Venusense Vulnerability Scanning and Management System Protects Cloud Security for Evergrowing Bank
On the strength of its years' technology accumulation and innovation in vulnerability scanning, Venustech recently won the bid for Evergrowing Bank's (also known as HengFeng Bank) financial cloud security vulnerability scanning tool project successfully. Venusense Vulnerability Scanning and Management System is fully geared toward the dynamic deployment of the cloud platform. Through unified management conducted by the bank's headquarters, it can complete cloud vulnerability scanning and configuration verification, thereby strengthen the overall security of Evergrowing Bank's financial cloud.
About Evergrowing Bank
Evergrowing Bank Co., Ltd. is one of China's 12 national joint-stock commercial banks. Its predecessor was Yantai Housing Savings Bank, which was set up in 1987. In 2003, with approval from the People's Bank of China, it was renamed Evergrowing Bank Co., Ltd., becoming a national joint-stock commercial bank. In the Asian Banks' Competitive Rankings issued by the Chinese University of Hong Kong, Evergrowing Bank was ranked the 5th among all banks in Asia.
In order to build a financial cloud platform and big data platform, Evergrowing Bank migrated most of its core applications to the cloud environment. After the cloud platform was established, some functions that required hardware can now be implemented with software, which has promoted the standardization and universalization of infrastructure, and reduced hardware purchasing and maintenance costs. Nonetheless, how to assess the security of the cloud computing platform and cloud applications has become a new problem.
Traditional security assessment tools are not competent to cloud environment security protection
In the past, Evergrowing Bank's all applications ran on the traditional hardware-based infrastructure. The security of applications and basic hardware platform could be assessed and checked using conventional security assessment tools. Yet when the applications were migrated to the cloud platform, the assessment tools no longer fit the bill: Conventional security assessment tools require specific hardware that is deployed separately, and entail high cost of use. Moreover, they cannot be used for security assessment in cloud environment.
Supporting both hardware and cloud deployment
Venusense Vulnerability Scanning and Management System can be deployed in both the hardware and cloud environments. For example, it can be deployed in cloud environments based on the KVM, XEN, Docker and Esxi platforms. Furthermore, it can be deeply integrated in cloud. By dynamically invoking computing, storage, and network resources in the cloud which prevents resources from going idle, the system does not need any separate hardware deployment, so the cost of use is slashed.
Completing both vulnerability assessment and configuration verification
Evergrowing Bank's cloud platform is based on Openstack architecture. Over the past six years, OpenStack disclosed a total of 129 vulnerabilities. In last year alone, 21 vulnerabilities were disclosed, including three high-risk ones. Therefore, there is an extremely urgent need to assess security risks in the cloud platform. With both vulnerability assessment and configuration verification functions, Venusense Vulnerability Scanning and Management System can assess the security of the user's system in multiple dimensions. Apart from the OS, network equipment, software and Web, it can perform comprehensive vulnerability assessment and configuration verification for the cloud platform and virtual environments under the platform such as VMvare, KVM and XEN, thereby performing a top-down overall check for the entire architecture of the cloud platform.
Hierarchical deployment in the cloud for unified management
Evergrowing Bank has 14 tier-one branches and two branches directly under the headquarters in China, with 279 affiliates in total. It was difficult to conduct unified management from the headquarters to the branches. Policy issuance and security risk check would entail high labor cost. Furthermore, due to regional differences in technology capability and limited regulation, local branches often could not meet requirements for vulnerability management.
Through multilevel deployment, Venusense Vulnerability Scanning and Management System achieved distributed unified management to completely security check from the headquarters to the branches. This way, the bank has overcome cross-regional management difficulties, and policy issuance, vulnerability scanning, report analysis, upgrading and maintenance are done in sync across the country. The whole cloud platform's security status is clear at a glance. While stepping up regulation, the bank has improved its working efficiency.