In recent years, BRAC Bank has driven a far-reaching digital transformation—equipping it to offer responsive, high-quality online services both to corporate clients and retail customers. As the bank’s digital channels have evolved, the frequency and sophistication of cyberattacks have also grown significantly, creating new information security challenges for the organization.
B M Zahid ul Haque, Head of Information Security at BRAC Bank, explains: “Hackers are constantly finding new ways to access internal corporate networks. One popular method for cyber attackers to exploit is the lead time between discovering a software vulnerability and remediating it. Many vulnerabilities act as back doors into key systems, allowing hackers to bypass normal security measures such as the corporate firewall. To defend against these types of attacks, addressing threats promptly is crucial.”
Through its commitment to product innovation and customer service, BRAC Bank has built up a strong reputation in its marketplace. To safeguard its reputation—and to meet evolving regulatory standards around information security—the bank aimed to enhance its approach to vulnerability management.
“Regulatory requirements in Bangladesh and international frameworks such as the Payment Card Industry Data Security Standard (PCI DSS) and ISO 27001 all mandate regular vulnerability scans to help protect sensitive customer data,” continues Haque. “In the past, we relied quite heavily on manual systems and processes for vulnerability management, which meant it took a significant amount of time and effort to generate consolidated reports and get a clear view of our risk exposure. To meet the latest regulatory requirements and safeguard our hard-won reputation, we decided to look for a more efficient approach.”
After an extensive evaluation of several leading vulnerability management solutions, BRAC Bank selected Qualys Vulnerability Management. With the Qualys solution, BRAC Bank gains an end-to-end solution that helps protect its information systems from cyber threats.
“Following a request for proposals, we formed a cross-functional team to assess the performance of each potential solution against a number of key technical and operational criteria, including functionality, scalability, support, and total cost of ownership,” recalls Haque. “Of all the solutions we considered, we felt that Qualys Vulnerability Management was the best fit for our organization. As well as delivering outstanding results in our proof-of-concept exercise, Qualys has a solid track record of successful implementations in the banking industry—giving us confidence that the solution would meet our vulnerability management needs in the long term.”
Why BRAC Bank chose Qualys:
Working with trusted cyber advisory and solutions partner OneWorld InfoTech, BRAC Bank configured the Qualys solution to deliver a 360-degree view of its cyber risk.
With real-world intelligence from Qualys, BRAC Bank prioritized the most severe vulnerabilities, helping it to target remediation efforts where they are needed most. Using the data from automated scans from Qualys Vulnerability Management, the bank was easily able to extend the solution to scan web applications, gaining instant visibility of all systems at risk. The bank also deployed Qualys Policy Compliance, which leverages the collected data to ensure that each system is configured to meet the applicable regulatory standards.
Haque comments: “We have around 8,000 endpoints in our IT environment. Some of these—such as employee laptops—only come online at certain periods in the day, which means they could be missed by a scheduled scan. By deploying lightweight Qualys Cloud Agents to these devices, we receive timely data on vulnerabilities as soon as they come online, which helps ensure every part of the estate is protected.”
Since partnering with OneWorld InfoTech to deploy the Qualys solution, BRAC Bank has achieved its goal of strengthening its approach to vulnerability management. By switching from ad hoc scans and manual reporting methodologies to a highly automated solution, the bank’s security operations center gains the deep risk insights it needs to identify, monitor, and shut down threats before they can be exploited by cyber criminals.
“Armed with data from Qualys, we can make fast, better-informed decisions on information security,” confirms Haque. “By using Enterprise TruRisk Platform Apps to automatically scan our on-premises systems, we’ve achieved enterprise-class vulnerability management capabilities extremely cost-effectively, which allows us to keep our IT team lean and free our personnel to focus on value-added activities.”
Building on a complete inventory of all IP-connected devices on its network, BRAC Bank can understand its current risk exposure, define the target level of risk, and track its progress toward that objective. In this way, the bank is uncovering the strengths and weaknesses of its information security strategy and optimizing its investment in cyber capabilities.
“Hackers are always looking for new and more effective ways to penetrate banking systems, but Qualys lets us stay one step ahead,” says Haque. “The implementation went quite smoothly, and support from our internal teams and higher management was key to making it happen. Our management has a sharp focus on security and provides continuous support and guidance.”
Haque concludes: “Thanks to our work with Qualys and OneWorld InfoTech, we can protect customer data—and our leading reputation—from cyber criminals 24/7. We’re extremely pleased with the results we’ve achieved so far. Cyber security is a journey, and Qualys solutions will definitely boost our capabilities as the bank’s digital transformation continues.”
“Cyber security is a journey, and Qualys solutions will definitely boost our capabilities as the bank’s digital transformation continues.”
Head of Information Security, BRAC Bank