Citadel Security Software Case Study Company Name: Bank of Alameda Citadel Solutions: Hercules® Background The Bank of Alameda (the Bank) services were introduced that allowed commenced operations in March 1998, access to the network from the outside, the and its main office is in Alameda, across Bank was prepared with perimeter network the Bay from the City of San Francisco. security, but the CIO knew he had to take Founded by a group of local business further steps to ensure a secure network. professionals and long-time residents The challenge was how to protect the spent remediating from the City of Alameda and Alameda Bank’s network from attacks that occurred vulnerabilities County, the Bank is committed to ROI: A 10:1 savings of time from the outside as well as the adding value through a high inside. An employee might level of personal and bring a disk from home that had professional attention. As a community-based bank, it promotes a virus on it and inadvertently infect the entire network. And no matter relationship banking via communication how vigilant the perimeter security is, there between employees and the customer, and is always the chance that a vulnerability on a strives to provide a level of service not seen device could be exploited from the outside. with large regional or national institutions. An additional challenge was to maintain a secure network during the Bank’s growth Challenge From the beginning, the Bank has same. Patching the servers was a job that implemented high levels of security, going was doable with the current information beyond what a bank its size is requested technology (IT) staff, but remediating the to do to meet its customers’ needs or is vulnerabilities on all the workstations in all required to do by the FDIC. The Bank has the branches was a time-consuming and always been in the forefront of security costly task. The Bank was outsourcing measures, even installing firewalls and vulnerability assessment, but without intrusion detection systems before it was a remediation process, the information common for banks to do so. Therefore, provided about vulnerabilities was useless. when new Internet and phone banking www.citadel.com period, while the staff size remained the Solution Results The Bank needed an enterprise-wide The Bank has been able to bring vulnerability management solution that vulnerability management in-house, not only scanned for all five classes of reducing the cost and time to perform vulnerabilities but also eliminated them. vulnerability remediation. No additional The answer to the challenge was an staff has been required, so the solution has automated vulnerability assessment provided a positive return on investment. and remediation solution that repaired Also, reports that are generated by Hercules vulnerabilities and at the same time demonstrate to external auditors how the enforced security policies. The Bank chose Bank is repairing their vulnerabilities to Retina from eEye Digital Security for secure their network and protect their vulnerability assessment and Citadel’s customers’ confidential information. Overall, Hercules® technology for vulnerability the Bank’s network security risk posture remediation. The Hercules and Retina is improved, future audits will be easy to products are seamlessly integrated to endure and the CIO has peace of mind. ® ® provide a fully automated solution that is running successfully at the Bank. In the first week, the Bank identified 671 Citadel Security Software vulnerabilities across their environment Please visit our website at www.citadel.com, which they deemed critical. Using or phone 1-888-8Citadel. Hercules, they were able to completely eliminate all 671 vulnerabilities in only Sales Inquiries six hours. Without Hercules, it would have [email protected] taken at least 60 hours, not including travel time to each location, and disruption of each person’s workflow for at least an hour while the remediation was being performed. That’s a 10:1 savings of time spent remediating vulnerabilities. Hercules is a registered trademark of Citadel Security Software Inc. ©2003-2004 Citadel Security Software Inc. All rights reserved. This document cannot, in whole or part, be copied, photographed, reproduced, translated or reduced to any electronic medium or machine-readable form without prior written consent from Citadel Security Software Inc.