How SaaS Platform Qualys® Helps Financial Institutions Maintain Transparency & Integrity with Its Integrated Security Solutions

In a Nutshell: With the continual evolution of online threats comes a constant need for more advanced forms of online protection. This is particularly true in the financial space, as the obligation to protect data is compounded by the fact that financial institutions have sensitive monetary transactions to protect to maintain customer confidence. The Qualys Cloud Platform works by not only scaling in real time to quickly respond to threats, but it allows users a “a single pane of glass” view of the security of their IT assets where that data resides. And since it’s cloud-based, it doesn’t require any upfront investments in infrastructure. Analyzing more than 1 trillion security events per year, it’s clear why more than 9,300 organizations in over 120 countries trust Qualys to protect their data. //

In today’s digital world, one of the biggest challenges financial institutions face is ensuring that sensitive data is protected from online threats. Up until fairly recently, businesses would store financial information internally on mainframes. Breaches were infrequent because there was often no external access to assets. As financial institutions have evolved, however, and have become heavily reliant on the IoT (Internet of Things) for customer banking services and credit file storage, the risk of personal data being compromised has increased dramatically.

The Qualys Cloud Platform is a cost-effective security solution that’s easy to set up and operates in real time to help businesses ensure that threats are avoided before they turn into actual attacks. It requires minimal day-to-day maintenance to work optimally, and it’s a very user-friendly system. We recently spoke with Mark Butler, Chief Information Security Officer at Qualys, about the platform.

“What our clients love most about us is we scale quickly, we don’t require up-front investments, and we have a single platform that they can access to look at data regardless of which application module they’re looking at,” Mark said.

Qualys is a key tool for financial institutions, scanning and detecting vulnerabilities, providing detailed reports, and advising on which to remove. One of the most appealing aspects of the service is that it responds to threats in real time and does it all on a single cloud-based platform. This includes protection like malware detection, asset views, and web application scanning.

“We help them understand what they have, what kind of condition it’s in, where they need to focus their improvement efforts,” Mark said. “We then help them to maintain their compliance over time.”

Having Qualys on board can be likened to having another employee on the team who never tires of monitoring hackers, documenting threats, and resolving issues across numerous hardware and software platforms. It enables businesses in the financial space to simplify their security operations, lower their overhead, and maintain a maximum level of online security, providing customers with peace of mind that their financial data remains safe.

“Qualys has been around since 1999,” Mark said. “We’ve been a SaaS platform ever since we started. Our focus has always been on helping enterprises, institutions, or financial services, regardless of the vertical.”

Few, if any, businesses these days are free from the risk of online threats, and most of those who work in the financial industry are keenly aware of how sensitive the information is that they store. Online security platforms have been evolving to detect more elusive threats, but many of the solutions are far too complex for the everyday user, and they can be time-consuming and costly to deploy.

“Part of the reason I came over to Qualys was to help with product strategy and alignment, and to make sure our roadmap was correct,” Mark said. “But I’m also here to help with getting our messaging out to the CIOs and the CSOs who know Qualys as a vulnerability company, but don’t know it as well as they should as a security platform company.”

One of the advantages of using Qualys is that it combines more than 10 applications into one suite.

Qualys has managed to successfully help its customers consolidate their security solutions into one platform. The platform leverages more than 10 applications and covers everything from web application security to network vulnerabilities and web application firewalls. By consolidating all of these functions, customers have one simple tool doing all of the work behind the scenes, thus meeting the needs of the evolving landscape without requiring an excessive number of security solutions.

“What we’re trying to do is get the visibility of all the applications and all the capabilities that we have within our whole suite,” Mark said. “Because there are a lot of capabilities that people are just unaware of or don’t know we have. We can take advantage of helping them not only reduce these security stacks, but we can simplify their environment.”

With subscription-based services from Qualys, users have the option to choose from three distinct cloud solutions — one geared toward small businesses, one toward mid-sized businesses, and one for global enterprises.

“The scale points to the cloud offering; using the cloud service, you can scan as many assets as you want and there’s a single console to go through for reporting,” Mark said. “There’s no additional hardware to invest in and deploy.”

Subscriptions are based on factors like a business’s number of IPs, web applications, scanners, and users. Subscription-based services help businesses streamline even more with no equipment or servers to install or maintain.

“There’s very limited ramp-up time, very little effort to get it going, and there’s not the traditional building of servers, building of reporting engines, having storage on the back end, or all of the traditional IT project work that you would typically have to go through with any large-scale, on-premise security solution,” Mark said.

Financial businesses continue to grow in the digital space with no signs of slowing, and their compliance and security needs are growing alongside them. As a result, the need has become even greater to recognize threats before they cause problems.

“If you’ve been following security for any length of time, you’ll notice that there’s either a swing toward prevention, or toward detection, or toward response — depending on the attacks of the day and where people are headed,” Mark said. “But we need it all — we need to protect what we can, and we need to detect anything that doesn’t get prevented, and we also need to be able to respond effectively.”

Qualys is continuously fine-tuning its products to move toward more prevention capabilities. This way, the software can respond by working to stop threats in real time versus having a team or analyst collect data to provide an independent action plan, which can be labor-intensive.

While there are many great SaaS tools on the market to help keep businesses safe online, few work as efficiently as Qualys, or for as little overhead. The platform helps companies in the financial space manage their threats efficiently so they can tend to other important areas of their business without the hassle of overly complex security tools.

Recently, Qualys worked with Capital One, helping the company from a security visibility standpoint as it was digitizing its products. Both companies co-presented at the Gartner Security and Risk Summit in National Harbor, Maryland, in June 2017, where Mark was joined by Reid Shelton, Senior Director of Vulnerability Management Operations at Capital One. The two spoke in detail on best practices for securing digital transformation, thus enabling digital innovation.

“They’re going through their transformation on a product services standpoint,” Mark said about Capital One. “We came in as a security solution platform to give them the visibility they need on the public cloud infrastructures.”

Qualys remains on the cutting edge of online security in the financial space as it continues to provide industries and enterprises, like Capital One, with the tools needed to achieve visibility across all IT assets, stop online threats in real time, and identify whether they’ve been compromised. All of this is done in a single view, free from infrastructure maintenance, thus simplifying the entire process and helping businesses maintain customer confidence in protecting financial data.