Vulnerability Assessment Software Upgrade Lets CUs Control Scans
Credit unions can immediately get their hands on vulnerability assessment data and can control network scanning with last week's general release of Frontline 3.0, a subscription-based vulnerability management service offered by Digital Defense, Inc.
"Digital Defense has put the power into the customer's hands," said MaryAnne MacIntosh, Information Services security advisor at $700-million State Employees Credit Union of Michigan (SECU).
The Digital Defense upgrade was crafted largely in response to credit union requests, said Joe Cooper, CEO at the San Antonio, Texas-based security firm. Most of Digital Defense's approximately 300 clients are credit unions.
"We focused on the usability of the system," said Cooper. "We figure that with increased usability comes increased use. And with increased use of the system, we can bring increased security."
SECU has employed Frontline every month for five years to scan for security holes in internal and external assets, including firewalls, routers, servers and networks across its 11 branches, said MacIntosh. In addition, SECU conducts an annual Frontline penetration test to simulate hacker activity, she said. The Frontline management portal allows users to identify as well as reconcile vulnerabilities.
Said SECU's MacIntosh: "I now get instantaneous information about all vulnerabilities, and I can schedule my own scans."
"Credit unions can set up their own testing on an on-demand, scheduled, or recurring basis," Cooper added. "Because the scan results are immediately available, a client working on the weekend can employ the results right away."
Prior to moving to Frontline 3.0 in April, MacIntosh had to wait for a Digital Defense analyst to deliver an analysis of each scan. "Now the scans are 100% automated. I can run the scan. I can see the scan. I don't have to wait for somebody."
MacIntosh can get an overall snapshot of SECU's network via the Active View feature, and then schedule scans according to recent installations or configuration changes.
Upper management can also easily get their hands on the network security condition with the new Frontline release, said MacIntosh.
"We wanted the system to be used by more than just IT people," Cooper explained. Executive-level reports offer a "risk-management view of the network," he said.
For example, CEOs might take a look at the system's Calendar View, which presents the scanning schedule according to IP address, vulnerability and date, he said.
In addition, the Reconciliation Utility consolidates the scan results over time and produces a trend analysis, Cooper said. "That way, senior management can answer the question: Is the credit union getting more secure?"
SECU's IT Security Group of seven can fix vulnerabilities listed in a detailed system interface, whereas the CU's internal auditor can log in to executive summaries to conduct risk assessment, added MacIntosh.
MacIntosh said that the reporting functions are saving her time. "Every time I ran a scan with previous versions, it took me six hours to copy and paste the data into a Microsoft Excel spreadsheet for a meeting."
Frontline 3.0 reports can be viewed in HTML, or automatically exported to Adobe PDF or Microsoft Excel files.
Greater control over security vulnerabilities is added comfort as SECU completes a merger with Ottawa County School Employees CU, an $80-million, three-branch credit union based in Grand Haven, Mich., said MacIntosh.
"During the merger, we don't have to wait for Digital Defense to secure our system every time we put a new entity on the network," she said.
The Digital Defense team of security analysts provides up-to-date vulnerability analysis that is integrated into the Frontline 3.0 platform. Credit unions can scan their networks as often as every hour, with subscription services starting at $395 per month.
For more info on this story:
* SECU of Michigan at www.secu.org.
* Digital Defense at www.digitaldefense.net