Enabling the Secure Network Integration of LTSB and HBOS

An Interview with Glyn Finan, Security Solution Architect

of Lloyds Banking Group

04/08/2023 1

2

Introductions

Mr. Glyn Finan Lloyds Banking Group 2009 merger of Lloyds TSB

and HBOS Largest retail bank in UK 140,000 staff 30 countries 3000 branches

3

The 2009 Merger

Merge two massive network infrastructures Keep the environment secure from attack Maintain business as usual Enable €2.3B savings!

Mission Impossible?

5

The Network Audit Project

Time sensitive 6 months

Converge safely

Enable integration to save€2.3B

Examine the heritage networks Determine current risk profile Determine merger effect on risk Model the converged network

6

Project Methodology

Network Perimeter Discovery Vulnerability Assessment

Rogue Device Detection Risk Exposure Analysis

7

For Network Audit Project

8

Risk Exposure Analysis

●●●

●

●●

●

●

●

●

●

● ●●●

●

●

●

●

●

● ●●●

●

●

●●

●

9

Common Concerns

Perimeter-focused security Limited internal zoning based on

system/ data classification Need to develop network security 3-

5 year architecture blueprint Need to be able to visualise the

entire network Build knowledge of network

topology, services, security controls, potential risks

10

Defining a New Model

11

Results: Visibility

Assessed 250,000 endpoint devices

Extracted configurations of 450 firewalls and 9,000 routers

Network perimeter map of LTSB and HBOS networks

Detailed all ingress/ egress points

12

Results: Security and Control

Identified and removed unauthorised devices

Critical vulnerabilities addressed Identified a more efficient

approach to remediation Missing patches Excessive services Missing services

13

Lessons Learned

Value of proactive technologies Repository for threat, vulnerability

and remediation information Accurate view of CMDB Aggregate view of vulnerabilities

and risk profile Quantifiable information to

prioritise resources

14

Enable New Services

Removed boundaries (de-perimeterisation)

Supports ‘consumerisation’ B2B connectivity “Defence in Depth” strategy Future-proofing the Network

15

… and on time

16

Thank you!