TARA Client Success

Targeting Evolving Risk at Independent Bank

The Challenge

Banks and Credit Unions are subject to regulations that require them to conduct ongoing network vulnerability scans.

Third party audits are also an integral part of the process as they are used to validate compliance with the defined requirements. Most audits evaluate mitigation practices for vulnerabilities CVSS ranked as Critical and High but generally exclude those classified as Medium and Low. The challenge with this approach is that cyber risk is associated with all levels of vulnerabilities and with limited resources, most organizations struggle with understanding which vulnerabilities they should fix.

Jim McLarty, VP of Cyber and Information Security, at Independent Bank was concerned about the risk associated with all vulnerabilities…not just those being audited. He wanted a solution to prioritize mitigation activities based on real-world risk.

The Solution

Leveraging threat intelligence and predicting the potential impact.

Through ongoing security audits and penetration testing exercises with Plante Moran, Jim understood the impact even minor security gaps could have on Independent Bank. As he searched for a risk-based vulnerability management solution, TARA was an obvious choice as it could ingest existing scan data and deliver a risk context.

To meet the needs of Independent Bank, TARA leverages threat intelligence from the dark web and applies machine learning to predict the potential impact each vulnerability will have on the environment.

The Benefit

Independent Bank addressed their concerns with TARA deployment.

It’s no secret that evolving cyber risk puts any business in jeopardy. Independent Bank addressed their concerns and solved several challenges with the TARA deployment:

  • Remediated high risk vulnerabilities that would have been overlooked using an audit-focused remediation approach
  • Reduced mitigation lead time by prioritizing patching activities based on actual risk
  • Created a sustainable balance between audit requirements and overall risk management