Case Study: How a Global Bank Visualizes Cybersecurity Risk with Tripwire® Connect

Vault door with binary code

Industry:Financial

Headcount:88,500

Customer Since:2005

Solution:Tripwire® Enterprise, Tripwire IP360, Tripwire Configuration Compliance Manager, Tripwire Connect

As a major institution that’s been in business for more than 150 years, this bank is no stranger to adapting to changing technology. They bring reliable personal, business and investment banking to 25 million customers worldwide. With a footprint of this size, it’s difficult to achieve satisfactory visibility across complex IT systems.

Challenge: Tedious Manual Dashboards

Before finding their solution in Tripwire, the bank used a manual dashboarding system as their primary source for understanding their overall risk from both SCM and VM data.

As this was their cybersecurity program’s key foundational control, it could not be done away with—but something definitely needed to change, since a number of looming technical and organizational issues made their DIY dashboards an unsustainable project.

    Organizational challenge:

    Like many large companies, this bank tracks risk across several disparate business units. Across the entire organization, each unit is responsible for a KPI requiring them to stay below a certain vulnerability score threshold and a minimum of security compliance for their assets. Their manual dashboards were a driver of determining this KPI, but presenting this data consistently and accurately was a drain on resources.

    Technical Challenge

    A common problem in IT results when a specific employee creates a customized system that functions well—but when that employee leaves the company, no one has the necessary wealth of knowledge to keep it running. This was the case for this bank’s customized dashboarding system after its creator’s retirement. The system was running old versions of Windows and databases along with a legacy UI framework. Someone well-versed in SQL had to build the custom reports, and it was not flexible for the growth of the organization. In addition, migrating to a distributed architecture meant their old dashboard could not keep up with the evolving set of data sources.

 

These challenges drove the bank’s decision to look for a commercial product with a modern, interactive interface to display the entire organization’s risk scores, including drill-down visibility into individual business units’ scores. Like many companies in the financial industry, it became necessary for this bank to access their total organizational cybersecurity picture within a single pane of glass.

Solution: Tripwire® Connect Dashboards

Tripwire Connect was the perfect upgrade from their previous manually-created dashboarding system. Because the bank was already relying on Tripwire Enterprise for SCM and Tripwire IP360 for VM, Tripwire Connect bridged both data streams with the option of side-by-side data for both security controls.

The bank began implementation through Tripwire’s early access program for nine months. Tripwire’s flexible, unlimited licensing also simplified the process by packaging Tripwire Connect along with the core solutions they already had in place, aiding in vendor consolidation and significant cost savings.

Tripwire Connect Screenshot

Results: Authoritative Source for Risk Visibility

Tripwire Connect consolidates data from multiple consoles to present a unified picture of the bank’s security posture. By viewing their Tripwire Enterprise and Tripwire IP360 data side by side, they can now evaluate the compliance posture of their assets, the changes to those systems, and the vulnerabilities discovered in their environment simultaneously.

In moving from a custom, in-house application to an enterprise-supported platform, this bank now benefits from a dashboard with rich data along with an updated user interface. Tripwire Connect also gives them the flexibility to customize specific reports and dashboards to meet the requests of their business units. They have even created their own customized summary risk scoring formula that they use based on a variety of factors including vulnerability risk and compliance posture. They also leverage individual dashboards within Tripwire Connect so each of their business lines can maintain visibility on their individual security KPI performance.

Visualize Your Risk with Tripwire Connect

Tripwire delivers the security and compliance solutions that give you a substantial advantage in today’s complex cyber threat landscape. Learn more about the benefits of customizable dashboards and reporting with Tripwire Connect today.