Information Security Executive (ISE) West finalists and winners were announced in a gala event in San Francisco last night held by T.E.N.-Tech Exec Networks, Inc. The awards recognize executives and projects with outstanding achievements in risk management, data asset protection, compliance, privacy and network security.  Today we’re happy to congratulate Drew Maness, vice president of worldwide content protection and anti-piracy, Technicolor, who won the ISE West People’s Choice Award. The award represents the nominee who best exemplifies information security leadership as voted on by the registered attendees. Drew was also recognized as a finalist in the Executive of the Year Category.

Drew’s achievements have focused on ensuring the company is using the best products and technologies for its security and risk needs, including adopting the most advanced devices to improve physical security, and deploying QualysGuard to automate vulnerability management across the company. As a result, Drew has served as a business partner for business owners at Technicolor, enabling their activities while ensuring that systems remain as secure as possible.

QualysGuard Express has been awarded the SC Magazine Europe Award 2010 for Best Small and Medium Enterprise (SME) Security Solution. The award was announced at the SC Magazine gala dinner held at the Wyndham Grand London in Chelsea Harbour on April 27, 2010.

"QualysGuard Express brings us the simplicity of deployment and use while providing a continuous, very comprehensive and accurate assessment of our security and compliance posture," said Barrie Ainsworth, head of IT for Kiddicare. "Furthermore as Qualys continues to deliver additional services to its platform, we are seeing that QualysGuard is a very good longterm investment."

Click here to read the full news release.

With more than 100 manufacturing and services facilities in 27 countries, 12,000 employees, and $4.5 billion in annual sales (2008), Manitowoc has global reach. It is recognized as one of the world’s largest providers of lifting equipment for the global construction industry, including lattice-boom cranes, tower cranes, mobile telescopic cranes, and boom trucks.

Maintaining the global IT infrastructure necessary for Manitowoc’s business operations is vital to the company’s continued success. A central part of those efforts is ensuring that its hundreds of servers and thousands of workstations are maintained within its internal IT security policy, that misconfigurations are spotted and fixed, and that outdated patch levels are made current.

"We wanted to make certain we were approaching our vulnerability management program as effectively as possible," says Subash Anbu, CIO at Manitowoc. "That meant evaluating a number of vulnerability assessment solutions and then picking the one best suited for managing a global infrastructure such as ours."
 
"QualysGuard gives us a comprehensive view of all of our endpoints around the world," says Kevin Sonnemann, IS Security Analyst for Manitowoc. "Now we’re always aware of the security posture of our systems, and QualysGuard provides a way to consistently audit to make sure administrators are getting the patching done."

"The distributed nature of QualysGuard, and the way our scanners are deployed around the world, definitely makes it easier too. Each scanner is always the same and the security checks always up to date," he says.

Click here to read more about why Manitowoc selected QualysGuard to help the company manage global risk more effectively. 

Ideal Innovations, Inc., (I-3) is a consulting firm that specializes in scientific, engineering, and security technologies designed to protect lives, enhance survivability, and enable more efficient operations. Since its founding in 1998, I-3 has grown from two employees to more than 300, with personnel also located in West Virginia, Texas, and overseas in both Iraq and Afghanistan.

Along with that growth in size and scope, I-3’s dependence on business-technology systems has grown. And the reality is that small and mid-sized businesses today, such as I-3, are faced with daunting security pressures.That’s the challenge John deGruyter, senior network security engineer at I-3, had to meet. As I-3’s business grew, so did it’s need to better manage the vulnerabilities on its IT infrastructure. For its vulnerability management efforts, I-3 had been relying on a set of various commercial and open source tools to keep its systems secure.  To improve efficiency, I-3 elected to try QualysGuard Vulnerability Management (VM), from Qualys Inc.

"While we were testing QualysGuard, a serious client-side vulnerability had just come out. The day after the vulnerability was announced, QualysGuard VM was able to detect it," explains deGruyter. "QualysGuard’s expedient response time was significant for us as we looked for ways to better protect our end users," he says.

"Another of the strengths of QualysGuard that immediately stuck out was the ability to securely run scans on our other locations. Our previous scanner required much more maintenance and required us to log in to multiple locations," he adds. "It would sometimes take 10 minutes for the vulnerability scanner to download the latest updates and be ready to scan.  QualysGuard is fast. Just logon, select what you want to scan, and go," says deGruyter.

Click here to read more about how I-3 ensures that its systems are hardened in the most cost-effective and quickest way possible.

The greater Los Angeles metropolitan area has noticed and rewarded First Federal by helping it grow to the fourth largest Los Angeles-based financial institution, with thirty-nine branches and assets exceeding $6 billion.

To ensure that its systems are both secure from breaches and always available to its customers, the bank’s IT and security team relies on QualysGuard.

"QualysGuard is accurate and easy-to-use," says Brian Rodeck, vice president, technical services manager at First Fed. "We wanted to have as current and as accurate a view of the status of our systems as possible, and that requires automated assessments and an up-to-date database."

"QualysGuard’s reports help us to focus on the areas we need to. For instance, we can generate reports that give business managers the information they need to know, or we can create reports that will help us to focus on any critical, pressing vulnerabilities. It helps us know what matters right now," says Thomas Tse, network security officer at First Fed. "When QualysGuard finds a vulnerability, it doesn’t just kick out an alert that states 'you have this vulnerability' — it details how that vulnerability can be secured."

Click here to read more about how First Federal assesses its vulnerabilities with QualysGuard.

Since 1997, online payroll and HR services provider Paylocity has delivered innovative payroll services and human resource software to employees and businesses throughout the country. Paylocity now serves nearly 5,000 clients and maintains an enviable 97 percent client retention rate.

Previously, to keep systems secure, Palyocity relied on a number of manual vulnerability scanners. But, as the number of systems and the complexity of applications grew, those scanners could not keep pace.

"They required a lot of updating and maintenance. And there were too many false positives for us to deal with," recalls Edward Fortune, director of information technology at Paylocity. "I read about Qualys in an article that listed the top 10 vulnerability assessment tools, and QualysGuard was high on the list." After conducting the first assessment, Fortune was impressed. "I was simply amazed by how many items QualysGuard was able to accurately identify," he says.

"The information QualysGuard provides is something that normally would take me an entire day, or even a week, depending on how many vulnerabilities we’re managing, if I were to research all of that manually," he says. "Now, it’s done in hours. And I understand everything: the problem, the potential exposure, and all of the available fixes. This is a significant amount of time savings, month after month, especially when you consider the amount of effort it takes to manually identify vulnerabilities and research the potential impact of vulnerabilities on your system. It’s just tremendous."

Click here to read more about how Paylocity efficiently and effectively maintains the security of their systems.

Originally founded in 1999 as the Web portal Furniture.com, the company quickly became the furniture industry’s leading e-commerce destination. Building on that success, Blueport Commerce took its decade of experience and developed an e-commerce platform designed for big ticket retailers including furniture, flooring and lighting, to help them deliver increased profits. Blueport Commence now services more than 2,000 stores that represent more the $8 billion in sales.

Every day, Blueport Commerce processes credit card transactions made on its customers' sites, so it must comply with the Payment Card Industry Data Security Standard (PCI DSS). Additionally, its retail customers need the assurance that Blueport Commerce’s systems meet the highest security standards.

"Contending with security and compliance is a by-product of being an e-commerce company, and is an ever-growing concern," says Morgan Woodruff, chief operating officer at Blueport Commerce. "Compliance and security are must-haves in our market segment, so we have to do our best to meet, and even exceed, rules and regulations."

"We scan our entire public IP network every night," explains Fotios Magoufis, director of IT operations at Blueport Commerce. "Through automated, segmented scans we are constantly assessing the infrastructure. We’re very pleased with our decision – Qualys has lived up to its reputation for being the best security and compliance product on the market."

Click here to read more about how Blueport Commerce remains compliant with PCI DSS and assures their customers that its systems operation to the highest security standard. 

Ranked as one of the oldest and largest top public research universities in the nation, University of Utah’s IT infrastructure consists of thousands of servers and tens of thousands of endpoints totaling more than 30,000 individual IP addresses.  

Like most regulated organizations, the university’s IT security and compliance teams are always under pressure to ensure that the business is running both secure and within compliance.

The network assessment tools the university had relied on were not only inaccurate, but wouldn’t enable functional automated scan cycles. They’d also, often times, crash the systems being evaluated.

"Our security program is finally getting to the point we wanted to reach all along: where the vulnerability scans are transparent, said David Feyler, manager of information security operations for the University of Utah. "It’s as if there was this angst when the security team showed up before, and, 'oh no, we are going to get scanned again. That’s all gone now."

Click here to read more about how QualysGuard was able to reduce the University of Utah’s IT risks associated with system misconfigurations and vulnerabilities and achieve automation, accuracy, and transparency.

Moving away from manual network assessments to an automated vulnerability management program, OfficeMax Mexico, which manages 78 OfficeMax Superstores throughout the country, streamlined PCI DSS compliance and also improved the accuracy of its assessment scans.

"QualysGuard has been easy for us to deploy, and makes it possible for us to secure our systems, save time, and maintain PCI compliance more easily," said Ricardo Rodriguez, Information Security Manager for OfficeMax Mexico.

QualysGuard provides OfficeMax Mexico a proactive way to protect the company’s network throughout the entire vulnerability management lifecycle, including asset discovery, asset prioritization, vulnerability assessment, and analysis, remediation, and fix verification. And its highly flexible, on-demand architecture means that it’s easy for each of OfficeMax’s team members to successfully meet their individual security responsibilities.

Click here to read more about how OfficeMax Mexico streamlined PCI DSS compliance and improved the accuracy of its assessment scans.

Keeping organizational IT security risks low requires careful planning, diligence, continuous execution of a risk management program, and the support of every employee. One of the most important aspects of ING Singapore’s security management program has everything to do with keeping every employee informed, through an ambitious security awareness program.  ING Singapore invests significant effort to make sure its networks and systems are configured properly and protected by various layers of defenses, which include anti-virus applications, intrusion detection and prevention systems, and data leakage applications.

"Vulnerability assessment is an important activity within our security management framework," says Mangaraja Saut Martua, Manager, Information Protection and Business Continuity Management for ING Singapore. "It’s how we find systems that are not in policy, locate those that need software patches, and then verify that our patches have been installed properly." For ING Singapore, with 1,000 systems, that’s no small task. For vulnerability assessments, Martua uses QualysGuard, from Qualys Inc. "QualysGuard provides us with very precise reports on which we can act quickly."

Click here to read more about how ING Singapore assesses its vulnerabilities with QualysGuard.