Ensuring IT Security Through Patching at a Major Bank
How do security breaches happen? Often, they occur when malware finds an opening in software that was not updated – and that’s where patching comes in. Patches are software updates that are designed to prevent computer viruses and other security threats.
For a busy IT executive working long hours on high-priority projects, it can be easy to postpone the regular, necessary, routine activity of applying patches. Making time in a busy schedule to do updates may seem like a bother: something that takes time away from more important activities. But what is more important than protecting the vital computer assets you rely on for your company’s mission critical activities?
The CTO of security at a major investment and corporate bank had this exact problem. Faced with multiple competing priorities, he wanted to ensure that regular, on-time patching of the bank’s IT assets was taking place at every branch, location, and endpoint. To remedy the situation, he turned to experts at SoHo Dragon, a vendor the bank was already working with.
The SoHo team had a huge task ahead. The job involves monitoring of multiple assets including Windows servers – for CPU, RAM, disk load, and services – as well as daily health checks of messaging solutions, email, and directories across 1,500 servers and 4,000 virtual desktops. The team took a holistic look at all the aspects of the bank’s IT infrastructure to determine what needed regular updates, and which – if any – assets could not be updated and were slated to be retired. To ensure that scheduled patches would be accomplished, they put in place a process to monitor, manage, schedule, and apply updates as required. Various solutions are used to monitor and schedule patching, such as Microsoft System Center Configuration Manager (SCCM), Proofpoint for email, OpsRamp for monitoring, and more. With personnel located in Lithuania and India, SoHo can accommodate work schedules and assign updates to take place on weekends to avoid interruptions to bank business.
Monitoring for malware and patching needs to be an ongoing process to be effective. With a system in place, the SoHo team continues to manage the security of the bank’s IT assets to guard against intrusions, and the progress so far has been good. At the inception of the project 10-15% of servers tested failed to have the patches required. Working closely with bank personnel, the SoHo team reduced failures to 2% and is fast approaching a rate of 0%.
Compliance & Security
M365, Windows, SCCM, Proofpoint, OpsRamp
Set up a process to monitor, manage, and schedule updates
Security vastly enhanced