ING Bank Embraces Continuous Security Validation to Boost Cyber Resilience

ING Bank, a global banking giant, improved the utilization of its security investments and gained proactive capabilities to tackle targeted attacks.

Industry:Financial Services

Financial Services Industry's role in the world economy and our lives has expanded due to digitalization.

Digitalization expanded the role of the financial services industry (FSI) in the world economy and our lives. FSI companies now offer their savings, payment, investment, loan, mortgage, and other products with omnichannel access and seamless transaction experiences. Providing continuously improved services for customers compels FSI companies to run interconnected and interoperable, not to mention large and complex, information technology infrastructures while remaining compliant with extremely tight regulations and resilient against cyber risks. Cybersecurity has been at the top of the FSI companies’ agenda for some time. Many industry associations in different countries classify cybersecurity as a Tier 1 threat for financial services, alongside terrorism, war, and natural disasters. On a positive note, reports indicate that FSI companies experience fewer incidents successively each year. On a negative one, FSI companies now need to deal with highly sophisticated attacks that are crafted to aim at their organizations specifically.

The Customer

ING has over 39.3 million customers, corporate clients, and financial institutions as well as a solid European base of 57,000 employees.

ING is a global banking giant with a strong European base, 57,000 employees, 39.3 million customers, corporate clients, and financial institutions in over 40 countries. ING states its purpose as “to empower people to stay a step ahead in life and in business.” Recognized as one of Forbes magazine’s most innovative companies, ING encourages an innovation-driven company culture. ING runs Labs in four cities worldwide (Amsterdam, Brussels, London, and Singapore), where it builds and validates new businesses by combining its knowledge and network with others’ knowledge and skills.

ING defines itself as “a technology company with a banking license.” The bank has a large network and a sizeable IT and cyber security team. The digital infrastructure is protected by a large set of cybersecurity technologies. Yet, the team is fully aware that spending more on cybersecurity does not automatically translate into reduced cyber risk.

Mr. Muhammet Emin Başar, IT Platform Security Expert Lead at ING Bank Turkey, says that “putting information technology systems in operation is not an uncomplicated task. The planning, installation, configuration, monitoring, storing, and maintenance of these systems require a significant level of labor, time, and effort. Nevertheless, establishing a process to control if these systems function as planned and deliver the required output may be overlooked. This is even more true and important for cybersecurity projects as teams are always extremely busy while risk factors in the internal and external environments constantly change”.

Mr. Muhammet Emin Başar
IT Security Product Manager ING Bank, Turkey

“Even though we always used pen-test and some other assessment practices, none of them gave us the depth and width we needed to understand our posture against the possible attack scenarios extensively. The Picus platform was a game-changer”.

Case Study-Images-400x248px (1)

Picus Security Validation Platform Helps ING Bank to Strengthen Cybersecurity Infrastructure and Ensure Continuous Protection

ING Bank has a high-caliber cybersecurity team with diverse skills and experiences. The team is diligent that a “false sense of security” is a mindset not allowed to exist in their business line. ING Bank runs a multi-layered cybersecurity infrastructure. Offensive and defensive teams utilize and manage dozens of network security, endpoint security, monitoring, information and event management, advanced detection and response, and other technologies. Mr. Başar elaborates further that security assessments have been a significant area of concern for them before they came across the Picus Security Control Validation Platform. “Cybersecurity technologies are not “deploy and forget” systems. They need to be constantly updated and reconfigured. Any network problem, software bug, hardware failure, misconfiguration, and other pitfalls can hinder the functionality. Security posture may drop at any time, and therefore validating the security performance of the cybersecurity operations and infrastructure is an essential requirement for ING Bank “, adds Mr. Başar.

The Result


Continuous Security Validation Made Possible
“Even though we always used pen-test and some other assessment practices, none of them gave us the depth and width we needed to understand our posture against the possible attack scenarios extensively. The Picus platform was a game-changer for us”, explains Mr. Başar. The ING Bank Turkey's cybersecurity team started using the Picus Security Control Validation Platform as an integral part of their cybersecurity infrastructure soon after getting familiar with its rich feature set. The platforms’ entirely safe modus operandi and easy to deploy architecture made it possible to activate Picus assessment on multiple networks, email, and endpoint segments. Mobilizing more than ten thousand attack scenario samples that the Picus Libray contains across their network, the ING team continually assesses security posture, reveals gaps as they occur, and initiates mitigation proactively.



Picus Improves the Utilization of the Existing Security Investments
Continuous Security Validation is a transformative capability on many fronts. Using the Picus Platform ING Bank Turkey's cybersecurity team continually measures the effectiveness of their security controls and sustains a solid security baseline. In addition to continuous assessments, the ING team can also on-demand basis assess their preparedness for all the tactics, techniques, and procedures a particular advanced threat contains.The technology alliances Picus formed with large technology providers also offered a precious use case. Picus provides detection signatures for the next-generation firewall, network intrusion prevention, and web application firewall technologies ING Bank Turkey uses. This content is presented to show the most impactful ways to boost security posture and help teams better utilize their existing platforms. The Complete Security Control Validation Platform empowers ING Banks’ cyber security team to lower their cyber risk and helps save considerable man-hours in adapting defenses to imminent threats.



The Complete Security Posture Assessment
ING Bank’s cybersecurity team embraces the uses cases Picus’ innovative new features offer. Mr. Başar confirmed that tying the infrastructural detection and prevention status with the visibility and detection potential of the SIEM platform completes the picture as the attack surface expands and gives a good understanding of the security posture

#Financial Services #Case Study

Trusted by Security Teams Across the Globe

Organizations use Picus to get immediate actionable insights on their security posture. They choose Picus to manage, know, and control their dynamic environment.

The GARTNER PEER INSIGHTS Logo is a trademark and service mark of Gartner, Inc. and/or its affiliates and is used herein with permission. All rights reserved. Gartner Peer Insights reviews constitute the subjective opinions of individual end users based on their own experiences and do not represent the views of Gartner or its affiliates.

Discover Our Latest News and Content