INDUSTRY: Financial Services
BUSINESS: Retail and Commercial Banking
SCOPE: New Orleans metropolitan area
SIZE: 200 employees, nine branches
BUSINESS CHALLENGE: Cost-efficiently strengthen the security of bank networks, computers and applications.
OPERATIONAL HURDLE: Better manage vulnerability assessment and remediation processes.
SOLUTION: Qualys Express enables cost-efficient, on demand vulnerability management.
WHY THEY CHOSE QUALYS:
- Effective, cost-efficient solution
- 3rd party documentation of vulnerabilities
- Easy to use Web-based solution required no infrastructure to deploy or manage
First Bank & Trust
Qualys Helps Metropolitan Bank Document Compliance
and Manage Business Risk
Strengthening the Bank's data security program was the first priority in Daniel Hereford's new job as Data Security Officer at First Bank & Trust. The private community bank in New Orleans is growing rapidly, so ensuring the security of growing networks is critical for protection and privacy of customer data.
“Not only do we use Qualys to perform all of our vulnerability assessments, it also helps us demonstrate compliance with financial regulations and manage overall business risk.”
Data Security Officer at First Bank & Trust
The bank was looking to strengthen and widen its protections and security precautions, says Hereford. “That's why we looked for a third-party solution to help find and fix vulnerabilities.” Hereford evaluated four products and chose Qualys.
Hereford says the Bank had previously used an open source tool, but found it was limited in capabilities and provided no vulnerability management process. “Qualys has given us an automated formal process that is sophisticated, detailed, accurate and recurring.” First Bank and Trust is in the early stages of its Qualys deployment but expects this level of service to continue.
“Now we have direct control over assessment and remediation -- and a truer picture of security for the Bank's management,” Hereford says. He uses reports from Qualys to identify and manage risk and what it takes to mitigate those risks. Reports are also used to help demonstrate compliance with the Gramm-Leach-Bliley Act for F.D.I.C. auditors. “The credibility of third-party security audit documentation is an important part of compliance,” he says.
Hereford says the on demand Qualys service requires no extra infrastructure or Bank overhead to run and provided a quick return on investment. “We have to watch our budget. Qualys was the most effective product that offered us the broadest benefits for the cost,” says Hereford.