Procure IT Helps Cogent Bank Strengthen Security Risk Posture

Procure IT Helps Cogent Bank Strengthen Security Risk Posture

The executive and IT leadership teams at Cogent Bank put a high priority on cybersecurity, so they brought in third-party experts at Procure IT to evaluate their cybersecurity systems and recommend additional solutions to lower their security risk.

Client Profile

Cogent Bank is a state-chartered, full-service bank with more than $1.5 billion in assets under management. The bank offers business and personal banking services, including lending, depository, property and treasury management. The bank's team of more than 190 financial professionals include experts in specialized lending for small business, agriculture, nonprofit, healthcare, cannabis, government and more.

Challenge

CTO Daniel Dean joined Cogent Bank in 2019 to help the institution shore up its IT infrastructure. Dean and his team deployed enterprise-grade networking and IT infrastructure emphasizing cybersecurity. For example, they implemented a state-of-the-art threat detection and response (XDR/EDR) platform and mandated security awareness training (SAT) for all employees. With these baseline security requirements covered, Dean turned his attention to additional measures that could improve the bank's security risk profile.

Engagement

Dean contacted the Procure IT cybersecurity team for guidance. Procure IT’s Managing Partner and head of cybersecurity Dylan Bouterse was ready and able to assist. Procure IT's consultative technology procurement model aligned well with Cogent Bank's need to evaluate existing cybersecurity and identify opportunities to close risk gaps.  

"Procure IT is a partner to our clients throughout their technology journey – whether that's addressing challenges, assisting with ongoing assessments, or helping them keep up with the latest technology advances and vendors," said Bouterse. "In the case of Cogent Bank, we were brought in not to fix something broken but to help them assess and improve."

Aggregate

Procure IT began the process by collecting data on current and ongoing IT security spend, performance, benchmarks and risk data, so its consultants could better understand Cogent’s IT existing environment.

Analyze

Procure IT’s consultants followed a methodical process, leveraging Interactive Qualitative Analysis (IQA) to identify opportunities for improvement in performance, spend or risk.

Procure IT discovered that Dean and his team had deployed a strong cybersecurity foundation and identified a few initial opportunities to strengthen security further, including:

•tightening email security, which is the No. 1 attack vector

•automating supply chain risk management for 300+ bank vendors

•boosting security management and monitoring to improve detection and response

Optimize

Based on these recommendations, Cogent Bank engaged Procure IT to help them identify solutions to close these gaps and mitigate future security risks.

Procure IT recommended the following solutions to achieve Cogent’s objectives:

•Upgrading their email security vendor, a Gartner Magic quadrant vendor, to a more modern integrated cloud email security (ICES) platform

•Implementing a vendor risk management (VRM) platform to streamline supply chain security audits

•Switching to a new managed security services provider (MSSP) for stricter security operations center (SOC) services

For each solution, Procure IT determined what Cogent wanted to accomplish, what they absolutely need and what's nice to have," said Bouterse. "From that information, we generated a 'scorecard' for potential vendors.

The scorecards serve to take the guesswork out of the equation, pinpointing vendor alignment with Cogent’s requirements and their overall value as a technology partner.

Source

On behalf of Cogent Bank, the Procure IT team engaged a short list of vendors, securing nondisclosure agreements and  coordinating initial discovery calls to complete the scorecards, saving the Cogent team valuable time.

"We interviewed the short-listed vendors to fill out their scorecards in advance, and we prepped them for Cogent Banks' requirements so Dean and his team didn't have to answer the same questions over and over,” said Bouterse.

Procure IT then coordinated discovery and demonstration calls between best-fit suppliers and Cogent.

When all vendor meetings and evaluations were completed, Dean’s team hadthe data they needed to make an informed decision and more  qualified suppliers to consider — all in a fraction of the time it would have taken if they managed the process in-house.

“Supplier engagement is  one area where Procure IT adds significant value,” said Dean. “On our own, we would not have identified as many supplier options, including the some of the ones we ultimately selected.

Procure IT's process shortens the request for quote (RFQ) process and offloads about five hours the bank would otherwise spend evaluating each vendor. With an average of a dozen vendors for each solution, that's, on average, 60 hours saved on each project.

"In addition to time saved, Procure IT's process prevents paralysis by analysis and helps clients arrive at an optimal solution much more quickly," said Bouterse.

Manage

The Procure IT team helped Cogent transition its security environment by managing solutions implementations and initial evaluations of their results. The team continues to monitor performance as well as spend and risk to identify potential issues or opportunities for fine-tuning and improvements. In addition, they keep tabs on market and technology developments and, if needed, make recommendations for processes or solutions that can further optimize performance, spend or risk metrics.

Results

Cogent Bank reported benefits from the new cybersecurity solutions immediately.

•Email security – Cogent Bank had implemented a basic solution for filtering, scanning and archiving. On Procure IT's recommendation, Cogent Bank conducted a proof of value (PoV) with one of the newer ICES vendors. "It took less than 10 minutes to implement and it started catching all kinds of threats our existing provider was missing," said Dean, noting that in one quarter, the new platform identified 12,000 phishing emails that the old system missed.

•Vendor Risk Management – As a financial institution, Cogent Bank must review its vendors' risk rating based on their security posture, policies, procedures, breaches, financial, customer complaints, cyber insurance, etc. "Tracking that info on a spreadsheet was not viable with over 500 vendors – from cleaners to tech vendors and everything in between," said Dean. "Now it's all done digitally with the VRM platform, and there's less follow-up required on our side."

•Managed Security Services – "Our MSSP was having issues even getting the logs from our servers, and their vulnerability scanning was throwing false positives and not showing positives," said Dean. "The new MSSP caught vulnerabilities in the last 40-50 desktops we imaged, so they proved their value right away."

"It took less than 10 minutes to implement and it started catching all kinds of threats our existing provider was missing," said Dean, noting that in one quarter, the new platform identified 12,000 phishing emails that the old system missed.

"The new MSSP caught vulnerabilities in the last 40-50 desktops we imaged, so they proved their value right away."

In addition, Dean said that working with Procure IT has provided Cogent Bank and its IT team with additional benefits.

"If we hadn't used Procure IT for these projects, we wouldn't have discovered some of the vendors that we evaluated and ended up selecting," said Dean. "The Procure IT team brings the knowledge of working with all these vendors. They know their weaknesses and strengths."

Procure IT's expertise and vendor vetting process also saved Cogent Bank time and money. "Procure IT did all the initial calls with MSSPs, so they came into our first meeting prepared.

The team’s deep bench found the best one and secured us a better deal than we could have gotten on our own. I can't imagine going through the process without Procure IT."

As a result of these initial successes, Cogent has engaged Procure IT to assist with two additional IT projects as well as future budget planning and initiatives.

‍