INDUSTRY: Life and Pensions

BUSINESS: Business process service provider for the life and pensions industry.

SCOPE: National

SIZE: 1,000+

BUSINESS CHALLENGE: Continuing growth in an already diverse IT infrastructure was putting unsustainable pressure on tools and processes for identifying vulnerabilities. This service provider wanted to gain a 360-view of emerging threats to systems.

SOLUTION:

• Qualys Vulnerability Management
• Qualys Policy Compliance

WHY THEY CHOSE QUALYS:

• Saves significant time and effort in scanning systems for vulnerabilities
• Boosts visibility of configuration, helping to maintain industry standards
• Allows for prioritisation of critical threats, saving time and effort while improving security posture

UK-based Service Provider Protects Key Life and Pensions Systems with Risk Assessment and Prioritisation

This UK-based service provider to the Life and Pensions industry has a diversified IT infrastructure. Using a new approach to vulnerability management, the company can react to emerging threats faster and more efficiently.

As an FCA-regulated Third Party Administrator, this UK company provides business process services to companies in the life and pensions industry.

Protecting Customer Processes

As one of the leaders in the provision of business process services to the life and pensions sector, this service provider must maintain a secure digital environment to ensure no interruption in delivery to its customers. Years of business growth had left the company with a diverse set of technology platforms to manage. As the company continued to grow and deploy new systems, the lack of standardisation made it increasingly difficult to monitor and remediate vulnerabilities.

The company’s spokesperson recalls: “We needed a number of different tools to check for vulnerabilities across different platforms and maintain the health of our network. As we experienced more and more growth, the tools we were using were increasingly inefficient in keeping track of the threats to our systems.

"Visibility of risks to our cyber security was the biggest challenge – our teams can’t fix threats if they can’t see them. We wanted an easy-to-use, one-stop solution to survey our whole environment; providing visibility of threats and information on the potential vulnerabilities across of all our systems. Keeping software updated with security patches was a key priority, as we need to maintain an industry-leading standard to continue our association with the Cyber Security Information Sharing Partnership (CiSP) – the body that gives us insight into the most serious threats to the life and pensions industry".

The time and effort required for the company to identify, prioritise and remediate digital threats was another problem. To support its ongoing growth and minimise risk to the smooth running of its customers’ outsourced business processes, the service provider looked for a solution to provide a 360-degree view of threats and vulnerabilities across its diverse infrastructure."

Prioritising Remediation Activities

The service provider decided to deploy two solutions from the Enterprise TruRisk Platform portfolio: Vulnerability Management (VM) and Policy Compliance (PC). The spokesperson explains: "The Qualys solutions offered the most 'must-have' features, making our choice an easy one. During the evaluation stage, we saw that Qualys VM provides quick, accurate and easy-to-understand information."

He adds: "The data we receive from Qualys VM is of high technical value, and our teams process this data manually because of their familiarity with our infrastructure. Qualys also provides seriousness scores on any threat detected on our network, enabling us to prioritise our risk remediation in terms of criticality. We overlay our own threat prioritisation on top of the Qualys assessments, allowing us to quickly resolve those threats that have the most potential for damaging our systems. A great benefit here is that working with Qualys effectively gives us access to the knowledge and experience they gain from working with a large global customer base."

Using Qualys VM to scan more than 4,000 IPs – both physical and virtual servers – enables the service provider to understand both historical and emerging vulnerabilities. Critically, the solution makes it easy to prioritise remediation so that the company can focus its limited resources on addressing the most important remediation tasks first. The spokesperson comments: "The Qualys solutions enable our teams to maintain a high level of responsiveness to emerging risks and vulnerabilities. As well as our scheduled scans, Qualys VM allows us to run ad hoc scans across our network to avoid the threat of zero-day exploits and other vulnerabilities that are quick to appear."

Alongside the vulnerability management solution, the service provider uses Qualys PC to check the configuration of existing and new servers against corporate and industry standards.

The company's spokesperson reports: "Due to the size of our infrastructure, checking servers manually against templates would be highly impractical. Now we have Qualys PC in place, we are beginning to utilise it in the build phase of our new servers, not just in production, so we know our systems are up-to-date and in conformance with our standards as we roll them out. This is vital for us to meet the CiSP guidelines, and represents a massive time-saving for our IT staff."

Faster Threat Detection

Adopting the Enterprise TruRisk Platform has enabled the service provider to take back control over cyber security even as its network continues to grow and diversify.

The company’s spokesperson comments: “The visibility of our entire set of digital assets has been significantly improved. Our remediation teams can now gain access to a tailored snapshot of any environment through the easy-to-use reporting tools, helping them identify, prioritise and remediate any potential threats faster and more efficiently.

"The risk prioritisation from Qualys is a major help. An easy 1-5 severity ranking makes it clear which threats are seen as most critical worldwide. Working in conjunction with our own threat prioritisation protocols, this enables us to focus our efforts on fixing the most important items first; and more insight about our vulnerabilities can only help to streamline the remediation process".

The Qualys solutions offer the company unique functionalities to further streamline the identification and resolution of digital threats.

The spokesperson explains: “A really useful feature of Qualys VM is the ability to enable one-time configuration of our domain admin-level authentication credentials and maintain them securely, so that we can leverage them multiple times. Doing this work once rather than multiple times represents a large time-saving without compromising on security.

"Qualys PC has helped to simplify our processes too, giving us the flexibility to modify control values, fine-tune the compliance profiles and more easily adhere to industry guidelines, helping to keep us at the forefront of the life and pensions sector."