QSC 2022: Listening to the Voice of the Customer

It would be redundant to state that today’s threat landscape is growing increasingly sophisticated and erratic. With all types of attacks becoming “commonplace,” the baseline for normal is abnormal. Bad actors are taking advantage of whatever attack vector they can whether that is a phishing campaign or a ransomware attack, and organizations are falling victim. 

Cybersecurity is different than most industries. If we cannot deliver for our customers and they suffer a breach, damage to their business could be devastating – in some cases, to the point of no return. Putting customers first entails listening to their pain points, understanding the threat landscape, evolving to meet bad actors where they are and beating them to where they are going. What does a customer-first approach in cybersecurity look like and how can you enable customers to succeed in protecting their company crown jewels?

Pacific Dental Services leverages Qualys to empower developers

Nemi George, CISO for Pacific Dental Services is using Qualys Cloud Detection and Response (CDR) to protect his AWS workloads. Pacific is the back-office IT supplier for 900 different dental offices across 25 states and was looking to upgrade its existing security tools that weren’t very useful. He wanted to deliver a solid cloud-native security solution that would help stop the rising threats of phishing and ransomware and provide comprehensive coverage across Windows and Linux instances and defend against zero-day threats.

“I needed a tool that could respond quickly and that could be effective on the first day it was installed. I got sick of spending months tweaking my Data Loss Prevention tool, so it had to be easy to deploy. Qualys CDR provided an instant return on our investment.” George was also looking to integrate with his Palo Alto Networks equipment and support his Microsoft Office 365 collection of users. “Qualys has been very effective at stopping various threats. We tested it against our legacy security tools that were only able to detect 20% of the threats – Qualys found all of them and did its work in record time.”

“We wanted something that didn’t incur any production downtime and could provide real-time visibility of our core systems with low false positives. Qualys was able to show our cloud engineering and devops teams how to be more efficient because everyone could see the security issues at the same time. The engineers would fix their code themselves without having to be told what to do by the security team. The speed of change is essential and empowers the developers when they get an alert, even if they aren’t security experts, they know their devops tools.”

Mercury Financial uses Qualys as a source of truth for assets

Dlaine Miley, a senior cloud security engineer for Mercury Financial, uses various Qualys solutions as the single source of truth for all assets. Her team has built dashboards for seamless reporting to senior leadership on their overall risk posture and enables self-service aspects. “Departmental users can get data on their own which has reduced our TCO. We have seen a 21% overall improvement in mean response time, improvements in time to release our code and improved PCI compliance posture. Having Qualys has removed bottlenecks from our security teams. In addition, using risk prioritization has saved us 75% in time to do our remediation efforts since we can do a rapid triage of our vulnerabilities.”

Miley mentioned that her auditors now trust the Qualys-generated reports and “found them to be customizable, comprehensive, information-rich and efficient for auditing purposes. It puts us on a great footing for PCI DSS 4.0.”

Syntax leans on VMDR with TruRisk to educate customers on managing risk

Jose Najera works on the Vulnerability Management team for Syntax – a company that operates 12 data centers around the world, mainly supplying SAP and Oracle ERP solutions. He has been using various Qualys products for more than a decade and works directly with 500 security specialists at his customers’ sites to help reduce their risk profiles. He found that his customers were having difficulty doing asset inventories, with a series of manual processes – all of which meant they had a limited understanding of their risks.

“Our solution was to leverage VMDR with TruRisk,” he said. “We did daily lightweight discovery scans, tagging assets comprehensively and accurate asset scoring. Tagging was key to this strategy, making it relevant to the business so we could tell the right story to our C-suite and speak a common language.” Syntax also created dedicated dashboards to prioritize remediation actions and identify aging software along with software that required reboots to complete installation.