Large Commercial Bank Develops Deep Insight into Software Security Status
Customer Business Profile
One of the world's largest commercial banks with an extensive range of banking, investing, asset management and other financial products and services.
Software Security Initiatives
With the continually increasing number and sophistication of malicious attacks and schemes to defraud customers, this leading bank sought new ways to protect themselves and their customers. Rather than take a reactive approach to software security, they sought to put in place a revolutionary way of fortifying vast quantities of code and diverse business applications.
This holistic approach meant putting in place technologies and process that would have immediate results, and could also be promulgated throughout an expansive development organization working on diverse products and businesses. The big picture called for the ability to understand measure and manage overall software security with greater insights than previously possible.
Key Challenges
- Meaningful metrics
- Hands off fully automated source code security analysis
- Handle thousands of applications
- Multiple runtime environment support
Why They Chose Fortify
One of the most daunting aspects of solving this business dilemma was to find a way to accurately and productively audit large amounts of code. Traditional methods involved the manual effort of highly skilled resources. This approach simply could never scale to meet the long-term business objective. One of the unique capabilities which Fortify Software brought to this problem was the ability to do just that – enable the Information Security team to analyze, document, and assess the relative security status and business impact of a vast number of applications.
With more than one hundred and fifty categories of software vulnerabilities, the largest secure coding rule sets commercially available and powerful code analyzers, Fortify SCA provides proven, accurate and productive results in this demanding enterprise deployment. This was facilitated with industry leading ease of integration in the enterprise production build environment. This build integration is a prerequisite to obtaining results both quickly and efficiently over time.
Fortify Manager provides the ability to understand, measure and manage the overall software security landscape. A key ingredient is metrics that matter. Fortify Manager not only provides metrics, but metrics that can be translated into relative security risk. The customer's Information Security team can easily compare vulnerability scores across hundreds of projects at a time. This allows the organization to invest resources where the greatest return will be realized.
A better experience
Valuable insights across a large number of applications were available shortly after beginning to utilize Fortify Software solutions. Fortify, as a true partner committed to customer success, expanded an already industry leading range of runtime platform support to meet customer needs.
The customer is now able to manage the relative security of a huge number of applications with contributions from globally distributed development teams. This was simply not possible prior to the availability of Fortify SCA and Fortify Manager. As a result, millions of customers around the world are benefiting from the increased security of the applications that run the business for one of the world's largest banks.
Fortify Benefits
- Attack surface area and vulnerability score reports
- Centralized software security management of multiple projects
- Ability to audit a vast number of projects
- Ease of integration with the enterprise production build environment
- Significantly increased visibility into software security status