Tag: V-Scan

27 Jul 2022
Learn How to Eliminate Compliance Pain Points with COMPaaS

Learn How to Eliminate Compliance Pain Points with COMPaaS

Learn How to Eliminate Compliance Pain Points with COMPaaS

Keeping compliance processes and information security up to date is crucial, especially with the ever-increasing risks and regulatory requirements that are facing financial institutions. Our compliance-as-a-service solution, COMPaaS, solves this problem. It offers community banks and credit unions an easy way to customize information technology and compliance services to match their institution’s needs.

What is COMPaaS?

COMPaaS is a collection of connected compliance applications combined with critical monitoring and reporting tools that institutions can customize to address their specific pain points. Regardless of type or size, any financial institution can use COMPaaS to build a unique package of services that are based on their specific compliance resources, expertise, and budget.

The full suite of services meets regulatory requirements in a range of areas from vendor and network management to cloud security, information technology, and business continuity management:

  • BCP Blueprint: An application that automates the building and maintenance of a business continuity plan.
  • CloudInsight M365 Security Basics: A reporting tool that provides visibility into security settings for Azure Active Directory and M365 tenants.
  • Cybersecurity RADAR: A user-friendly application to assess cybersecurity risk and maturity.
  • Information Security Program: A proven regulatory framework with applications that allow you to build a customized, interactive, and compliant infosec program.
  • Lookout: An event log monitoring solution that efficiently combs through daily logs and sends notifications for activities that need review.
  • NetInsight: A reporting tool that runs independently of existing network tools to provide third-party “insight” into IT controls.
  • Vendor Management: An application that tracks vendor risks, automates contract renewal reminders, and generates reports.
  • V-Scan: A security solution that scans a network, identifies vulnerabilities, and generates a comprehensive report.

How Does It Work?

The COMPaaS applications and services were built with our expert’s core knowledge and industry best practices to help your institution build a strong compliance foundation. Whether you choose one of the automated applications or a service that provides a dedicated compliance resource, COMPaaS can help you better manage your policies and procedures, implement effective controls, and fill in reporting gaps to meet examiner expectations. It is the ideal solution because it lets you select the exact products and services you need now and add more later as your requirements change. For example, if you are a smaller bank, you might begin with a vendor management application and then build from there to cover your cybersecurity risk and information security concerns.

Key Benefits

COMPaaS allows financial institutions to leverage the benefits of automation to streamline time-consuming processes related to regulatory requirements. It converts labor-intensive processes that often exist on paper into apps to create living documents that are more efficient and less likely to become outdated.

COMPaaS also uses technology to enforce verifiable controls and provide consumable reports so that institutions can implement the appropriate actions to maintain information security. This can make it easier to prove to a third party that critical issues are being addressed. In addition, all COMPaaS was designed with the regulatory needs of community banking institutions in mind. For example, the technology and security products cover the standards set by the Federal Financial Institutions Examination Council’s Cybersecurity Assessment Tool (CAT) or the National Credit Union Administration’s Automated Cybersecurity Examination Tool (ACET).

The COMPaaS Advantage

With COMPaaS, institutions have an effective way to target and eliminate their specific compliance and information technology weaknesses. They can save time by automating compliance tasks and save money by selecting only the options where they need help. Institutions also can expand COMPaaS’ services to support internal IT staff who may not be well-versed in a particular area or wearing multiple hats and juggling too many tasks. Or they can use COMPaaS to fill a void when an IT staff member takes a vacation, goes on leave, gets promoted, or retires. Whatever the situation, institutions can maintain continuity by having access to the same tools, reporting features, and experts through COMPaaS. And our solutions will grow with the institution, so it can implement various services at separate times based on its budget and needs.

06 Jun 2018
How 4 Security Truths Can Improve Your Security Program

How 4 Security Truths Can Improve Your Institution’s Security Program

How 4 Security Truths Can Improve Your Security Program

Security has become increasingly complex. In addition to the ordinary computer, today’s world is full of tiny computers or smart devices that have complete, functional operating systems and are connected to the internet. These Internet of Things (IoT) devices include our phones, refrigerators, thermostats, TVs, light bulbs, and even cars. While this level of connectivity provides the benefit of greater convenience in our daily lives, it has also increased the number of ways we can be compromised by attackers.

“The denial-of-service attacks that forced popular websites like Reddit and Twitter off the internet last October were enabled by vulnerabilities in devices like webcams and digital video recorders. In August, two security researchers demonstrated a ransomware attack on a smart thermostat,” said Bruce Schneier.

As institutions continue to connect more devices to the internet, the number of potential security weaknesses on their network will increase. So how can banks and credit unions use this knowledge to improve their security programs?

According to Schneier, an internationally renowned security technologist and author, there are four truths related to the current world of computer security:

Ransomware and the Evolving Security Landscape Free White PaperWhite Paper Download

  1. “Attack is Easier Than Defense”
  2. According to Schneier, “Computer-security experts like to speak about the attack surface of a system: all the possible points an attacker might target and that must be secured. A complex system means a large attack surface. The defender has to secure the entire attack surface.”

    Attackers work to find ways to use software and solutions in malicious ways that developers never intended. They can find the smallest security flaw or vulnerability in any system and use that to their advantage. This means financial institutions have to plug and patch each and every hole and vulnerability in all systems in order to be secure, whereas an attacker only has to find a single vulnerability in a device to be successful.

  3. “There are New Vulnerabilities in the Interconnections”
  4. “The more we network things together, the more vulnerabilities on one thing will affect other things,” said Schneier. For example, attackers can penetrate a network through a DVR system, bypassing the more robust level of security of a computer. The hard truth is that the more devices you connect to your environment, the more attack surface you have due to the growing number of vulnerabilities.

  5. “The Internet Empowers Attackers”
  6. “One of the most powerful properties of the internet is that it allows things to scale. This is true for our ability to access data or control systems or do any of the cool things we use the internet for, but it's also true for attacks,” according to Schneier. The internet is a powerful tool that improves efficiency for everyone, including attackers, which is why they use it to scale an attack. An attacker can connect to a network through any number of different connected devices, some as benign as a thermostat, refrigerator or light bulb. Attackers often function as a part of a community, readily sharing knowledge and experience with each other. It’s no surprise that the source code for the Mirai botnet, which was able to infect IoT devices such as DVRs, home routers, printers and IP cameras, is now available on the internet for anyone to use.

  7. “The Economics Don’t Trickle Down”
  8. “Our computers and smartphones are as secure as they are because companies like Microsoft, Apple, and Google spend a lot of time testing their code before it's released, and quickly patch vulnerabilities when they're discovered,” said Schneier. Whereas vendors of DVR’s, IP cameras, printers, and consumer devices do not allocate enough resources and money to effectively secure their devices. Additionally, these devices typically have less expensive and less secure components, as well as low-end operating systems with no focus on security or patching, all of which make it is easier for attackers to use them to penetrate a network. Financial institutions must keep this in mind when adding new devices to their environments and should implement additional security layers to guard against attacks.

Improving Your Security Program

The first step to having a truly secure network is to be aware of all devices that are connected to your network. A solid asset management program enables financial institutions to know what systems they have in place, what devices they have, where they are located, and what is connected. When connecting a new device to the network, make sure passwords are secure, the device is operating with up-to-date software, and it is protected by the security layers in place.

In addition, financial institutions should have controls in place to continually scan for vulnerabilities. Firewalls and anti-malware software alone are no longer enough to protect against cybercrime. Additional security layers enable financial institutions to identify when an intruder is present, identify curious internal employees, identify rogue internal employees, and uncover suspicious activity before any damage is done. Combined with Safe Systems’ V-Scan, a powerful network scanning tool that scans the entire network for vulnerabilities and produces an exhaustive list of all vulnerabilities that exist on each device, financial institutions can have greater visibility into their networks, giving them the confidence their organization is truly secure.

43% of cyber attacks target small community businesses


Financial institutions are 4 times more likely to be attacked than other industries
Websense Security Labs Report (now Forcepoint)

47% of the time, companies are unaware that they've been breached until a 3rd party tells them
Mandiant M-Trend Report

See More Stats
17 Jan 2018
Network Vulnerability: Why Scanning Your Institution’s Servers Is Not Enough

Network Vulnerability: Why Scanning Your Institution’s Servers Is Not Enough

Network Vulnerability: Why Scanning Your Institution’s Servers Is Not Enough

As community financial institutions continue to innovate and add to their IT infrastructure, they are unknowingly adding security threats, issues and vulnerabilities that might not be addressed by the standard security measures that are in place. Recent high profile security breaches have shown that it can take more than 100 days for an organization to detect suspicious activity on the network. To quickly identify internal threats, network security solutions must now scan and monitor more than just servers. It is vital for community banks and credit unions to scan the entire network to provide greater visibility and monitor potential threats on all workstations and devices connected to the network. Reasons for this necessity include:

  1. Increased Vulnerabilities
  2. Financial institutions now have more devices and software connected to their network than ever before, driving the number of vulnerabilities upward. A single vulnerability can result in an attack on the entire network, which leads to stolen bank and customer data, a devastating effect on the organization’s revenue and reputation, and the significant costs associated with repairing the damage.

  3. More Cyberattacks in the Financial Services Industry
  4. Cybercrime and threats are at an all-time high, especially in the financial services industry. According to a study by Raytheon and Websense, financial services organizations see three times as many attacks as organizations in other industries. This is because financial institutions house significant amounts of valuable, financial data such as credit and debit card information, corporate bank account numbers and other personal identification documents. Cybercrime will continue to plague financial institutions so it is important to be proactive and implement solid security defenses to secure the institution and its data.

  5. Strict Regulatory Expectations Around Security
  6. Due to the increasing volume and sophistication of cyber threats, the Federal Financial Institutions Examination Council (FFIEC) developed the Cybersecurity Assessment Tool (CAT) to help institutions identify their risks and determine their cybersecurity preparedness. The CAT helps financial institutions weigh specific risks such as vulnerabilities in IT security measures versus controls or solutions aimed to prevent, detect and respond to these threats and determine areas for improvement. To remain in compliance with the FFIEC guidance, community banks and credit unions must scan their networks on a weekly basis to prevent cyber threats and demonstrate that they have the appropriate threat and vulnerability detection solutions in place.

Greater Network Visibility

To establish a secure IT network and be better protected in the current environment, financial institutions should employ a strategy that places many uniquely tailored layers throughout their networks, from the end-user to the internet, as well as a network security solution that scans the entire network, including all devices and workstations. It is important to implement a solution that identifies unknown vulnerabilities and reduces the risk of cyber-attacks. By scanning more than just servers, financial institutions have the ability to prioritize and address the vulnerabilities identified.

In an effort to help financial institutions better address network vulnerabilities, Safe Systems developed the V-Scan vulnerability scanning solution. V-Scan is a powerful network scanning tool that scans the entire network, both Windows and non-Windows-based devices and operating systems, and produces an exhaustive list of all threats that exist on each device. Safe Systems takes all the data collected and breaks it into different segments, creating a tailored report. With Safe Systems’ V-Scan solution in place, financial institutions will have greater visibility into their networks, providing confidence that the organization is truly secure.

White Paper Download
Read the Guide