INDUSTRY: Financial Services
BUSINESS: illion is an independent provider of data and analytics products and services in Australasia, offering consumer and commercial credit registries as one part of the core financial infrastructure of Australia and New Zealand.
SIZE: 456 employees
BUSINESS CHALLENGE: illion relies on millions of sensitive credit records to deliver full-service customer management solutions to clients across Australasia. With the threat of cyber attacks on the rise, the organization looked for a more effective approach to vulnerability management because its previous toolset made it difficult to gain insights into all endpoints across its estate.
SOLUTION: Qualys VMDR® with integrated apps for asset identification and management, vulnerability management, threat detection and prioritization; Qualys Cloud Security Assessment, Qualys Patch Management, Qualys Web Application Scanning.
With comprehensive consumer and commercial credit registries for 20 million individuals and over 2.5 million active companies across Australasia, illion delivers full-service customer management solutions to clients in the financial services, telecommunications, utilities and government sectors.
illion is a data and analytics technology company heavily reliant on its digital systems to serve its customers. The company operates thousands of assets deployed on-premises and cloud platforms.
Eugene Ostapenko, Head of Information Security, Risk and Compliance at illion, explains the challenge of keeping these systems protected: “Our services are completely data-driven, and our records include sensitive data such as consumer credit histories. It’s vital that we protect this information at all times for regulatory as well as reputational reasons. However, you can’t protect what you can’t see—and our previous approach to vulnerability management made it difficult to identify and remediate all our at-risk assets.”
Why they chose Qualys:
illion looked for a fresh approach to vulnerability management to gain a comprehensive view of threats across its broad estate. At the same time, the organization aimed to enhance its ability to patch its systems—shrinking the attack surface and mitigating the ever-growing risk of cyber attacks.
Eugene continues: “COVID caused a significant shift in how our employees worked. We traditionally used an on-premises product to patch our workstations when people were in the office. However, when the laptops were outside our network, we could not reliably patch nor validate that they had been patched successfully. We wanted a way to extend maximum protection to all endpoints, regardless of whether they are inside or outside of the firewall.”
illion chose Qualys VMDR® with TruRisk to strengthen its security posture. Combined with Qualys Cloud Security Assessment, Qualys Patch Management and Qualys Web Application Scanning, the solution delivers end-to-end protection against threats from detection to remediation.
“We have a lean security operations team, so we’re always looking for ways to improve our data security by optimizing resources,” explains Ostapenko. “When building the business case for Qualys, one of the big advantages we could highlight was the breadth of capabilities and high level of automation. The Enterprise TruRisk Platform enables us to detect and remediate vulnerabilities across all our endpoints, whether on-premises, in the cloud, or connected to external networks.”
By deploying lightweight Qualys Cloud Agents, illion now gains near-real-time visibility of assets across its environment and the active vulnerabilities to which they are exposed. illion has shortened vulnerability detection from every 30 days to every 4 hours.
And with Qualys Patch Management, illion manages remediation activities from a single point of control, which shortens patching from days to hours.
“Qualys Patch Management is invaluable for protecting devices that are infrequently or intermittently connected to the network,” says Eugene. “Qualys helps us to reliably patch to laptops whether inside or outside our firewall.”
After more than two years of building on its capabilities with Qualys, illion has shaped an effective approach to vulnerability management that is helping the company to keep sensitive data protected 24/7.
"Attackers are always looking for ways to exfiltrate sensitive data, and high-profile breaches like the recent attacks in Australia underline the importance of having the right people, processes and systems in place for vulnerability management and assets completeness,” states Eugene.
Looking to the future, illion plans to further enhance its approach by embracing a risk-based remediation strategy.
“One capability of Qualys VMDR that we’re very excited to utilize is risk-based prioritization,” explains Eugene. “By using real-time threat intelligence and machine learning from Qualys, we’ll be able to identify the most pressing issues to remediate first—helping us better target our resources for the maximum security benefit.”
illion has evaluated and recently purchased CyberSecurity Asset Management (CSAM) to deliver deeper insights into its attack surface, and improve asset analytics, including planning for the upcoming end-of-life software.
“There are a couple of use cases for CSAM that we are very interested in,” confirms Eugene. “We have dozens of customer-facing digital services, and in an agile environment like ours, it requires substantial manual effort to keep up with the fast pace of change. With CSAM, we’ll be able to automatically identify and reconcile the exposed assets, making sure they are fully protected. We also use the solution to perform automated breadth checks on our endpoints - helping us verify that the required security toolset protects each system.”
For illion, the path to greater security began with a clear understanding of what the organization needs to protect.
“One of the fundamentals for information security is knowing what assets you have and what threats they’re exposed to,” concludes Eugene. “Qualys gives us a complete picture of the cyber risks across our environment. This empowers us to make better-informed decisions year after year and keep our sensitive data protected.”
“Qualys gives us a more complete picture of the cyber risks across our environment. This empowers us to make better-informed decisions and keep our sensitive data protected.”
Head of Information Security,
Risk and Compliance, illion