Qualys Helps Financial Institutions Comply with Reserve Bank of India (RBI) Cyber Security Guidelines

MUMBAI, India, April 26, 2017 /PRNewswire/ — Qualys Security Conference —  Qualys, Inc. (NASDAQ: QLYS), a pioneer and leading provider of cloud-based security and compliance solutions, today announced it now supports the Reserve Bank of India (RBI) Cyber Security Guidelines to help financial institutions in India address and report on a range of technical and procedural requirements using a unified security and compliance solution. Qualys will demonstrate these capabilities for automating RBI Compliance today at its user conference in Mumbai.

Exposure to cyber attacks and data breaches have increased significantly against India’s banks as they rapidly evolve and digitally transform. The RBI Cyber Security Guidelines assist financial institutions in achieving a new-era preventative security baseline. Using the Qualys security and compliance platform, these financial institutions can easily address both the technical and procedural requirements for compliance and reporting without adding the cost or complexity of point solutions. The Qualys platform can be delivered to customers worldwide either from Qualys’ public cloud infrastructure, including from within India, or via a Qualys Private Cloud Platform (PCP).

“Significant automation capability with the right security tools is very important to gain a continuous view of banks’ compliance with RBI Cyber Security framework,” said Ashutosh Jain, chief information security officer at Axis Bank. This automation will not just minimize human error, but will also allow security teams in the banking, financial services and insurance industry to balance and better manage future changes to the framework with ease.”

“Today’s digital way of life puts immense pressure on financial institutions to provide both business flexibility and an unprecedented level of security for their customers’ financial information,” said Philippe Courtot, chairman and CEO, Qualys, Inc. “The new guidelines require banks across India to put in place a robust cyber security and resilience program to help them assess their security posture on a continuous basis, which Qualys delivers uniquely through its highly scalable security and compliance platform that can be delivered on premise or via the cloud.”

Qualys RBI Compliance Solution
Qualys enables banking organizations to more easily meet existing and new regulations such as RBI guidelines without the hassle of deploying, managing and integrating point security products from multiple vendors. The Qualys Cloud Platform incorporates more than 10 applications, all of which are delivered via the cloud, on top of Qualys’ infrastructure and core services. It features several unified turnkey solutions in one platform that allows customers to efficiently comply with the RBI Cyber Security Guidelines:

  • Two-Second Visibility and Prioritization: Qualys AssetView (AV), Vulnerability Management (VM) and ThreatPROTECT (TP) work together to provide complete visibility of a customer’s assets, vulnerabilities, and related risk as required by the RBI Cyber Security Guidelines. Since the RBI Guidelines require continuous surveillance and baselining of risks in an organization, these modules can be supplemented with Qualys Continuous Monitoring (CM), which enables customers to immediately identify and proactively address potential problems.
  • Compliance: Customers can use Qualys Policy Compliance (PC) to automate security configuration assessments and quickly determine compliance with RBI technical security requirements, as it provides out-of-the-box reports that customers can run in minutes to document their preparedness against RBI Guidelines. Qualys Security Assessment Questionnaire (SAQ) allows customers with out-of-the-box campaign templates to derive the posture of procedural RBI guideline elements such as vendor risk management or user awareness, and verify that these procedural controls are enforced internally and by third-party vendors and partners.
  • Web Application Security: Banks can use Qualys Web Application Scanning (WAS) to implement the RBI guidelines for vulnerability assessment, penetration testing and red team exercises, application security life cycle, patch/vulnerability and change management. In addition, Qualys Web Application Firewall (WAF) can be an integral part of their multi-layered security infrastructure and help banks implement the RBI guidelines of web application security lifecycle.

Qualys Cloud Platform in India
Qualys set up its first Secure Operations Center (SOC) in Pune this year to provide enterprises access to cost-effective, localized cloud-based security and compliance solutions that support data sovereignty requirements of Indian organizations. Financial institutions have a critical need to comply with regulations, and this recently added SOC provides them with localized access to asset discovery, network security, threat protection, compliance monitoring and web application security.

Qualys Private Cloud Platform
Organizations can also deploy Qualys via the Qualys Private Cloud Platform, also available as a 1U appliance, which offers the same robust private cloud security and compliance services while keeping all sensitive security and compliance data generated by Qualys locally in the customer’s datacenter.

For all deployment models, Qualys offers open APIs, which allow organizations to seamlessly integrate into Cyber Security Operation Centers that are mandated by RBI. There is no new software to deploy or infrastructure to maintain.

Additional Resources: