Major Global Bank
Bringing Vulnerability Scanning into Penetration Testing
Industry
Challenge
For several years, a group of mainframe systems programmers had been performing automated mainframe vulnerability assessments at a large multi-national bank. But following a comprehensive PCI audit, the Operations Director of the mainframe team came to the realization that his group could no longer be held responsible for the results from the vulnerability scanning of the mainframe. As a result, the director requested that the corporate penetration testing team take over that responsibility moving forward.
But how would the organization be able to make that happen? Not only did everyone on the penetration testing team only know network and PC penetration testing methodologies, no one understood the issues with building mainframe vulnerability risk rankings and why analytics–driven reporting was necessary to analyze and score the vulnerabilities found on the mainframe. The main challenge here centered around educating the penetration testers on mainframe language and scheduling processes to ensure they were equipped to handle the change.
We never even thought we could have vulnerabilities on the mainframe, but once we began automated scanning, we found the volume and the severity to be much greater than anticipated.”
Want to learn more?
Contact Sales
Visit contact us