Cloud Platform
Contact us
Asset Management
Vulnerability & Configuration Management
Risk Remediation
Threat Detection & Response
  • Overview
  • Platform Apps

  • Qualys Endpoint Security

    Advanced endpoint threat protection, improved threat context, and alert prioritization

  • Context XDR

    Extend detection and response beyond the endpoint to the enterprise

Compliance
Cloud Security

Cembra Builds a Cutting-Edge Security Operations Centre to Protect Digital Banking Services

Using timely threat insights to shrink the attack surface and enhance security for mission-critical financial systems.

www.cembra.ch

INDUSTRY: Banking

BUSINESS: Cembra Money Bank is one of Switzerland’s leading providers of financial services, offering a wide range of products including loans, leasing, credit cards and savings accounts

SCOPE: National

SIZE: 1,000 Employees

BUSINESS CHALLENGE: As it continues to invest in its digital banking capabilities, Cembra is always looking for innovative ways to enhance its information security posture. How could the company equip its new security operations centre with the capabilities for success?

SOLUTION:

  • Qualys VMDR
  • Qualys Certificate Assessment
  • Qualys Continuous Monitoring
  • Qualys Global AssetView
  • Qualys Policy Compliance
  • Qualys Threat Protection

Embracing Innovation

One of the leading financial services providers for Swiss residents, Cembra aims to nurture long-term loyalty by offering high-quality customer experiences. Increasingly, achieving this goal hinges on the bank’s online and mobile channels, which enable 24/7 access to products, services and support.

Operating in a highly regulated sector, robust information security is crucial for Cembra. The company is constantly striving to find better ways to protect its mission-critical systems and data, and harden its business against an evolving threat landscape.

George Necola, Team Manager, IT Security & Solution Design at Cembra Money Bank, explains, To meet our regulatory obligations and comply with our own stringent internal security policies, timely access to accurate data is essential. Vulnerability management and threat analytics will be even more important as we plan for the next phase of our digital transformation, which will see enhancements to our mobile banking services and a future move to container platforms.

Investing in Security

As part of its long-term security strategy, Cembra decided to build a hybrid Security Operations Centre (SOC). To empower the new SOC team to drive fast, well-informed decisions on cyber threats, the bank aimed to enhance its ability to identify, categorise, prioritise and respond to risks.

For a number of years, Cembra has relied on Qualys Vulnerability Management (VM)—part of the Enterprise TruRisk Platform—to drive its vulnerability management process. Based on its positive experiences with Qualys, the bank decided to build on its success by adding further capabilities to the platform.

We operate a medium-sized, virtualised server and desktop landscape, with a mixture of Windows and Linux systems, explains George Necola. The bank has always been very satisfied with the accuracy of Qualys VM reports—so much so that we recently moved to the next generation of the solution, Qualys VMDR.

We are a risk-based business, and we felt confident that Qualys could offer us solutions to enrich our existing information security data with additional risk insights. The aim was to help our SOC team to measure the effectiveness of the existing security policies, present this information to our information security board, and identify more effective ways to harden our policies going forward.

Why Cembra chose Enterprise TruRisk Platform:

  • Enables rapid, accurate and fine-grained vulnerability scanning, helping Cembra to identify potential cyber threats.
  • Delivers automated alerts on vulnerabilities and misconfigurations, cutting response times and increasing alignment with internal security policies.
  • Empowers Cembra’s security operations centre to correlate external threat information against current vulnerabilities, enabling effective prioritisation of remediation activities.

Enhancing the Capabilities

Working together with teams from Qualys and Qualys business partner Ceruno, Cembra deployed Qualys Policy Compliance (PC) and Certificate Assessment (CRA). With Qualys PC, the SOC can assess configurations against benchmarks from the Center for Internet Security (CIS), and identify potential issues with operating systems, databases, applications and network devices. Combined with insights from Qualys CRA, Cembra can also determine if any of its systems are using out-of-policy certificates, and manage all the data from a single point of control.

In addition, Cembra has extended its information security capabilities with Qualys Continuous Monitoring (CM) and Threat Protection (TP). Today, Qualys CM provides real-time alerts on network activity that could indicate an in-process attack. At the same time, Qualys TP and VMDR help to correlate known external threats against Cembra’s asset inventory—allowing the SOC to more effectively prioritise remediation tasks.

It’s extremely valuable to verify that our systems are appropriately patched and configured, and to track which certificates are due to expire, all from one pane of glass, comments George Necola. Crucially, these insights are dynamic. For example, if one of our engineers needs to roll back a system to an earlier state, we can immediately see that the server is out of policy and take the appropriate actions to remediate any vulnerabilities or misconfigurations.

Planning for the Future

Looking ahead, Cembra plans to make more prioritisation data from Qualys TP available to the SOC, enabling faster responses to zero-day vulnerabilities and other important threats. The bank is also exploring the possibility of deploying Qualys Container Security (CS) to support its upcoming Kubernetes initiatives, installing Qualys Cloud Agents to deliver real-time asset data, and integrating the Enterprise TruRisk Platform with its continuous integration/continuous delivery (CI/CD) pipeline.

We currently use a set of technologies to help maintain robust quality and security controls in our CI/CD pipeline, says George Necola. If we can replace these with a single Qualys solution, we will save a significant amount of management time.

He adds, In fact, Qualys is already helping us to avoid substantial amounts of manual work in our vulnerability management process. If we didn’t have an automation solution like the Enterprise TruRisk Platform, we estimate we’d need to hire three extra full-time equivalents for our security team.

These capabilities are also a real asset when critical vulnerabilities emerge. For example, our Qualys solutions allowed us to instantly verify which of our systems were patched against a major Citrix vulnerability—ensuring that silos of knowledge in the organisation didn’t become a single point of failure for security.

Ready for What’s Next

As it continues to invest in its digital channels, Cembra is confident that it has found the optimal information security partner to help protect its business from the legal, financial and reputational risk of cyber threats.

The more targeted, accurate information we can provide to our SOC and Platform teams, the more effective they can be at hardening the organisation against potential risks, concludes George Necola.

“In our years of working with the Enterprise TruRisk Platform, we’ve always found it to be stable, cost-effective, and insightful.”
George Necola
George Necola

Team Manager, IT Security & Solution Design, Cembra Money Bank

In our years of working with the Enterprise TruRisk Platform, we’ve always found it to be stable, cost-effective, and insightful. By harnessing automation from Qualys, we’re working to provide an auditable way to check that the appropriate security patches have been deployed, enhance the capabilities of our SOC team, and protect our customers 24/7.