BUSINESS: Pakistan's largest converged services carrier, delivering a comprehensive range of telecommunications services to individual and enterprise customers.
SIZE: More than 20,000 employees
BUSINESS CHALLENGE: Lacking a unified approach to vulnerability management, Pakistan Telecommunication Company Limited found it difficult and time-consuming to detect and resolve security threats to its infrastructure.
Pakistan Telecommunication Company Limited uses Qualys Vulnerability Management (VM) to deliver in-depth insight into its IT assets and to provide automated, intelligent vulnerability scans of their internal and external IP addresses.
WHY THEY CHOSE QUALYS:
- Agility: Automated report generation enables detection of security threats within just 20 minutes
- Quality: Accurate, timely vulnerability assessments help reduce hardware outages by 20 to 30 percent.
- Efficiency: Prioritization enables staff to focus resources on resolving the most critical issues.
Pakistan Telecommunication Company Limited Adopts a Comprehensive Approach to Securing IT Assets and Strengthening Its Security Posture
By deploying Qualys Vulnerability Management, this Pakistani telecoms giant has reduced infrastructure incidents by 30 percent and gained a transparent platform for securing its most vital business systems.
As Pakistan’s largest integrated telecommunications service provider, Pakistan Telecommunication Company Limited (PTCL) offers a full spectrum of mobile and fixed-line telephone, data and broadband services to consumers. The company also acts as an infrastructure provider to other telecom operators and corporate customers.
“When it comes to risk management, Qualys VM is a fundamental building-block that will help to guarantee total security for PTCL’s most critical IT assets.”
Senior Manager (Security Operations Centre), Pakistan Telecommunication Company Limited
Business at PTCL is booming – the company has fought off fierce market competition to post a 31 percent increase in revenues in the first half of 2013 – but this growth has not come without its hurdles. As PTCL broadens its service portfolio and network coverage to serve an expanding customer base, maintaining high levels of security for the enterprise systems underpinning its operations has become increasingly challenging.
Shumila Hameed, Network Security Engineer at PTCL, explains, “We manage a complex IT infrastructure, which supports everything from enterprise resource planning (ERP) and customer relationship management (CRM) systems to email servers and databases. These systems are absolutely essential to the day-to-day running of the business, and we simply cannot afford for systems to go down or for data to be compromised.”
Taking Action Against Security Threats
Previously, PTCL lacked an established approach to vulnerability management, and relied on largely manual processes to monitor and address issues across its IT infrastructure. The company did not have full visibility of IT security risks and threats posed to its business applications. As a result, PTCL could not be sure that the appropriate steps were being taken to reduce risks and secure critical data.
“We knew that there were vulnerabilities in our network, but identifying them was difficult and time-consuming,” notes Ms. Shumila. “After experiencing a growing number of incidents where servers would crash or issues would be reported, we realized that we needed to make some changes to our network security strategy.”
To better safeguard its infrastructure against security threats, PTCL selected Qualys Vulnerability Management (VM) as its strategic solution for identifying vulnerabilities and automating the entire lifecycle of network auditing and vulnerability management.
Building a Better Picture of IT Assets
PTCL’s first step was to use Qualys VM to provide network discovery and mapping across hundreds of servers and IP addresses. With a clear picture of every network device and software application within its infrastructure, PTCL can better understand what the risks are for its assets.
“Qualys has given us a level of insight into our network that we simply did not have before,” says Ms. Shumila. “Using the solution, we have built a highly accurate map of our networks, subnetworks and IT assets. Now that we know which assets are live and available, we no longer have to spend time scanning inactive assets, which helps us take a more strategic approach to risk management.”
Targeting and Resolving Vulnerabilities Intelligently
Having gained better visibility of its IT environment, PTCL is now working to identify and fix vulnerabilities. The security team uses Qualys VM to run weekly scans of IT assets and perform ad-hoc scanning after deploying new applications.
Qualys VM helps PTCL to prioritize and fix vulnerabilities intelligently. Using a five-tier rating system, the solution ranks the severity of vulnerabilities from low to critical, enabling the security team to prioritize their remediation efforts according to the criticality of the vulnerabilities and threats.
“After performing regular scans on an initial group of servers with Qualys VM, we were able to completely eliminate all critical issues on these servers, which has been a huge boost”, remarks Ms. Shumila. “We are now working to ensure that our larger, current set of servers are correctly patched and protected. By prioritizing vulnerabilities, the Qualys solution allows us to focus our resources on the most important issues first, which is a big help for our small security team.”
In-Depth, Accurate Reporting
PTCL is using Qualys VM to create automated, detailed reports that are delivered to application teams via email. The reports alert users to any vulnerabilities that have been identified on the system, and offers recommendations for remediating these issues, making it easier for asset owners to stay on top of security risks. PTCL creates monthly reports for senior management, highlighting all vulnerabilities that have been flagged by the solution and detailing the current status of remediation plans.
“Qualys VM has made a huge difference to the quantity and quality of the security information that we manage,” explains Ms. Shumila. “We can clearly see what issues are present on our systems, and take appropriate action to resolve them. Even more importantly, we can demonstrate to business leaders that we have a well-planned approach to vulnerability management, which helps to build confidence that risks are being addressed properly.”
Strengthening Security for Critical Assets
With better visibility into vulnerabilities across its IT landscape, PTCL has been able to target problems faster and reduce the total number of vulnerabilities present in the infrastructure.
“While previously we struggled to identify threats, we can now find and remove vulnerabilities much more quickly and easily,” comments Ms. Shumila. “Within minutes, we can obtain a detailed report of the vulnerabilities across our network thanks to the powerful, automated reporting capabilities of Qualys VM. It would have been almost impossible to gain this level of insight in the past; with Qualys, we don’t even have to think about it – the solution takes care of scanning automatically.”
The team at PTCL is still working to address vulnerabilities throughout its computing landscape. With Qualys VM, the company has a powerful tool for managing evolving risks.
Ms. Shumila concludes, “We have seen significant improvements to the overall health of our IT infrastructure. By detecting issues and applying patches based on recommendations from Qualys VM, we have been able to reduce the number of server outages by around 20 to 30 percent. This means that we are better placed to provide business users with uninterrupted access to all the applications and information they need to work effectively. When it comes to risk management, Qualys VM is a fundamental building-block that will help to guarantee security for PTCL’s most critical IT assets.”