http://www.computerweekly.com/articles/article.asp?liArticleID=130309 By Bill Goodwin Tuesday 4 May 2004 Standard Chartered Bank is developing technology to speed up and prioritise its patching processes, as pressure grows to protect systems from new vulnerabilities before hackers can exploit them. The bank is concerned that the time between new vulnerabilities being discovered and hacking tools which exploit them appearing on the internet has fallen from weeks to hours, leaving IT systems more exposed than ever. Standard Chartered is developing a security system that will combine risk analysis of its networks and software with vulnerability scanning, allowing it to prioritise patching to the most business-critical systems. The system, which it hopes to have in place by the end of the year, will eventually model the behaviour of security threats, such as worms and denial of service attacks. It will automatically identify which systems are likely to be most vulnerable when a new threat appears. Standard Chartered has spent the past 12 months developing a risk database, dubbed "Riskwise", to build up a profile of the risks associated with each new software development. The database covers 50 of the bank's 450 applications and it will be extended to cover the remaining legacy systems by the middle of next year, said John Meakin, group head of information security at the bank. Standard Chartered plans to integrate the database with its Qualsys vulnerability scanning system to create a system capable of identifying vulnerabilities and prioritising repair work. "We want to have a comprehensive picture of risk. When a zero-day attack comes along, you need that kind of modelling," said Meakin. _________________________________________ ISN mailing list Sponsored by: OSVDB.org
This archive was generated by hypermail 2b30 : Tue May 04 2004 - 06:59:16 PDT