[ISN] Bank aims to link scanning and patching

From: InfoSec News (isn@private)
Date: Tue May 04 2004 - 04:20:57 PDT

  • Next message: InfoSec News: "[ISN] Schools plan security test lab"

    http://www.computerweekly.com/articles/article.asp?liArticleID=130309
    
    By Bill Goodwin 
    Tuesday 4 May 2004 
    
    Standard Chartered Bank is developing technology to speed up and
    prioritise its patching processes, as pressure grows to protect
    systems from new vulnerabilities before hackers can exploit them.
    
    The bank is concerned that the time between new vulnerabilities being
    discovered and hacking tools which exploit them appearing on the
    internet has fallen from weeks to hours, leaving IT systems more
    exposed than ever.
    
    Standard Chartered is developing a security system that will combine
    risk analysis of its networks and software with vulnerability
    scanning, allowing it to prioritise patching to the most
    business-critical systems.
    
    The system, which it hopes to have in place by the end of the year,
    will eventually model the behaviour of security threats, such as worms
    and denial of service attacks. It will automatically identify which
    systems are likely to be most vulnerable when a new threat appears.
    
    Standard Chartered has spent the past 12 months developing a risk
    database, dubbed "Riskwise", to build up a profile of the risks
    associated with each new software development.
    
    The database covers 50 of the bank's 450 applications and it will be
    extended to cover the remaining legacy systems by the middle of next
    year, said John Meakin, group head of information security at the
    bank.
    
    Standard Chartered plans to integrate the database with its Qualsys
    vulnerability scanning system to create a system capable of
    identifying vulnerabilities and prioritising repair work.
    
    "We want to have a comprehensive picture of risk. When a zero-day
    attack comes along, you need that kind of modelling," said Meakin.
    
    
    
    _________________________________________
    ISN mailing list
    Sponsored by: OSVDB.org
    



    This archive was generated by hypermail 2b30 : Tue May 04 2004 - 06:59:16 PDT