Global bank strengthens cyber security
TCS enables robust threat modeling, secure development, and comprehensive risk assessment.
Challenge
US-based lender strives to mitigate IT risk across the banking value chain.
The global banking giant wanted to protect itself from rising cyber-attacks and data theft in the industry by building advanced end-to-end cyber security capabilities. They aimed to close security gaps early on in the application lifecycle by focusing on model-driven security. The existing vulnerability management tools couldn’t provide contextual security insights and required rule engine customization. The lender also wanted to review and optimize its application risk assessment framework to gain better visibility into the security status of its applications.
Solution
TCS develops customized threat modeling tool and overhauls security risk assessment system.
The bank partnered with TCS to adopt a proactive approach towards cyber security and vulnerability management. TCS designed a tailored, web-based threat modeling tool with an intuitive user interface. The tool was customized to meet the lender’s functional and scalability needs.
Further, we customized the existing code quality monitoring tool to enable early detection of security issues during the application lifecycle. TCS came up with secure coding rules and defect remediation guidelines, and trained application developers to acclimatize them to the new development framework.
We automated and standardized the information security risk assessment processes and developed a powerful algorithm to determine the risk ranking of various applications based on multi-factor analysis. The bank’s static application security testing (SAST) workflows were optimized and automated by integrating security scanners with workflow systems, integrated vulnerability dashboards and robust trend analytics.
Benefits
Leading bank streamlines application risk assessment and prevents financial cyber attacks.
Through this cyber security transformation initiative, the lender was able to ensure zero-defect code for secure applications, identify defects in early stages of the SDLC, and accelerate time to market for new applications.
Statistics
40%
IT risk management effort
50%
security issues reported
30%
application development time
100%
threat modeling tool coverage