Case Study
Multinational bank reduced security issues by 67% with streamlined infrastructure patching
OUR CLIENT
With origins dating back more than a century, this bank has evolved from a local credit agency to one of Europe's leading lenders. The company has operations in more than 200 countries and generates approximately £500 million annually.
THE CHALLENGE
Disorganized security update processes led to gaps in patching coverage
The bank’s in-house security team struggled to manage IT infrastructure security patches. Because the team didn’t have strong governance processes, especially to track exceptions and exempt assets, haphazard security patching processes left some infrastructure vulnerable to security breaches. Meanwhile, when the IT team unexpectedly changed the infrastructure environment without documentation, the security team couldn't identify and prioritize updates easily.
THE TRANSFORMATION
Meticulous assessment and asset inventory informed design of new security patching processes
UST conducted an infrastructure asset inventory and thoroughly analyzed the bank’s security patching processes and infrastructure coverage. Armed with that information, UST compiled a detailed report outlining gaps and provided a mitigation plan to resolve the issues. Our security experts worked with company stakeholders to measure vulnerabilities accurately, define an end-to-end vulnerability management lifecycle process, and implement policies to manage patches and security exceptions. To support the new governance policies, UST also tagged every asset in the bank’s infrastructure estate to ensure the items were included in the new patching program. With new vulnerabilities identified, the internal security team has successfully mitigated the risks by following the new security patching processes.
THE IMPACT
New security patching governance policy eliminated vulnerabilities by 67%
With the new processes in place, the security team achieved these results:
- 67%—reduction in overall vulnerabilities through continuous remediation
- 57%—improvement patch compliance
- <1%—patching exceptions thanks to the new management protocols
RESOURCES
https://www.ust.com/en/industries/financial-services
https://www.ust.com/en/what-we-do/digital-transformation
https://www.ust.com/en/what-we-do/strategy-implementation-operations