ABLV Bank Strengthens Information Security and Regulatory Compliance

ABLV Bank uses a cloud-based vulnerability and configuration management solution to secure IT systems and client data against cyber threats, and maintain compliance with ever-evolving regulatory standards.

www.ablv.com/en

INDUSTRY: Financial Services

BUSINESS: Headquartered in Riga, Latvia, ABLV Bank offers private banking, investment and financial planning services.

SCOPE: Regional

SIZE: 850+ employees

BUSINESS CHALLENGE: To protect critical systems and customer data, and comply with regulations, ABLV Bank must precisely target and mitigate the impact of known vulnerabilities and potential threats to its IT infrastructure.

SOLUTION:

  • Qualys Vulnerability Management
  • Qualys PCI Compliance
  • Qualys Policy Compliance

Founded in 1993, ABLV Bank has grown to become the largest private bank in Latvia. Today, it manages approximately €2.81 billion in deposits, and total assets of €3.72 billion for its clients, who count on ABLV Bank for shrewd financial management and strong risk control.


Building a Strong Line of Defence

Keeping client investments and information safe requires constant effort and vigilance. With both security threats and regulatory pressures evolving all the time, ABLV Bank must work hard to make sure its operations remain protected and compliant.

Aleksejs Kudrjasovs, Head of Information Security at ABLV Bank, explains: "Banks have always been a target for cybercriminals, so having a strong security ecosystem is top priority for us. Our clients are putting their finances in our hands, and we can’t afford for their sensitive information or savings to be compromised."

At the same time, as a financial services provider, ABLV Bank faces intense scrutiny from both local and EU regulators. One example is the upcoming General Data Protection Regulation (GDPR), which gives EU citizens the right to access, correct, transfer or delete personal information held by any organisation at any time. Non-compliance comes with harsh penalties of up to €20 million or four percent of the total annual revenue from the prior financial year, whichever is higher.

"GDPR will bring a huge shift in the way personal data is managed, and having a solid information security strategy in place is key to helping us meet the new requirements," continues Aleksejs Kudrjasovs. "A big part of this strategy is maintaining a clear picture of our entire IT infrastructure—understanding what systems we have, what their update and patching status is, where vulnerabilities might exist—and resolving any issues in a timely manner. To achieve this level of visibility and protection, we need the right IT security tools."

Why ABLV Bank chose Qualys:

  • Provides comprehensive overview of entire network and its security status.
  • Helps keep critical systems and sensitive client data protected at all times.
  • Supports compliance with regulations including GDPR and PCI DSS.
  • Reduces workload for IT security team with automated vulnerability and configuration scanning.

Banking on Qualys Cloud Solutions

For close to ten years, ABLV Bank has counted on the Enterprise TruRisk Platform to help protect mission-critical IT systems from ever-evolving security threats.

Aleksejs Kudrjasovs comments: "When it came to selecting a security management solution, Qualys was our choice. Qualys has a proven reputation as a leader in the IT security space, and we knew that their solutions could deliver the enterprise-grade protection that our operations demanded."

Today, Qualys Vulnerability Management (VM) provides ABLV Bank with comprehensive monitoring of all its IT assets. The bank’s IT security team uses Qualys VM to scan hundreds of Windows and Linux servers, both virtual and physical, along with its virtual desktop infrastructure.

"We have established a very controlled approach to vulnerability management, supported by Qualys VM" says Aleksejs Kudrjasovs. "We run regular scans of all our systems, as well as ad hoc scans following important security events, such as major ransomware attacks."

"Along with defined processes and timelines for patching different parts of our infrastructure and unique visibility of the whole infrastructure provided by Qualys VM gives us edge and proactive approach in vulnerability management."

In addition, ABLV Bank uses Qualys Policy Compliance (PC) to assess the security configurations of its IT systems, and ensure they remain compliant with internal policies and external regulations.

"Qualys PC simplifies the process of checking configuration settings on our servers, data bases and workstations, helping us make sure that all systems are properly configured," notes Aleksejs Kudrjasovs. "We can resolve any issues quickly, and ensure we are following best practices—helping us meet security requirements."

The bank is also using Qualys PCI Compliance (PCI) to meet Payment Card Industry Data Security Standard (PCI DSS) requirements for protecting cardholder data.

Aleksejs Kudrjasovs explains: "To comply with PCI DSS requirements we must show that there are no critical vulnerabilities in our core payment services. Qualys PCI helps us do that by monitoring payment services around the clock, enabling us to identify and eliminate security issues as soon as they arise."

“The Qualys solutions bring clear visibility to the vulnerabilities of our infrastructure. The more informed we are about potential threats, the more we can do to protect our most critical assets.”
Aleksejs Kudrjasovs

Head of IT Security, ABLV Bank

Reaping the Rewards

With comprehensive, highly automated scans, Qualys solutions help ABLV Bank to prove compliance to both internal stakeholders and external regulators, while saving time and effort for its IT security team.

Aleksejs Kudrjasovs states: "With Qualys VM and PC, we have complete assurance that vulnerability and configuration management are being taken care of. This makes life easier for me and my team, and provides greater reassurance for our executives and auditors. In fact, when regulators are on site to perform an audit, we find that vulnerability management is the easiest part of the exercise. It’s always good to be able to show auditors that you are following best practices."

By placing the Enterprise TruRisk Platform at the heart of its security strategy, ABLV Bank can effectively monitor and manage any vulnerabilities that place its infrastructure at risk.

"Qualys forms an integral part of our security strategy," confirms Aleksejs Kudrjasovs. "The Qualys solutions bring clear visibility to the vulnerabilities of our infrastructure. The more informed we are about potential threats, the more we can do to protect our most critical assets."

He concludes: "I would absolutely recommend Qualys to any company looking to gain better insight and control of their security and compliance posture. Thanks to Qualys software, we can work more effectively to safeguard important systems and client data, which helps ABLV Bank maintain its reputation as a trusted institution that stands by its clients at every step in their banking journey."