As Sabadell United Bank grew, the number of endpoints under management tripled. To keep pace, IT staff needed to simplify endpoint patching processes and reduce the time to deploy patches.
Working with Champion Solutions Group, the bank streamlined discovery, reporting and patching of endpoints with IBM® BigFix® and gained near-real-time visibility from a single console.
Reducedtime to execute and deploy patches by 6X
Decreasedtime to deploy patches for zero-day vulnerabilities from weeks to one day
Business challenge story
Confirming endpoints are properly managed and patched
Sabadell United Bank has undergone enormous growth in the past decade, and as business volume has grown, so have the demands on IT staff. Through bank acquisitions and organic growth, IT staff saw the number of endpoints under management triple, and they found that the company’s existing patching tools and processes couldn’t keep up.
“We really outgrew our previous patching environment,” says Carlos Fernandez, CIO, Sabadell United Bank. “We were using several tools, including WSUS [Windows Server Update Services] and SCCM [Microsoft System Center Configuration Manager], as well as manual processes for third-party software. We found we had to jump through a lot of hurdles to get something patched and the information we were getting from the different tools wasn’t always reliable. As cybersecurity risks have increased, it’s increasingly important that we confirm all our endpoints are properly managed and patched.”
Compliance was also a key focus. “The new FFIEC [Federal Financial Institutions Examination Council] cybersecurity framework is becoming much more prescriptive regarding information security,” says Fernandez. “Regulators today have very high expectations. As a result, we have set demanding standards for ourselves in terms of patching, reporting and escalating issues regarding endpoint management.”
Simplifying endpoint management significantly
Working with IBM Business Partner Champion Solutions Group, the company replaced its three separate patching tools, along with manual patching processes, with IBM® BigFix®. The solution streamlines the discovery, reporting and patching of endpoints, automating previously manual processes and providing a single console that gives IT staff near-real-time visibility to understand the landscape and helps them reduce patching times.
“BigFix has really changed the paradigm of how patching is managed and has helped us simplify the process significantly,” says Arnau Llopart COO, Sabadell United Bank.
Champion Solutions Group has worked with the Sabadell United Bank IT team for many years, supporting a number of the organization’s IT initiatives. When it came to reassessing the company’s patch management processes, Champion Solutions Group suggested a Proof-of-Concept (POC) that enabled the bank to explore its options firsthand.
“The POC enabled us to compare the pros and cons before we made a full commitment,” explains Fernandez. “In this particular case, it was quickly apparent that BigFix would meet our needs. This was a new environment for us, and the Champion team was crucial in helping us install, configure and implement best practices. They’ve also helped us optimize the solution over time as our needs and patching procedures changed.”
Reducing time to execute and deploy patches by 6X
By centralizing and automating patch management processes, IBM BigFix has helped the Sabadell United Bank IT team manage its endpoints more efficiently, and deploy patches faster and with greater reliability.
For example, BigFix tracks patch releases from operating system, anti-malware and common third-party application vendors and makes them available to the bank, helping to eliminate the need for time-consuming patch research processes. It also continuously monitors and reports endpoint state, so Sabadell IT staff can more quickly confirm the successful installation of patches and endpoint compliance, and rapidly identify which endpoints require remediation when vendors release highly critical, out-of-band patches.
“Managing and execution of patches were the two biggest challenges we faced,” says Mat Byelykh, assistant vice president, IT Platforms, Sabadell United Bank. “With BigFix’s unique multi-platform support and continuous monitoring and enforcement capabilities, we’ve achieved a 6X reduction in the time to execute and deploy patches across our 27 locations, with a high first pass patch success rate. We’ve also seen a reduction in the remediation needed due to a higher success rate for first-pass compliance.”
Additionally, the company can more quickly deploy vendor patches for zero-day vulnerabilities, reducing a process that previously took weeks to one day.
“Last year was a record-setting year for the number of zero-day notifications that were released and it doesn't seem to be slowing down,” says Fernandez. “BigFix allows us to manage zero-days a lot more effectively. Once we're notified of a vulnerability, we can fix it the same day. This is something we just could not have done before.”
He adds, “Both our regulators and our Board are very happy with the results that we've achieved. This is a product that I think will make a difference with other financial institutions, and help them address patching requirements.”
Sabadell United Bank
Headquartered in Miami, Sabadell United Bank is a locally managed, nationally chartered banking institution serving more than 40,000 clients across 27 locations in Florida. Since 2007, the bank has grown its presence in Florida over twelvefold in terms of business volume.