enabling the secure network integration of ltsb and hbos
DESCRIPTION
An interview with Glyn Finan, security solution architect of Lloyds Banking GroupTRANSCRIPT
Enabling the Secure Network Integration of LTSB and HBOS
An Interview with Glyn Finan, Security Solution Architect
of Lloyds Banking Group
04/08/2023 1
2
Introductions
Mr. Glyn Finan Lloyds Banking Group 2009 merger of Lloyds TSB
and HBOS Largest retail bank in UK 140,000 staff 30 countries 3000 branches
3
The 2009 Merger
Merge two massive network infrastructures Keep the environment secure from attack Maintain business as usual Enable €2.3B savings!
Mission Impossible?
5
The Network Audit Project
Time sensitive 6 months
Converge safely
Enable integration to save€2.3B
Examine the heritage networks Determine current risk profile Determine merger effect on risk Model the converged network
6
Project Methodology
Network Perimeter Discovery Vulnerability Assessment
Rogue Device Detection Risk Exposure Analysis
7
For Network Audit Project
8
Risk Exposure Analysis
●●●
●
●●
●
●
●
●
●
● ●●●
●
●
●
●
●
● ●●●
●
●
●●
●
9
Common Concerns
Perimeter-focused security Limited internal zoning based on
system/ data classification Need to develop network security 3-
5 year architecture blueprint Need to be able to visualise the
entire network Build knowledge of network
topology, services, security controls, potential risks
10
Defining a New Model
11
Results: Visibility
Assessed 250,000 endpoint devices
Extracted configurations of 450 firewalls and 9,000 routers
Network perimeter map of LTSB and HBOS networks
Detailed all ingress/ egress points
12
Results: Security and Control
Identified and removed unauthorised devices
Critical vulnerabilities addressed Identified a more efficient
approach to remediation Missing patches Excessive services Missing services
13
Lessons Learned
Value of proactive technologies Repository for threat, vulnerability
and remediation information Accurate view of CMDB Aggregate view of vulnerabilities
and risk profile Quantifiable information to
prioritise resources
14
Enable New Services
Removed boundaries (de-perimeterisation)
Supports ‘consumerisation’ B2B connectivity “Defence in Depth” strategy Future-proofing the Network
15
… and on time
16
Thank you!