P&V Group is a Belgium based cooperative, providing insurance solutions to individuals, businesses, and the public. Faced with the growing threat of cyberattacks targeting financial institutions, the insurance group turned to Outpost24 for timely vulnerability identification and enhanced security governance
Industry: Insurance Products: Network Security
P&V Group Challenge
Building a robust vulnerability management program
Insurance is a highly regulated sector and growth can be impacted if security controls cannot be proved to clients and regulators alike. The security team at the P&V Group must combat this ongoing challenge by ensuring security is a priority throughout the business.
Carlo Werbrouck, Chief Information Security Officer oversees the security including its 1,700 employees and 600 distributed insurance agents, reporting to the group CIO and managing the security governance alongside key security strategies: physical and information security. All three elements are essential to the secure running of the operations and ensuring the business remains compliant with insurance regulations and proving security assurance to their large client base, which is key to achieving their 2022 security maturity targets in the business plan.
To maintain asset visibility and security governance for the entire organization, the P&V Group opted for Outpost24’s network security assessment tools to protect their infrastructure and perimeter. With discovery scans and continuous assessment, it ensures any issues and deviations identified by the security team can be communicated to IT and dealt with quickly in line with their security KPI’s and policies.
Before utilizing Outpost24 Carlo didn’t have structural access to the granular information around CVE’s and threats to direct his decision making. The information on vulnerabilities from yearly and ad hoc pen tests soon became insufficient as the attack surface changed, making it difficult to keep up with new risks.
“Outpost24 helps us better understand our overall attack surface. We needed the ongoing vulnerability data to know where we stood and take the right action to improve our security maturity. Without the baseline information from Outpost24 we wouldn’t have known where the biggest problems were and be able to progress and mature our security program.”
Carlo Werbrouck, Chief Information Security Officer
Carlo and his team now use this information to improve the security posture and prove compliance status for the insurance regulators and clients, which is also essential for the company’s cyber security insurance policy.
Outsourcing VM to increase security maturity and optimize efficiency
As the business grows Carlo encounters the same problems many CISOs face – security resource and skills shortages. Overwhelmed with the threat of a breach, compliance and a growing number of new CVEs, the security team needed a better understanding of their risks vs vulnerabilities and more manpower to handle the day to day work of vulnerability assessment. That’s when P&V Group decided to subscribe to Outpost24’s Managed Services vulnerability management program, so he can focus resource on more strategic projects and provide value add to the business.
“By investing in a managed vulnerability management service from Outpost24 we’ve achieved greater visibility on external threats through the daily vulnerability checks on our external networks. Outpost24 is invaluable to our business, providing the biggest source of information in relation to the dangerous outside world.”
Carlo Werbrouck, Chief Information Security Officer
NZZ benefits from automated scanning that continually checks for known vulnerabilities, with minimal impact to production. They can be confident that any critical issues discovered are flagged immediately for remediation, which is important for a media business delivering highly dynamic content in real-time. This removes the security bottleneck and ensures the security team is able to take a proactive approach to vulnerability management without getting in the way of development, which is essential for ensuring their online audiences receive the best experience at all times.
Erich comments, “The Outpost24 platform saves us time. The alerting feature means I can investigate any issues when notified, which is set up to match our business parameters and filter out irrelevant findings that clog up my inbox, helping my small team with multiple responsibilities to better collaborate with DevOps and prioritize vulnerabilities more coherently”.
Reporting and workflow efficiency are key to driving collaborations
The reporting function is vital for Erich and his team, as it enables them to quickly draw conclusions from the data and take the right actions in a guided approach. The report groups critical vulnerabilities by OS, server or port so they can quickly identify what needs to be fixed and where their biggest risks are. NZZ understands that keeping on top of every vulnerability is not possible, so Erich relies on Outpost24’s advanced reporting data to make smarter and faster decisions on remediation priorities to optimize resources and deliver a return on investment.
“Outpost24 helps the P&V Group to define what areas the IT Security teams need to focus on, and we have a better idea of the severity of these issues to prioritize. We monitor CVE’s and the reporting makes it easier for us to group these and grasp the highest risks. We find the reports are very user friendly and the Managed Services team are great to deal with and very supportive of our changing business needs.”
Carlo Werbrouck, Chief Information Security Officer
Looking ahead to 2021 and beyond
Maintaining company-wide security awareness is one of Carlo’s main goals in the New Year. Security awareness within the organization, from top to bottom, is essential for them to achieve the highest level of security maturity. Carlo comments, "Security used to be left behind and now we make it more interesting for people to understand and buy into. The Outpost24 Managed Services team have helped us immensely in providing the insights and tools to manage our risks more effectively which has had a positive effect throughout the P&V Group by making security a top priority”.
Carlo recommends a managed vulnerability management solution to outsource continuous monitoring of internet facing network and application vulnerabilities for companies looking to improve their security resilience. Through hard work and collaboration with Outpost24 they’ve reached a good level of security maturity, which is key to supporting the growth targets set by the board by 2022 - the positive impact has been shared amongst business leaders and helped secure their future security investment.