Insurance Vulnerability scanning patch management and auditing solution

Background Information

The Client is wholly-owned by The Client’s banking and financial group under a conglomerate.  The company controls 14 listed companies involved in the financial services, manufacturing, distribution, property and infrastructure development. The group’s shares are listed on stock exchanges of Malaysia, Singapore, Hong Kong, Manila and Europe. It has a business in General Insurance and Life Insurance at the time during the project.

Previously their IT security unit used an open source and separate manual tool for network vulnerability scanning, patch management and software auditing for the vulnerability assessment and reporting purpose. It is highly inefficient and ineffective due to intensive manual operation required. All the parties involved take note that it is much better to implement an automated and integrated network vulnerability scanner, patch manager and software auditing software for the operation to generate standard and consistent reports that are easy to compare across the time period and prevent human error in the scan, patch and audit process.

Solution Overview

Proposed solutions include integrated network security scanner that provide network vulnerability scanning, patch management and software auditing functionality required and subscribed for ongoing software update subscription and local product phone and email support service as a total solution package.

Solution Architecture

The proposed solution was used to check the client network for possible security vulnerabilities by scanning the entire network for missing security patches, service packs, open shares, open ports, unused user accounts and more. With this information (displayed in customisable graphical reports), the client used it to easily lock down the network against hackers. It is also used to remotely deploy missing service packs and patches and custom/3rd party software and patches in applications and OS network-wide and perform patch auto-download and patch rollback. Furthermore, it was used to perform network and software auditing and management reporting and compliance purposes.

Solution Benefits

• Replace manual and open source network security vulnerability scanner, and replace with scanner that is capable of not just scanning and reporting vulnerabilities, and capable to deploy patches on demand and conduct software auditing for the internal auditing operation.
• Network security scanning, patching and auditing process automation. The proposed solution allows automate and schedule scanning to save administrators significant time by automating routine security scanning, patching and auditing operations with minimal human intervention.
• Deliver security benefits. It provides up-to-date vulnerabilities database, patch and service pack in a single solution.

E-SPIN value added services (VAS) engage for the project:

• Enterprise consultancy based on the project requirements and subsequent project supply and maintenance support during the project period.

We hope the case Insurance Vulnerability scanning patch management and auditing solution, will help for those who are looking for the solution with similar context. Feel free to contact E-SPIN for your project requirements and discussion session, we see what we can duplicate the project success to your unique case.