Can an intranet keep a bank's mission-critical networks up and running? At Bank of America, that's the internal pipeline's newest task.
With the help of eSecurityOnline.com, a Kansas City, Mo.-based ASP, BofA has developed a cost-effective way to help shrink security threats. The $680billion bank has subscribed to eSecurityOnline's Online Vulnerability Service (OVS), which acts like an immune system for the network-identifying vulnerabilities and providing patches to fix them before they become a problem. IT personnel access OVS through the bank's intranet, where an icon takes users directly to a password-protected monitoring system.
"With OVS, we have a single source of information through a portal where all data is aggregated for us," said Rhonda MacLean, senior vice president and director of information protection for Bank of America, Charlotte, N.C. Since going live with the service in July, BofA has streamlined its view of risk applications in a cost-effective manner, MacLean said.
The service provides a central repository for all security-related information, replacing the hundreds of alerts from multiple sources-many of them irrelevant or redundant-that used to plague the IS staff.
"We are no longer inundated with redundant data, and the portal also recommends and provides patches and solutions for risks in our system. This insures that we can address and protect any applications or operations that may be under duress," said MacLean.
The OVS relies on a knowledge base containing more than 2,400 vulnerabilities and solutions for guarding against intrusion and information exploitation. On average, eSecurityOnline's technical staff uncovers up to four new vulnerabilities daily and provides users with a correction patch that's also stored in the repository. "All vulnerabilities are listed by priority based on their risk factor," said Ken Hammond, vice president of business development for eSecurityOnline.com, a spinoff of Ernst & Young.
IT personnel have the option of accepting the patch and continuing mitigation or, if the vulnerability is less severe, of delaying mitigation and adding an alert to the system recommending that the patch be installed at a later date. This aids in reports that show all tasks that are addressed and those that are still pending, Hammond noted.
The number of e-banking customers is expected to triple to 40 million by 2003, Hammond said. That's good news for firms like eSecurityOnline. "This rapid growth is adding transactions, direct access to account information and the funds themselves. Banks need to find ways to harden their security posture enterprise-wide."
The service is just one weapon in BofA's arsenal against security breaches, MacLean said. "The knowledge base is a strong tool for us, but we need to remember that it's not a silver bullet. It most definitely is one bullet in our weaponry and our entire line of defense."
"As we evolve, this system will help us to keep up with the pace and velocity of change in our industry's technology," she added. "Being proactive in protecting our systems lets us focus on what we do well-offering products and servicing our customers."
Pricing on OVS starts at $5,000 for a single user.