Securing Icelands largest bank from scanning to business risk management
Landsbankinn (literally "the national bank") is an Icelandic bank headquartered in Reykjavík. It is one of the largest banks in Iceland and the history of its predecessor goes back to 1885.
Industry: Banking Employees: 1200 Customer Since: 2014
Products: SWAT, OUTSCAN, Professional Services, Red / Blue Team Exercises
What is important to focus on when you are choosing a vulnerability management tool?
We needed to ensure our new vulnerability management program was reliable. In our evaluation, we found differences in simplicity, quality, and human factors that could have a big impact in reliability of results.
What issues needed to be solved?
We were interested in establishing a vulnerability management program. We needed to address security threats and compliance, but also wanted to understand how existing vulnerabilities could be used against us in any kind of attack. We were interested in the efficiency of moving from vulnerability identification to resolution through patching.
Why did you choose Outpost24?
When Landsbankinn thoroughly evaluated Outpost24 for the essential activities, we gave priorities within the frameworks that were up to date and continuously secure. Additionally, the solution had to address our compliance requirements.
Advancement to becoming a mature security organisation
Landsbankinn is a great example of a financial organisation taking the shift in focus from reactive to proactive security measures.
The introduction of a continuous process of vulnerability detection and enablement of reporting security process to management provided an internal proces for documented and formal operational security strategy towards more scale and automation.
The vulnerability management solutions provided by Outpost24 were a big part of the enterprise security technology architecture with emphasis on prevention, detection and response.
“We needed to get a true picture of our vulnerabilities if we wanted to eradicate them and have a secure environment.”
How did you prepare for adapting a vulnerability management program?
Since we already had a vulnerability management software in place, it was more of replacing the existing technology and collaborating with Outpost24. This is where Outpost24’s knowledge was a real asset during the testing phase, which in turn made the transition a smooth process.
”In our evaluation of the different major vendors and tools, Outpost24 came to our notice when reading about their then recently launched web application security tool, SWAT, a hybrid of manual pen-testing and an automated scanner - basically a product we did not know existed. Our focus was to find an upgraded solution as a top-level goal of becoming a frontier of peers securing our customers and business. We acknowledge that security is a part of the business we do - so why not go for the best.”
How does Outpost24 fit within IT Security setup?
Outpost24 has a great depth of knowledge about security topics. Their willingness to share this knowledge has been a major benefit for our team to improve our programs and security posture, which is why we began an educational Red Team Exercise.
What are the main benefits Landsbankinn has experienced from using Outpost24’s solutions?
When we installed Outpost24 in our application environment, our security operations team really appreciated the ease of use of this tool, its speed to perform scans, and the flexibility to match of internal process.
What lessons would you suggest to others planning to invest in vulnerability management?
There are various aspects that need to be taken into consideration. For example, finding a reliable partner that is willing to share experiences with you is key. Also, a solution that integrates well within your current processes and procedures. And lastly, having an approach that brings results and reports that you can fully trust is vitally important.
Which benefits has your vulnerability management program brought to you?
We have had challenges in explaining the vulnerabilities to our developers. Working with Outpost24 has simplified the task of convincing them to close the gaps.