Cloud Platform
Contact us
Asset Management
Vulnerability & Configuration Management
Risk Remediation
Threat Detection & Response
  • Overview
  • Platform Apps

  • Qualys Endpoint Security

    Advanced endpoint threat protection, improved threat context, and alert prioritization

  • Context XDR

    Extend detection and response beyond the endpoint to the enterprise

Cloud Security

Success Story

Adopting a Risk-Based Approach to Safeguard a Fast-Growing Bank

Banco PAN Shrinks Attack Surface with Qualys Enterprise TruRisk Platform

Executive Summary

To deliver value-added customer services, Banco PAN is growing rapidly by acquisition, which significantly increased its attack surface. With Qualys, the bank has slashed workstation-related vulnerabilities by 95% and server-related vulnerabilities by 51%, helping it strengthen its security posture as its growth journey continues.

Headquartered in São Paulo, Brazil, Banco PAN is a commercial bank offering a wide range of products, including credit cards, payroll loans, digital banking and more. With over 25 million customers, the bank was founded in 1969 and transacts more than US $8 billion annually.

Customer Environment

3 locations across 3 subsidiaries
Supporting almost 3,000 Windows workstations, 1,000 onpremises servers and 2,000 EC2 on AWS cloud environment

Business Background

Banco PAN is on a mission to provide customers across Brazil with innovative, digitally enabled services that help make life easier. The bank is expanding its service offering and recently acquired Mobiauto, a digital platform for buying and selling used cars, and Mosaico, the company behind leading price comparison sites Zoom and Buscape. While the acquisitions connected Banco PAN to valuable new markets, the bank faced the challenge of protecting a much larger IT infrastructure against cyber threats.

Business Challenges

Remediate thousands of vulnerabilities across workstations, on-premises servers and AWS cloud environments
Reduce mean time to remediate (MTTR) critical and high vulnerabilities to meet internal service-level agreements (SLAs)
Avoid the need to increase headcount by replacing manual processes and tools with automated vulnerability management workflows
Accelerate the deployment of patches across the entire estate, including Linux and Windows environments
Improve the completeness and accuracy of data in ServiceNow to boost the visibility of outstanding remediation tasks

Getting started with Qualys was very straightforward, and the Qualys VMDR patch integration with ServiceNow saves us a massive amount of time. When Qualys detects a vulnerability, the solution automatically opens a ServiceNow ticket, applies the appropriate patch, and closes the ticket.

The Solution

Banco PAN deployed Qualys VMDR with Qualys TruRisk to target and accelerate its remediation efforts. The risk-based vulnerability management solution offers seamless Qualys VMDR Patch integration with ServiceNow and helps the bank prioritize remediation based on the likelihood of exploit, business criticality, and asset exposure.

Today, Banco PAN uses an automated workflow to import vulnerabilities with a high or critical Qualys Detection Score into ServiceNow via the VMDR integration, making them instantly visible to system owners throughout the organization. When Qualys detects a vulnerability, the solution automatically opens a ServiceNow ticket, applies the appropriate patch, and closes the ticket. Using Qualys Patch Management, the bank can deploy thousands of patches without manual input—helping it to rapidly shrink its attack surface.

Our proof of concept with VMDR convinced us that we’d found the answer to our vulnerability management challenges. Using lightweight Qualys Cloud Agents deployed across our infrastructure, VMDR detected ten times more vulnerabilities than in the same period the previous year. Crucially, TruRisk enabled us to prioritize those vulnerabilities—helping us to focus on the highest-risk items.

Qualys Difference

Transitioned from a reactive approach to a proactive, risk-based methodology for vulnerability management
Gained end-to-end visibility across the vulnerability management lifecycle, from discovery to remediation
Automated the tracking and assignment of remediation tasks integrated into ServiceNow, replacing manual, spreadsheet-based work
Increased the visibility of potential threats, including thousands of previously undetected vulnerabilities
Streamlined patching processes, enabling a lean vulnerability management team to handle a larger volume of remediation tasks
Automated vulnerability change requests to align with ITIL best practices

The Business

70% of critical and high vulnerabilities remediated within just 30 days, helping the bank meet its SLAs

54% faster MTTR for servers and 68% faster MTTR for workstations, reducing the risk of a breach

95% decrease in workstation-related vulnerabilities and 51% reduction in server-related vulnerabilities, shrinking the attack surface

75% reduction in full-time equivalents assigned to vulnerability management activities, freeing up resources to focus on additional security tasks

96% accuracy on CMDB after adding previously unmatched CIs

Patch Management is a real game-changer for Banco PAN. We can automatically deploy patches to all parts of our estate, from our Windows workstations to our Linux cloud environments. This decreased our risk exposure and increased our efficiency as it freed up our analyst to focus on additional security tasks.