SAINT Case Study – University Federal Credit Union
Industry – Banking/Financial Services
University Federal Credit Union (UFCU), an Austin based Credit Union, uses SAINT® Integrated Vulnerability Assessment Management solution to implement centralized network vulnerability scanning and penetration testing
The Challenge – University Federal Credit Union (UFCU) has 13 branches throughout its enterprise. In a continuously changing network environment, which relies on software from multiple third-party vendors that must be able to interact seamlessly, managing the security posture of such an environment can be enormously challenging, and very costly in terms of time and resources. Additionally, systems must be secured in a timely manner, and without adverse impact on performance or availability. Selecting tools to provide support for vulnerability management and remediation of such an environment can be equally challenging. The tools must be capable of, not only providing a powerful solution for scanning, analysis, reporting and remediation support, but must do so with minimal impact on the environment and with easy implementation.
The Solution – UFCU selected SAINT products to meet this challenge. SAINT adds value to UFCU’s security program by providing enhanced vulnerability management capabilities. The vulnerability management portion of this program consists of regular network resources scanning to look for new vulnerabilities and exploits that are being discovered daily. Previously, much of this process was a manual effort to scan, remediate, and correlate trends. Now, UFCU uses a combination of SAINT’s SAINTbox™ appliance and SAINT’s integrated vulnerability, exploit, and reporting solution. UFCU can now assign specific tasks and access rights to various staff members, and execute their program using a holistic approach, while distributing task activities through the various functional areas of responsibility. This feature has been of great value to UFCU and directly contributed to reducing the total resource requirements in security management while meeting the overall objectives.
UFCU also needed to use the information collected from the scanning activities and collect evidence necessary to perform the necessary remediation. The level of information provided about vulnerabilities and how to remediate them varies by vendor, as well as different methods of classifying how critical the vulnerability is. SAINT provides a wide selection of resources to research vulnerabilities and, when available, can execute an exploit to lend credence to which vulnerabilities should be addressed first. The results of these exploits are invaluable in determining the impact of the vulnerabilities, and supporting our analysis and remediation processes.
UFCU also needed a robust and powerful reporting capability to support both in-house reporting and external compliance reporting requirements. UFCU uses SAINTwriter to produce important compliance and trend analysis reporting.
Conclusions – UFCU has been able to achieve their strategic goal of implementing centralized network vulnerability scanning and penetration testing.