Over the past two years the bank has developed a risk profile for the applications it runs across its network using Riskwise, an in-house-developed tool that allows it to prioritise which IT systems to patch first when a security notice is issued.
It is now using Riskwise in conjunction with a vulnerability scanning service from Qualys. The supplier monitors the bank's networks and reports misconfigured IT systems that could be exploited by a hacker.
This feedback allows Standard Chartered Bank to continuously assess whether an application could be attacked and update its risk profile, and so prioritise patching.
With more than 30,000 desktop PCs and 2,500 servers at the bank, John Meakin, global head of information security at Standard Chartered, has to make a decision each time a new security alert is issued about whether to dedicate his entire team to patching all machines or patch over a longer period and remain open to the risk.
"We would like to discover with Qualys whether there are problems with configurations and feed this back into an updated map of the risk that is present on the network," he said.
Infosecurity: Lead from the top >>