Building an Industry-Leading Security Posture

Brasilseg gains deep insights into cyber threats across its entire IT estate with Qualys VMDR.

bbseguros.com.br

INDUSTRY: Insurance

BUSINESS: A company of BB Seguros, a holding company that concentrates the insurance, pension, capitalization and dental plans businesses of Banco do Brasil, Brasilseg operates in the Life, Housing, Rural and Mass sectors (Residential, Business, Condominium and Machinery and Equipment) with products sold at BB branches and on its digital channels. It has its own Relationship and Business Center in Franca (SP) and currently occupies first place in the accumulated insurance ranking in the country.

SCOPE: National

SIZE: 2,100 employees

BUSINESS CHALLENGE: Revamp the web application development lifecycle of Cisco's Government Trust and Technology Services group to make it more agile, collaborative, policy compliant, efficient and secure.

SOLUTION: Qualys Web Application Scanning (WAS)

To safeguard sensitive data for thousands of insurance policyholders across Brazil, Brasilseg used Qualys VMDR with TruRisk™ to extend vulnerability scanning coverage across all its IT assets—enabling complete visibility and fast remediation of cyber threats.

The Business Background

Because Brasilseg's insurance products protect thousands of people across the country, information security is a top priority. João Passos, Chief Information Security Officer at Brasilseg, confirms: “My team has a broad remit to manage our security posture and protect the company against potential threats—including everything from cyber risk and security governance to identity and access management. Maintaining our effectiveness in these areas is crucial, as any breach could have a significant regulatory and reputational impact on the business.”

Operating in a highly regulated sector, Brasilseg must ensure its compliance with information security and data governance requirements from Superintendência de Seguros Privados (SUSEP), Brazil’s domestic regulator for private insurance companies.

Passos continues: “Recently, SUSEP issued Circular No. 638/2021, which sets out new and more stringent requirements for insurance companies like Brasilseg to mitigate cyber risks. To ensure our compliance, we set out to analyze our existing policies and capabilities and identify areas for improvement.”

The BUSINESS CHALLENGE:

  • Brasilseg was regularly scanning its environment for vulnerabilities, but its previous tool had significant capability gaps
  • The previous tool was only able to scan around 50% of the total IT estate, potentially leaving endpoints exposed
  • The previous tool was unable to generate comprehensive reports on the organization’s overall security posture, increasing the risk of unpatched vulnerabilities.
  • Brasilseg’s previous tool was not able to measure the risk score or define the criticality of their assets based on context

The Qualys Solution

To rapidly achieve compliance with the latest information security requirements from its industry regulator SUSEP, Brasilseg replaced its previous vulnerability management tool with Qualys VMDR. An all-inclusive risk-based vulnerability management solution, Qualys VMDR with TruRisk enables the company to automatically discover assets, scan for vulnerabilities and prioritize remediation work based on risk and business criticality.

Passos says: “I’d previously used Qualys for over eight years in a security role at another leading business in Brazil, so I already knew first-hand how effective the solution is. By deploying lightweight Qualys Cloud Agents across our environment, we’re able to gain real-time data on vulnerabilities across all our systems—from servers to workstations to laptops.”

Working together with its trusted local technology partner Logical IT, Brasilseg configured VMDR to scan its environment automatically at regular intervals. By combining the solution with the Qualys CyberSecurity Asset Management (CSAM)solution, the company can visualize its attack surface and take targeted action to help ensure vital remediation tasks are completed in a timely manner.

The Qualys Difference

  • Enables rapid deployment with minimal training requirements, cutting time to value
  • Delivers real-time visibility of potential vulnerabilities across its assets
  • Helps ensure zero disruption for end users during vulnerability scans with ultra-lightweight Cloud Agents
  • Prioritizes high-priority remediation tasks automatically and enables effective tracking of open remediation tickets
  • Allows Brasilseg to quickly build custom reporting dashboards to track security metrics

The Business Benefits

  • Boosts vulnerability management scanning coverage from 50% to 100% of Brasilseg’s IT environment
  • Highlights threats wherever they reside in the estate, enabling the company to rapidly and effectively remediate vulnerabilities.
  • Provides accurate and comprehensive vulnerability management reports, facilitating internal and external audits
  • Helps Brasilseg achieve and maintain compliance with the latest regulatory requirements, including SUSEP Circular No. 638/2021

About Qualys

Qualys, Inc. (NASDAQ: QLYS) is a pioneer and leading provider of disruptive cloud-based security, compliance and IT solutions with more than 10,000 subscription customers worldwide, including a majority of the Forbes Global 100 and Fortune 100. Qualys helps organizations streamline and automate their security and compliance solutions onto a single platform for greater agility, better business outcomes, and substantial cost savings. For more information, please visit qualys.com. Qualys, Qualys VMDR® and the Qualys logo are proprietary trademarks of Qualys, Inc. All other products or names may be trademarks of their respective companies.

“I feel like an ambassador for Qualys in Brazil, because whenever my peers talk to me about their vulnerability management challenges, I always recommend Qualys VMDR. It’s easy to deploy, user-friendly, and provides accurate, actionable information on vulnerabilities—wherever they are in your IT environment.”
João Passos

Chief Information Security Officer, Brasilseg