BUSINESS: WINDTRE is the number-one mobile operator in Italy and among the main alternative carriers in the fixed-line market. It is part of the CK Hutchison Holdings Limited group, the sole shareholder of WINDTRE
BUSINESS CHALLENGE: Formed through a merger, WINDTRE faced the challenge of protecting its expanded enterprise from cyber threats. How could the company gain timely insights into thousands of endpoints?
WINDTRE is the number-one mobile operator in Italy and among the main alternative carriers in the fixed-line market. The company offers a comprehensive range of products, including mobile, fixed-line and internet services for consumers and businesses.
As a provider of critical telecom infrastructure and services, information security is a key focus area for WINDTRE. With cybersecurity best practices continually evolving, it is vital for telecoms organisations to keep internal and external network endpoints patched and protected.
Prior to the merger that created WINDTRE, Wind and 3 relied on a mixture of different manual processes and systems to help detect, prioritise and remediate vulnerabilities. To safeguard sensitive data and systems across the expanded enterprise, WINDTRE knew that it would be vital to find a reliable and cost-effective approach to deliver these capabilities at greater speed and larger scale.
Guido Galli de Paratesi, Information Security, Cyber Intelligence & Defence, WINDTRE S.p.a, explains, “With the birth of WINDTRE, we saw our server estate double in size, adding thousands of new network endpoints to our environment. Growing the business created valuable new commercial opportunities for WINDTRE, but it also increased the need for cyber protection. As a result, we targeted a more integrated, automated and efficient approach to vulnerability management.
In the past, the company’s business units relied on manual, resource-intensive scanning tools, which were typically unable to scan systems while they were running. With more than 6,000 servers and 7,000 workstations across the business, coordinating the process was a significant logistical challenge.
“We were looking for a solution that would enable us to scan our estate without the need to take our back-office systems offline,” continues Galli de Paratesi. “We were also keen to transition from a reactive to a proactive approach to vulnerability management. The aim was to take even faster action and close off potential threats.”
Why WINDTRE chose Qualys Cloud Platform:
After a careful evaluation of the leading vulnerability management solutions on the market, WINDTRE selected the Qualys Cloud Platform as its new company-wide solution.
“We were very impressed with the Qualys solution from several perspectives,” recalls Galli de Paratesi. “Qualys worked together with us on an in-depth proof-of-concept exercise, which helped us to put the solution through its paces and verify that it could accommodate our real-world use cases.
“On a technical level, the solution offers strong support for all the Windows and Linux operating systems in use across our business, including a number of legacy systems that would have posed significant difficulties for other technologies we considered. Most importantly, the Qualys solution can scan systems while they are running and present the findings in easy-to-digest dashboards for rapid analysis and action by our teams.”
Using Qualys Vulnerability Management with the lightweight Qualys Cloud Agent, WINDTRE has gained a 360-degree view into its entire inventory of network-connected assets and their potential vulnerabilities. Today, the Qualys Cloud Agent is part of all new workstation deployments and delivers fresh data every four hours.
“The insight we’re gaining from the Qualys solution isn’t limited to vulnerabilities—we’re also getting valuable information on the patching and configuration status of our assets,” comments Galli de Paratesi. “The Qualys Cloud Agent is so unobtrusive that it’s essentially invisible to our end users. Even by limiting the agent to a maximum of ten percent of a machine’s CPU resources, the solution gives us all the data we need to make informed vulnerability management decisions.”
Today, the Qualys Cloud Platform helps WINDTRE protect its back-office infrastructure 24/7.
“One of the most important benefits we see in the Qualys solution is the way it presents information,” explains Galli de Paratesi. “Especially for a large environment like ours, raw scanning data is all but impossible to interpret and act on quickly. Not only does the Qualys solution provide a complete inventory of our assets, but it also offers us the full remediation history of that asset and all the possible vulnerabilities.”
When critical security vulnerabilities are disclosed by vendors, WINDTRE is ready to identify its exposure and protect its systems.
Galli De Paratesi adds: “Using Qualys reports and dashboards, we can track the security posture and the potential attack surface of our assets over time, and prioritise actions based on the level of business risk. Being able to provide this clear visibility to our system owners allows us to patch systems that may be at risk quickly in a single pass—dramatically shrinking our cyber risk exposure.”
Building on its many years of success with the Qualys solution, WINDTRE continues to add new capabilities. When the COVID-19 crisis hit Italy in the early months of 2020, the company decided to deploy the Qualys Indication of Compromise (IOC) to help protect employees working outside of the corporate network.
“Like many countries in the spring of 2020, Italy implemented lockdowns to help contain the spread of the pandemic,” explains Galli de Paratesi. “With an unprecedented number of our employees working remotely, it was crucial that we could continue to protect our people, processes and systems from cyberattacks. Using IOC, we can automatically monitor network usage, identify potentially dangerous applications, and even quarantine suspect files.”
WINDTRE recently augmented its vulnerability management capabilities by moving from Qualys VM to Qualys VMDR: a single app for discovery, assessment, detection and response.
“Thanks to Qualys VMDR, we’re now beginning to realise our long-term goal of moving from reactive to proactive vulnerability management,” says Galli de Paratesi. “As well as empowering us to act faster on potential threats, the new risk-based approach is saving significant amounts of time behind the scenes. In this way, our lean team can focus on other value-added activities.”
Looking to the future, WINDTRE plans to explore additional opportunities to enhance its information security capabilities. The company is currently configuring Qualys Continuous Monitoring (CM) to perform weekly snapshots of its perimeter, totalling hundreds of ports across hundreds of thousands of IPs, to monitor and prevent potential risks.
“Thanks to our Qualys solutions, we have a single, trusted view to keep all of our network assets safe and our sensitive data protected at all times.”
Information Security, Cyber Intelligence & Defence, WINDTRE
Similarly, WINDTRE plans to expand its use of Qualys Web Application Scanning (WAS) and Policy Compliance (PC) to help ensure its systems are secured in line with internal best practices and external regulatory requirements.
“We greatly appreciate the Qualys team’s commitment to innovation. The long-term roadmap for the Qualys Cloud Platform is closely aligned with our own future vision for information security,” concludes Galli de Paratesi. “Thanks to our Qualys solutions, we have a single, trusted view to keep all of our network assets safe and our sensitive data protected at all times.”