Industry

Financial & Banking

Challenge

For several years, a group of mainframe systems programmers had been performing automated mainframe vulnerability assessments at a large multi-national bank. But following a comprehensive PCI audit, the Operations Director of the mainframe team came to the realization that his group could no longer be held responsible for the results from the vulnerability scanning of the mainframe. As a result, the director requested that the corporate penetration testing team take over that responsibility moving forward.

But how would the organization be able to make that happen? Not only did everyone on the penetration testing team only know network and PC penetration testing methodologies, no one understood the issues with building mainframe vulnerability risk rankings and why analytics–driven reporting was necessary to analyze and score the vulnerabilities found on the mainframe. The main challenge here centered around educating the penetration testers on mainframe language and scheduling processes to ensure they were equipped to handle the change.

We never even thought we could have vulnerabilities on the mainframe, but once we began automated scanning, we found the volume and the severity to be much greater than anticipated.”
Chief Information Security Officer

Want to learn more?

Case Studies

Bringing Vulnerability Scanning into Penetration Testing
Download the full case study

Contact Sales

Visit contact us

Modernization. Without Disruption.™

Get started