Growing virus threat prompts bank to outsource network security monitoring

Standard Chartered Bank is to bolster its defences against internet-borne viruses by outsourcing the monitoring and analysis of...

Standard Chartered Bank is to bolster its defences against internet-borne viruses by outsourcing the monitoring and analysis of its network and firewall traffic across 500 sites worldwide.

Security specialist NetSec will provide early warnings of hacking or virus attacks, a move the bank said would dramatically reduce threat response times.

A combination of increasing regulatory pressure and shortages of qualified security staff led Standard Chartered to opt for outsourcing.

John Meakin, group head of information security at the bank, said the three to five-year deal would allow Standard Chartered to reduce system downtime after virus attacks and make large savings on clean-up costs.

"The increase in worms and the increase in exposure of our systems to the internet means we have to do more monitoring just to have confidence that we remain secure," he said.

The bank decided to outsource when it became clear that IT staff were unable to analyse the increasing volume of data generated by a growing army of intrusion detection systems and firewalls effectively.

NetSec will initially analyse data feeds from 42 firewall and intrusion detection networks and provide management summaries to IT staff in the bank through a secure portal.

The firm will alert the bank to serious threats within four to six hours and provide help and advice on mitigating the threat if necessary.

Standard Charted plans to extend its security monitoring by hiring other security management firms to police links with stock exchanges, suppliers and customers.

It also has plans to improve detection of hacking and other suspicious activities by combining data from firewalls and intrusion detection systems with network and system configuration data.

The contract with NetSec is partly driven by the need to demonstrate to financial regulators that the bank's systems are secure, but it goes beyond current regulatory requirements, said Meakin.

Other financial services companies that outsource security monitoring include Lloyds TSB, JP Morgan, Bank One, Delaware Bank, and Putnam Investments.

Standard's IT and security

  • Range of platforms, including mainframes, Windows and Linux
  • Dragon intrusion detection systems supplied by Netegrity
  • Checkpoint, Netscreen and Sunscreen firewalls.

Read more on IT risk management