illion enhances the security of sensitive consumer credit records
Leveraging integrated vulnerability and patch management workflows to gain better visibility of threats, shrink the attack surface, remediate faster and reduce risk.
Protecting millions of records
With comprehensive consumer and commercial credit registries for 20 million individuals and over 2.5 million active companies across Australasia, illion delivers full-service customer management solutions to clients in the financial services, telecommunications, utilities and government sectors.
illion is a data and analytics technology company heavily reliant on its digital systems to serve its customers. The company operates thousands of assets deployed on-premises and cloud platforms.
Eugene Ostapenko, Head of Information Security, Risk and Compliance at illion, explains the challenge of keeping these systems protected: “Our services are completely data-driven, and our records include sensitive data such as consumer credit histories. It’s vital that we protect this information at all times for regulatory as well as reputational reasons. However, you can’t protect what you can’t see—and our previous approach to vulnerability management made it difficult to identify and remediate all our at-risk assets.”
Why they chose Qualys:
- Discovers assets and detects vulnerabilities across all endpoints, both on-premises and in the cloud
- Enables reliable patching, even for endpoints infrequently or intermittently connected to the network
- Automates key vulnerability management processes, enabling a lean security team to protect a large employee community
- Delivers risk-based prioritization insights, empowering illion to focus on the most serious threats.
Aiming for 360-degree visibility
illion looked for a fresh approach to vulnerability management to gain a comprehensive view of threats across its broad estate. At the same time, the organization aimed to enhance its ability to patch its systems—shrinking the attack surface and mitigating the ever-growing risk of cyber attacks.
Eugene continues: “COVID caused a significant shift in how our employees worked. We traditionally used an on-premises product to patch our workstations when people were in the office. However, when the laptops were outside our network, we could not reliably patch nor validate that they had been patched successfully. We wanted a way to extend maximum protection to all endpoints, regardless of whether they are inside or outside of the firewall.”
Selecting an end-to-end solution
illion chose Qualys VMDR® with TruRisk to strengthen its security posture. Combined with Qualys Cloud Security Assessment, Qualys Patch Management and Qualys Web Application Scanning, the solution delivers end-to-end protection against threats from detection to remediation.
“We have a lean security operations team, so we’re always looking for ways to improve our data security by optimizing resources,” explains Ostapenko. “When building the business case for Qualys, one of the big advantages we could highlight was the breadth of capabilities and high level of automation. The Enterprise TruRisk Platform enables us to detect and remediate vulnerabilities across all our endpoints, whether on-premises, in the cloud, or connected to external networks.”
Comprehensive insights, effective patching
By deploying lightweight Qualys Cloud Agents, illion now gains near-real-time visibility of assets across its environment and the active vulnerabilities to which they are exposed. illion has shortened vulnerability detection from every 30 days to every 4 hours.
And with Qualys Patch Management, illion manages remediation activities from a single point of control, which shortens patching from days to hours.
“Qualys Patch Management is invaluable for protecting devices that are infrequently or intermittently connected to the network,” says Eugene. “Qualys helps us to reliably patch to laptops whether inside or outside our firewall.”
Defending against the latest threats
After more than two years of building on its capabilities with Qualys, illion has shaped an effective approach to vulnerability management that is helping the company to keep sensitive data protected 24/7.
"Attackers are always looking for ways to exfiltrate sensitive data, and high-profile breaches like the recent attacks in Australia underline the importance of having the right people, processes and systems in place for vulnerability management and assets completeness,” states Eugene.
Moving towards risk-based prioritization
Looking to the future, illion plans to further enhance its approach by embracing a risk-based remediation strategy.
“One capability of Qualys VMDR that we’re very excited to utilize is risk-based prioritization,” explains Eugene. “By using real-time threat intelligence and machine learning from Qualys, we’ll be able to identify the most pressing issues to remediate first—helping us better target our resources for the maximum security benefit.”
Assessing the attack surface
illion has evaluated and recently purchased CyberSecurity Asset Management (CSAM) to deliver deeper insights into its attack surface, and improve asset analytics, including planning for the upcoming end-of-life software.
“There are a couple of use cases for CSAM that we are very interested in,” confirms Eugene. “We have dozens of customer-facing digital services, and in an agile environment like ours, it requires substantial manual effort to keep up with the fast pace of change. With CSAM, we’ll be able to automatically identify and reconcile the exposed assets, making sure they are fully protected. We also use the solution to perform automated breadth checks on our endpoints - helping us verify that the required security toolset protects each system.”
Becoming more secure, year after year
For illion, the path to greater security began with a clear understanding of what the organization needs to protect.
“One of the fundamentals for information security is knowing what assets you have and what threats they’re exposed to,” concludes Eugene. “Qualys gives us a complete picture of the cyber risks across our environment. This empowers us to make better-informed decisions year after year and keep our sensitive data protected.”
“Qualys gives us a more complete picture of the cyber risks across our environment. This empowers us to make better-informed decisions and keep our sensitive data protected.”
Eugene Ostapenko
Head of Information Security,
Risk and Compliance, illion