INDUSTRY: Financial Services
BUSINESS: Insurance, financial services
SCOPE & SIZE: The oldest bank in Latvia. 6,896,000 Lats; 248 Employees
- Put into place a sustainable vulnerability management program
- Maintain compliance to PCI DSS
- Qualys Vulnerability Management
WHY THEY CHOSE QUALYS:
- As an on demand service, Qualys VM requires no additional infrastructure to be deployed.
- Detailed network discovery and mapping, asset prioritization, vulnerability assessment reporting, and remediation tracking.
- Software and security checks being maintained for by 3rd party.
- Able to run as many assessments as needed without additional costs.
- PCI DSS compliance process is straightforward.
Trasta Komercbanka Reaps Vulnerability Management Dividends
For Trasta Komercbanka, traditional on-premise vulnerability assessment software just wasn't going to be as effective as Qualys’ Software-as-a-Service vulnerability management solution.
Trasta Komercbanka (TKB) offers its clients a full menu of financial services. In fact, all of its financial solutions are custom designed with attention to each and every detail of the needs of its customers. That's to be expected, for sure, from the oldest bank in Latvia. And that's exactly what TKB delivers – professionalism and trust.
Today, a crucial part of maintaining that trust is through the proper and secure maintenance of business-technology systems. To uphold its networks, TKB has roughly fifteen full time employees who oversee the bank's three primary networks. Securing its online banking system, as well as the records of the bank and its customers, is of critical importance.
A core tenet of an effective security program is vulnerability management. By consistently identifying and mitigating system vulnerabilities, such as software flaws and configuration errors, the infrastructure is kept within compliance and is substantially more resilient to attack. However, finding and mitigating system vulnerabilities is no easy task. Additionally, TKB bank – like many Latvian banks – is taking the steps necessary to ensure that it's compliant with the Payment Card Industry Data Security Standard (PCI DSS), which requires continuous compliance with a dozen security practices. These include maintaining firewalls, tight access control, encryption, and an ongoing vulnerability management program that ensures devices, systems, and applications are kept secure and up to date.
"Qualys has helped us achieve exactly what we needed to do for vulnerability management and risk reduction."
IT Security Administrator,
Vulnerability Management: On demand found superior than on-premise assessment tools
To meet that challenge, TKB needed to find a vulnerability scanner – an application that evaluates networked devices for outdated software and system misconfigurations that would place them at risk to successful attacks. After evaluating a number of vulnerability assessment applications, Eugene Misnik, IT security administrator at TKB, had an important decision to make. "Some vendors suggested buying the software and then installing it, which requires purchasing additional equipment. Other vendors wanted to sell services and have them perform the assessments," Misnik explains. "Managing our own software and hardware, or having to outsource the assessments did not look cost effective in our evaluation," he says.
Through its Software-as-a-Service (SaaS) delivery model, Qualys provides TKB the detailed network discovery and mapping, asset prioritization, vulnerability assessment reporting, and remediation tracking it needed. Powered by the most comprehensive vulnerability knowledge base in the industry, Qualys VM spots and helps to remedy the software flaws and system misconfigurations that make many attacks possible. Also, as an on demand service, there is no additional infrastructure for TKB to deploy.
"That was one of the huge benefits of Qualys VM, the fact that it is the only vulnerability management solution that is provided as a Software-as-a-Service," Misnik says. "We have the advantage of the software and security checks being maintained for us, with the additional benefit of being able to run as many assessments as we need without any additional costs."
He continued: "At first we conducted tests on our external systems with Qualys. After witnessing positive results, we selected Qualys as our primary way to conduct vulnerability assessments for our internal and external systems.
"Qualys VM has proven its worth to us in our periodic network assessments and testing systems we needed to maintain PCI DSS compliance. The process is straightforward: we conduct the assessment with Qualys VM, our IT department receives the results with the description of all measures necessary for elimination of defects.
"Qualys has helped us achieve exactly what we needed to do for vulnerability management and risk reduction," Misnik says.