Bank aims to link scanning and patching

News

Bank aims to link scanning and patching

Bill Goodwin
Standard Chartered Bank is developing technology to speed up and prioritise its patching processes, as pressure grows to protect systems from new vulnerabilities before hackers can exploit them.

The bank is concerned that the time between new vulnerabilities being discovered and hacking tools which exploit them appearing on the internet has fallen from weeks to hours, leaving IT systems more exposed than ever.

Standard Chartered is developing a security system that will combine risk analysis of its networks and software with vulnerability scanning, allowing it to prioritise patching to the most business-critical systems.

The system, which it hopes to have in place by the end of the year, will eventually model the behaviour of security threats, such as worms and denial of service attacks. It will automatically identify which systems are likely to be most vulnerable when a new threat appears.

Standard Chartered has spent the past 12 months developing a risk database, dubbed "Riskwise", to build up a profile of the risks associated with each new software development.

The database covers 50 of the bank's 450 applications and it will be extended to cover the remaining legacy systems by the middle of next year, said John Meakin, group head of information security at the bank.

Standard Chartered plans to integrate the database with its Qualsys vulnerability scanning system to create a system capable of identifying vulnerabilities and prioritising repair work.

"We want to have a comprehensive picture of risk. When a zero-day attack comes along, you need that kind of modelling," said Meakin.

Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy