Citadel Security
Software
Case Study
Company Name:
Bank of Alameda
Citadel Solutions:
Hercules®
Background
The Bank of Alameda (the Bank)
services were introduced that allowed
commenced operations in March 1998,
access to the network from the outside, the
and its main office is in Alameda, across
Bank was prepared with perimeter network
the Bay from the City of San Francisco.
security, but the CIO knew he had to take
Founded by a group of local business
further steps to ensure a secure network.
professionals and long-time residents
The challenge was how to protect the
spent remediating
from the City of Alameda and Alameda
Bank’s network from attacks that occurred
vulnerabilities
County, the Bank is committed to
ROI:
A 10:1 savings of time
from the outside as well as the
adding value through a high
inside. An employee might
level of personal and
bring a disk from home that had
professional attention. As a
community-based bank, it promotes
a virus on it and inadvertently
infect the entire network. And no matter
relationship banking via communication
how vigilant the perimeter security is, there
between employees and the customer, and
is always the chance that a vulnerability on a
strives to provide a level of service not seen
device could be exploited from the outside.
with large regional or national institutions.
An additional challenge was to maintain a
secure network during the Bank’s growth
Challenge
From the beginning, the Bank has
same. Patching the servers was a job that
implemented high levels of security, going
was doable with the current information
beyond what a bank its size is requested
technology (IT) staff, but remediating the
to do to meet its customers’ needs or is
vulnerabilities on all the workstations in all
required to do by the FDIC. The Bank has
the branches was a time-consuming and
always been in the forefront of security
costly task. The Bank was outsourcing
measures, even installing firewalls and
vulnerability assessment, but without
intrusion detection systems before it was
a remediation process, the information
common for banks to do so. Therefore,
provided about vulnerabilities was useless.
when new Internet and phone banking
www.citadel.com
period, while the staff size remained the
Solution
Results
The Bank needed an enterprise-wide
The Bank has been able to bring
vulnerability management solution that
vulnerability management in-house,
not only scanned for all five classes of
reducing the cost and time to perform
vulnerabilities but also eliminated them.
vulnerability remediation. No additional
The answer to the challenge was an
staff has been required, so the solution has
automated vulnerability assessment
provided a positive return on investment.
and remediation solution that repaired
Also, reports that are generated by Hercules
vulnerabilities and at the same time
demonstrate to external auditors how the
enforced security policies. The Bank chose
Bank is repairing their vulnerabilities to
Retina from eEye Digital Security for
secure their network and protect their
vulnerability assessment and Citadel’s
customers’ confidential information. Overall,
Hercules® technology for vulnerability
the Bank’s network security risk posture
remediation. The Hercules and Retina
is improved, future audits will be easy to
products are seamlessly integrated to
endure and the CIO has peace of mind.
®
®
provide a fully automated solution that
is running successfully at the Bank. In
the first week, the Bank identified 671
Citadel Security Software
vulnerabilities across their environment
Please visit our website at www.citadel.com,
which they deemed critical. Using
or phone 1-888-8Citadel.
Hercules, they were able to completely
eliminate all 671 vulnerabilities in only
Sales Inquiries
six hours. Without Hercules, it would have
sales@citadel.com
taken at least 60 hours, not including travel
time to each location, and disruption of
each person’s workflow for at least an
hour while the remediation was being
performed. That’s a 10:1 savings of
time spent remediating vulnerabilities.
Hercules is a registered trademark of Citadel Security Software Inc. ©2003-2004 Citadel Security Software Inc.
All rights reserved. This document cannot, in whole or part, be copied, photographed, reproduced, translated
or reduced to any electronic medium or machine-readable form without prior written consent from Citadel Security Software Inc.