Eurasian Bank Keeps Digital Services Safe and Secure Against Cybercriminals
To protect digital banking services from security threats, Eurasian Bank deployed a cloud-based vulnerability and asset management platform. Today, the bank can monitor, identify and resolve potential issues quickly and more easily than before.
Headquartered in Almaty, Kazakhstan, Eurasian Bank offers customers — ranging from individuals to SMEs to large corporations — a wide portfolio of banking products and services. The bank operates 16 branches and 130 service centres across the country, as well as four branches in Russia. A market leader in the retail banking space, Eurasian Bank is regularly voted Best Bank in Kazakhstan by publications including Asian Banking & Finance, Euromoney and The Banker, and manages assets worth KZT 989 billion (USD 2.8 billion).
Defending Digital Banking Services
Customer demand for digital banking has grown considerably in recent years. Today, Eurasian Bank offers comprehensive internet banking services, enabling customers to check their balance, make payments and transfer money online. For Eurasian Bank, keeping customer information and business systems secure is of the utmost importance.
Victor Evdokimov, Chief Information Security Officer at Eurasian Bank, begins: "Digital banking channels are a common target for cybercriminals, so keeping them secure is a constant challenge. We have a variety of web applications in place for our different online services and to keep customers' money and sensitive information safe, it is absolutely critical that we protect all of these applications, as well as our entire IT infrastructure, against attack."
Previously, Eurasian Bank often struggled to detect and address potential vulnerabilities, as Victor Evdokimov explains: "Vulnerability management was a huge headache for the IT team. Without a dedicated management solution in place, we were unable to get a clear picture of where our IT systems may be vulnerable to threats.
"Similarly, we also struggled to gain a unified overview of the IT assets in our environment. Monitoring our IT infrastructure, which includes everything from desktops and servers to ATMs, across such a large number of branches without a dedicated solution was becoming increasingly difficult.”
To ensure that customer-facing digital channels and mission-critical business systems were fully protected, Eurasian Bank wanted a quicker, easier and more comprehensive way to manage its assets and their vulnerabilities.
Why Eurasian Bank chose Qualys:
- Quick, easy and flexible deployment with cloud-based, SaaS model
- Comprehensive overview of entire network and its security status
- Less than one FTE required to manage assets and vulnerabilities thanks to automated scans
Taking Security to the Cloud
After evaluating products from a range of vendors, Eurasian Bank decided to deploy several solutions from the Enterprise TruRisk Platform, including Qualys Web Application Scanning (WAS), Qualys Vulnerability Management (VM) and Qualys Malware Detection (MD).
Victor Evdokimov recalls: “The Qualys solutions offered by far the most advanced vulnerability scanning capabilities of all the products we considered. The fact that the solutions are cloud-based was another key deciding factor.
"Because the Qualys solutions are available on a Software-as-a-Service basis [SaaS], we were able to get up and running very quickly. The Enterprise TruRisk Platform is a real plug-and-play system—there was very little we needed to set up and it was easy to integrate the Qualys solutions with our existing applications and platforms. What’s more, the easy scalability and flexibility of the Qualys solutions make them perfect for managing a large and growing infrastructure such as ours. Following the release of Qualys Cloud Agents, we can now get asset, configuration and vulnerability details in a matter of seconds, and quickly run scans without overloading the network."
Today, Eurasian Bank runs more than 10 scans daily using Qualys MD, Qualys VM and Qualys WAS. Victor Evdokimov comments: “We run basic malware and vulnerability scans every single day, and then more advanced scans on a weekly or monthly basis. The Qualys solutions scan our entire network for vulnerabilities and display the results from a simple, easy-to-use dashboard. This gives us a central viewpoint, enabling us to detect potential security threats much faster than in the past. Timely insight ensures that we can deal with any vulnerabilities quickly, helping us to prevent any security breaches."
The bank also deployed Qualys PCI Compliance (PCI) for continuous monitoring of its most critical systems in order to prove compliance with the Payment Card Industry Data Security Standard (PCI DSS).
"To comply with PCI DSS requirements we must show that there are no critical vulnerabilities on our core payment services," explains Victor Evdokimov. "Qualys PCI helps us do just that by monitoring payment services around the clock, enabling us to identify and then eliminate security issues as soon as they arise."
Reaching New Heights
Today, Eurasian Bank is making extensive use of the Qualys solutions. "Qualys has become a really integral part of our security strategy, and infrastructure" says Victor Evdokimov. "By providing asset and configuration details from Qualys Cloud Agents and quickly activating VM and Policy Compliance (PC) modules for them, we can quickly get the information and security status of any device. Qualys VM is a key weapon in our arsenal against cybercriminals, while Qualys WAS is now a standard part of the process when we create new web applications for our digital banking services. All web applications are automatically scanned each month for vulnerabilities and malware infections, so we can be sure that our online channels are well protected.
"To prevent breaches by cybercriminals, it's extremely important to monitor our entire network for potential vulnerabilities and threats. The Qualys solutions provide us with a unified overview of our applications and infrastructure, as well as top-notch analytical tools."
He continues: "The quality of information delivered by the Enterprise TruRisk Platform is excellent. In particular, the vulnerability information made available by Qualys VM is very extensive, giving us the insight we need to take targeted action, fast. The Policy Compliance module is most advanced I’ve ever seen. To set up an endpoint security policy and check IT infrastructure for compliance is easy and simple. In the past, policy compliance checks and vulnerability detection were difficult and time-consuming. With fully automated scans, Qualys VM and PC save us a significant amount of time and effort. Whereas we previously required a whole team of people to manage the network manually, now just one member of staff is responsible for vulnerability management – and they have a range of other duties, too. With the Qualys solutions, we need less than one FTE to keep systems secure, which helps to reduce operating costs."
“To prevent breaches by cybercriminals, it's extremely important to monitor our entire network for potential vulnerabilities and threats. The Qualys solutions provide us with a unified overview of our applications and infrastructure, as well as top-notch analytical tools. Qualys VM saves us a significant amount of time and effort.
With the Qualys solutions, we need less than one FTE to keep systems secure, which helps to reduce operating costs.”
Victor Evdokimov
Chief Information Security Officer, Eurasian Bank JSC
Victor Evdokimov concludes: "Overall, we are pleased with the Qualys solutions as they make monitoring and managing our network quicker, easier and more effective. The Enterprise TruRisk Platform is integral to keeping our digital banking services safe and secure for our customers."