Chartered Bank is developing technology to speed up and prioritise its patching processes, as pressure grows to protect systems from new vulnerabilities before hackers can exploit them.

The bank is concerned that the time between new vulnerabilities being discovered and hacking tools which exploit them appearing on the internet has fallen from weeks to hours, leaving IT systems more exposed than ever.

Standard Chartered is developing a security system that will combine risk analysis of its networks and software with vulnerability scanning, allowing it to prioritise patching to the most business-critical systems.

The system, which it hopes to have in place by the end of the year, will eventually model the behaviour of security threats, such as worms and denial of service attacks. It will automatically identify which systems are likely to be most vulnerable when a new threat appears.

Standard Chartered has spent the past 12 months developing a risk database, dubbed "Riskwise", to build up a profile of the risks associated with each new software development.

The database covers 50 of the bank's 450 applications and it will be extended to cover the remaining legacy systems by the middle of next year, said John Meakin, group head of information security at the bank.

Standard Chartered plans to integrate the database with its Qualsys vulnerability scanning system to create a system capable of identifying vulnerabilities and prioritising repair work.

"We want to have a comprehensive picture of risk. When a zero-day attack comes along, you need that kind of modelling," said Meakin.

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close