Case Study

Multinational bank reduced security issues by 67% with streamlined infrastructure patching

When the bank's security team struggled to manage patches on IT infrastructure, UST recommended a plan to streamline vulnerability management. The solution helped reduce security issues by 67%, improved patch compliance by 57%, and decreased patching exceptions to <1%.


With origins dating back more than a century, this bank has evolved from a local credit agency to one of Europe's leading lenders. The company has operations in more than 200 countries and generates approximately £500 million annually.


Disorganized security update processes led to gaps in patching coverage

The bank’s in-house security team struggled to manage IT infrastructure security patches. Because the team didn’t have strong governance processes, especially to track exceptions and exempt assets, haphazard security patching processes left some infrastructure vulnerable to security breaches. Meanwhile, when the IT team unexpectedly changed the infrastructure environment without documentation, the security team couldn't identify and prioritize updates easily.


Meticulous assessment and asset inventory informed design of new security patching processes

UST conducted an infrastructure asset inventory and thoroughly analyzed the bank’s security patching processes and infrastructure coverage. Armed with that information, UST compiled a detailed report outlining gaps and provided a mitigation plan to resolve the issues. Our security experts worked with company stakeholders to measure vulnerabilities accurately, define an end-to-end vulnerability management lifecycle process, and implement policies to manage patches and security exceptions. To support the new governance policies, UST also tagged every asset in the bank’s infrastructure estate to ensure the items were included in the new patching program. With new vulnerabilities identified, the internal security team has successfully mitigated the risks by following the new security patching processes.


New security patching governance policy eliminated vulnerabilities by 67%

With the new processes in place, the security team achieved these results: