For hackers and other threat actors, this global banking giant is a whale of a target: thousands of employees, with many working remotely; hundreds of locations worldwide; multiple data centers; and more than 1,000 mission critical applications.
Until a few years ago, the bank had augmented the cybersecurity expertise of its internal Computer Emergency Response Team (CERT) team with outsourced monitoring of its firewalls, intrusion detection, vulnerability management and log retention. But the process by which security alerts were handled was deficient. It involved a third party, which would dispatch an alert to a regional data officer. This person would assign the alert to an asset owner, who often lacked the security expertise needed to properly address the intrusion or security issue. These hand-offs took time and could involve miscommunications, leaving potentially disruptive matters to do more damage.
In 2013, an outside consultant to the bank carefully analysed its security requirements and found the internal security team to be insufficient in size for the global scope of its operations. In response to this report, the bank issued a tender for engaging a qualified cybersecurity provider able to provide managed security services globally. The winning candidate would also have to field a team of security experts who could work from inside the bank’s organisation — as a SecureWorks Cyber Threat Operations Center (CTOC) — in close collaboration with its CERT team.
Read the case study to find out more.