Qualys - Security On Demand
CASE STUDY: First Bank & Trust

First Bank & Trust

Service: Retail and Commercial Banking
Scope: New Orleans metropolitan area
Employees: 200 employees, nine branches
Web site: www.fbtonline.com

The Story

Business Problem

Cost-efficiently strengthen the security of bank networks, computers and applications.

Operational Hurdle

Better manage vulnerability assessment and remediation processes.

Solution

QualysGuard Express enables cost-efficient, on demand vulnerability management.

Qualys Helps Metropolitan Bank Document Compliance and Manage Business Risk

Strengthening the Bank's data security program was the first priority in Daniel Hereford's new job as Data Security Officer at First Bank & Trust. The private community bank in New Orleans is growing rapidly, so ensuring the security of growing networks is critical for protection and privacy of customer data.

The bank was looking to strengthen and widen its protections and security precautions, says Hereford. "That's why we looked for a third-party solution to help find and fix vulnerabilities." Hereford evaluated four products and chose QualysGuard from Qualys, Inc.

"Not only do we use QualysGuard to perform all of our vulnerability assessments, it also helps us demonstrate compliance with financial regulations and manage overall business risk."

Daniel Hereford
Data Security Officer First Bank & Trust

Hereford says the Bank had previously used an open source tool, but found it was limited in capabilities and provided no vulnerability management process. "QualysGuard has given us an automated formal process that is sophisticated, detailed, accurate and recurring." First Bank and Trust is in the early stages of its QualysGuard deployment but expects this level of service to continue.

"Now we have direct control over assessment and remediation -- and a truer picture of security for the Bank's management," Hereford says. He uses reports from QualysGuard to identify and manage risk and what it takes to mitigate those risks. Reports are also used to help demonstrate compliance with the Gramm-Leach-Bliley Act for F.D.I.C. auditors. "The credibility of third-party security audit documentation is an important part of compliance," he says.

Hereford says the on demand QualysGuard service requires no extra infrastructure or Bank overhead to run and provided a quick return on investment. "We have to watch our budget. Qualys was the most effective product that offered us the broadest benefits for the cost," says Hereford.

Why the Bank Chose Qualys

  • Effective, cost-efficient solution
  • 3rd party documentation of vulnerabilities
  • Easy to use Web-based solution required no infrastructure to deploy or manage