CaixaBank Relies on Qualys to Deal with Security Threats and Strengthen Customer Trust

Using Qualys Vulnerability Management, CaixaBank has reduced the time spent identifying and resolving system vulnerabilities, enhancing the protection of sensitive customer data and helping to prevent potential cyber-attacks.

Founded in Barcelona in 1906, CaixaBank has grown to become one of Spain’s major private banks, with more than 27,700 employees and 6,000 branches, and serving more than 13 million customers across the country.

CaixaBank has built its success on putting customer satisfaction ahead of everything else: providing effective and trusted service to customers is the company’s top priority. As part of this strategy, the bank places a strong emphasis on continuously improving the security of critical customer information and business systems.

Jordi André Vallverdú, Information Security Manager at CaixaBank, explains, “Our most valuable and important resource is customers’ confidential data, including information on financial operations, credit cards, and personal details. Failing to safeguard this information would put our leading position in the market at risk.”

The advent of new services has broadened the IT security risk profile for CaixaBank. As part of an on-going effort to better serve customers, the bank recently launched a number of mobile banking services, enabling customers to conveniently access account information and perform transactions on the go. With use of its mobile services taking off, the bank faced new challenges when it came to keeping customers’ information safe.

Jordi André Vallverdú comments, “We are now leaders in the mobile banking sector in Spain – a development that has brought new opportunities, as well as risks. For instance, certain mobile operating systems are prone to external threats, and we must ensure that we can eliminate any potential risk before it becomes service-impacting.

“We need to be completely confident that our security solutions provide adequate protection for our internal computing systems, especially those used to support mobile banking applications. We want to ensure that our customers are always kept safe when using our services, whether in branch, online or from their smartphone or tablet.”

Rapid and Reliable Risk Detection

Realizing that the previous tool for system monitoring and vulnerability detection did not offer a high enough level of performance to comprehensively protect all of the bank’s IT assets, CaixaBank looked for a new solution. Following an extensive product-analysis project, involving several different vendors, the bank selected Qualys Vulnerability Management (VM) as the solution best suited to its requirements.

Jordi André Vallverdú continues, “We had worked with Qualys in the past, and had full confidence that they could deliver the high level of quality and performance we needed. We were further encouraged by the ease of use and rapid deployment of Qualys Vulnerability Management; we could quickly get to grips with the tool and start protecting our systems right away.

“The Qualys solution comes as a standalone appliance, so it is easy to configure and manage. In fact, the appliance works so well that we have only needed assistance from Qualys support on one occasion, and they proved to be extremely professional and highly responsive.”

Continuous Monitoring and Bespoke Reporting for Enhanced Security

At the beginning of every month, CaixaBank performs a full scan of all its servers and thousands of IP addresses using Qualys VM. The bank has built separate views for different areas of the business – for example, home banking, financial services, credit cards – which enables it to see the potential impact of vulnerabilities on the relevant services.

“We use Qualys VM in conjunction with a software tool that we have developed in-house.” says Jordi André Vallverdú. “Any potential vulnerabilities detected by the Qualys solution are reported to this tool, so we gain a clear view of our security status across the entire system, all throughout the month, and can also narrow that view down to individual servers for greater precision.”

In this way, the security manager of each department can access a granular view of their own specific area, while Qualys VM monitors the overall infrastructure in an integrated and centralized way.

“The ability to create highly customized and department-specific security reports was, in fact, one of the key features that attracted us to Qualys VM, as each area of the business relies on different types of reports.” confirms Jordi André Vallverdú. “In particular, the Qualys solution helps us to structure our two core-business reports: a technical one, and a server-related one – for which Qualys VM enables us to identify vulnerabilities within the most critical servers.”

He continues: “We are highly impressed by the solution’s reporting capabilities, so much so that in the near future, we are planning to use Qualys VM to support us in setting up a new, crucial report for PCI Data Security Standards.”

Taking Faster, Targeted Action against Threats

With Qualys VM in place, CaixaBank has improved its understanding of vulnerabilities across its infrastructure, helping the bank keep IT systems and applications – including those used for mobile banking – safe from the risk of attack. This helps the bank to ensure that sensitive customer information remains totally protected at all times, enhancing customer trust and strengthening brand image.

Jordi André Vallverdú says, “Qualys VM tells us precisely what the problem is, as well as where it lies, and provides us with a complete and user-friendly set of instructions on how to fix it. The Qualys solution allows us to identify threats in a much more agile way, and tackle vulnerabilities much faster, which saves us considerable time and effort.”

Convinced by its positive experience with Qualys VM, CaixaBank is planning to adopt other Qualys solutions in the near future, as Jordi André Vallverdú explains, “At the moment we have plans to extend Qualys Web Application Scanning to our whole environment. This solution – working in conjunction with our existing comprehensive web scanning system – will help to keep cyber-attacks on web applications at bay, and give us an extra layer of protection against threats.”

He concludes, “Qualys VM was definitely the ideal choice for our requirements. The solution has helped us maximize protection and raise security levels throughout our business. We can tackle and fix vulnerabilities much faster and have total peace of mind that our systems and data are secure, even when our customers are performing financial transactions from a mobile device.”