Adding security patches to software is a "horror show," says Paula Chesbrough, senior vice president and IT director at Eagle Bank in Everett, Mass.
"You cannot do it during daytime hours when users are on the system because it requires a reboot," explains Chesbrough, adding that "sometimes patches conflict with other software."
Meeting Federal Requirements
Indeed, Microsoft Corp. (Redmond, Wash.) alone issues more than 200 patches annually. Since patch management is one of the practices that federal banking and insurance regulators look for, it's vital for banks to get their update processes in order.
In response, Chesbrough has deployed the latest functionality in network systems monitoring technology from SilverBack Technologies Inc. (Billerica, Mass.) Its patch management solution is designed to help mid-tier company IT staffs automate their vulnerability assessments and deploy the correct fixes.
Chesbrough notes that her IT department-consisting of herself, a network administrator and staff-can spend as much as 30 to 45 percent of their time documenting compliance to meet federally-mandated requirements. "We need to be able to demonstrate...that we have our customers' private data completely secured.
"SilverBack's latest patch management functionality enables us to proactively identify which Windows servers in our network can be exploited or threatened because of the absence of a critical Microsoft security patch, enabling us to address the issues before they become problematic," Chesbrough adds.
With the network system's monitoring technology, the IT staff can manage all of Eagle Bank's servers and PCs, either individually or as a group through a single platform. "You can see the health of everything," and can drill down to the "bulletin level of each patch" to examine vulnerability and determine whether or not a patch is required.
Chesbrough is not new to the SilverBack network monitoring system. She first began using it in December 2000, when Silverback was in its infancy. "I had been looking for a network management system for several years, but I could not find a single system that had all the components I was looking for," she says. When SilverBack called, she was "intrigued" with the technology it was developing because it provided a "single platform that looks at all the elements I was interested in."
Though it was a small company with about a dozen clients, she took a chance and the gamble has paid off. She estimates that the security requirements of the Gramm Leach-Bliley Act (GLBA) alone means she has saved "at least a person-and-a-half" in staff resources, thanks to the system. Today, SilverBack's security monitoring system provides a range of functionality, including: vulnerability scanning, intrusion monitoring, firewall monitoring, anti-virus alerting and patch management.
According to Chesbrough, SilverBack allows Eagle Bank to monitor everything from network performance to measuring RAM space and tracking the network's performance history. Furthermore, the software's alert function sends her a warning when certain thresholds are met. "Something might be going potentially wrong and you can focus on that thing before it goes wrong. There's a remedial aspect to it."
ENABLING HANDS-ON MANAGERS
She says it's a flexible system that is easy to maintain and she prefers that to using a third-party provider, noting that she's a "hands-on" IT manager and likes the comfort of knowing what her network is up to. As well, she questions whether using a service bureau is as cost-effective as her current set-up.
As for the original implementation, Chesbrough describes it as "a two-hour breeze," and the patch update took 15 minutes. The vendor, she says, is "committed to giving very good quality in terms of service. I've never had a problem."
One area where she would like to see more functionality is in continuity and recovery. "One piece we have discussed with them is being able to do more in terms of restoring file servers to a state of operation if for some reason the system goes down."
INSTITUTION: Eagle Bank, headquartered in Everett, Mass.
ASSETS: $390 million
BUSINESS CHALLENGE: Streamline security patch management and network monitoring to meet federal requirements.
SOLUTION: SilverBack Technologies, Inc.'s (Billerica, Mass.) network systems monitoring and patch management software.
KEY QUOTE: "SilverBack's latest patch management functionality enables us to proactively identify which Windows servers in our network can be exploited or threatened." - Paula Chesbrough, Senior Vice President, IT Director, Eagle Bank