RSA – Italian branch of RSA Group

RSA uses an intelligent and adaptive security intrusion prevention solution to decrease attacks by 40 percent and stop internal and external data theft

Published on 09-Dec-2011

Validated on 04 Jun 2013

"Thanks to the proactive nature of our new IBM Intrusion Prevention system, we’re automatically protected from known and unknown security threats, reducing the TCO and supporting regulatory requirements." - Riccardo Roncon, Security Manager, RSA - Italian branch of RSA Group

Customer:
RSA – Italian branch of RSA Group

Industry:
Insurance

Deployment country:
Italy

Solution:
Smarter Planet, Systems & Network Management

Smarter Planet:
Smarter Insurance

IBM Business Partner:
HT S.R.L. Hacking Team

Overview

RSA is part of the RSA Group, which sells insurance in more than 130 countries. With headquarters in Genoa, Italy, the company has branch offices in Milan, Rome, Padua and Turin. It employs more than 350 people and supports a portfolio of more than 500,000 policies. The company sells personal and commercial insurance products including vehicle, household, travel and life insurance to corporate, liability, property and professional financial insurance.

Business need:
Cyber threats are growing exponentially. These threats are nearing statistical certainty no matter the type of business or size. For RSA, a possibility of a security breach was not an option as it handles a vast array of customers’ personally identifiable information (PII) such as ID security numbers, phone numbers, email addresses, birth dates, bank accounts and physical addresses. Data theft can lead to complete identity theft for thousands of its customers. With much of its business conducted online, the company faced increasing frequency of cyber attacks that were difficult to detect.

Solution:
RSA implemented a new enterprise-wide security architecture that protects its network and critical systems with preventive security content, improved data security, web application protection and network policy enforcement. With the new solution, the company was able to go beyond privacy regulations as it monitored all PII belonging to its customers across its systems and prevented attackers and malicious software from accessing. Based on the solution’s intelligence to recognize malicious software by its behavior, RSA prevented intrusions from all of a threat’s variants.

Benefits:
· Decreased attacks by 40 percent through early detection and blocking of classes of threats and all possible variants · Achieved 100 percent compliance with privacy law · Improved patching process by eliminating patchwork fire drills and gaining approximately five days within a month to create upgrade plans · Reduced false-positives and security alarms through precise identification of types and frequency of attacks and control of policy modifications

Case Study

RSA is part of the RSA Group, which sells insurance in more than 130 countries. With headquarters in Genoa, Italy, the company has branch offices in Milan, Rome, Padua and Turin. It employs more than 350 people and supports a portfolio of more than 500,000 policies. The company sells personal and commercial insurance products including vehicle, household, travel and life insurance to corporate, liability, property and professional financial insurance.

The Opportunity
Businesses face huge liabilities and tremendous costs in the event of a security breach. Cyber threats such as viruses, worms, bots, intrusion attempts and phishing scams are growing exponentially. These threats are nearing statistical certainty no matter the type of business or size. For RSA, a possibility of a security breach was not an option as it handles a vast array of customers’ personally identifiable information (PII) such as ID security numbers, phone numbers, email addresses, birth dates, bank accounts and physical addresses. Data theft can lead to complete identity theft for thousands of its customers. With much of its business conducted online, the company faced increasing frequency of cyber attacks that were more severe and difficult to detect. The company had point-based measures in place to protect confidential data but wanted a solution that would address prevention, detection and compliance in an integrated and proactive, rather than reactive, way.

What Makes it Smarter
In the business of selling protection from risks, the foundation of an insurance company’s relationship with its customers is trust. For RSA, gaining trust entailed exceeding security standards to protect customers’ PII from cyber theft. It implemented a new enterprise-wide security architecture that protects its network and critical systems with preventive security content, improved data security, web application protection and network policy enforcement. With the new solution, the company was able to go beyond privacy regulations as it monitored all PII belonging to its customers across its systems and prevented attackers and malicious software from accessing. Based on the solution’s intelligence to recognize malicious software by its behavior, RSA prevented intrusions not only from a specific threat but from all of a threat’s variants, broadening the spectrum of its security coverage. More importantly the solution learns and adapts daily from the latest analysis of intrusion attempts. As a result, it prepares for and detects new threats and prevents these attacks from reaching the targeted system, application or networks. For the first time, RSA is able to stay ahead of known and unknown threats.

Real Business Results
· Decreased attacks by 40 percent through early detection and blocking of classes of threats and all possible variants
· Achieved 100 percent compliance with privacy law
· Improved patching process by eliminating patchwork fire drills and gaining approximately five days within a month to create upgrade plans
· Reduced false-positives and security alarms through precise identification of types and frequency of attacks and control of policy modifications

For more information
Please contact your IBM sales representative or IBM Business Partner. Visit us at: ibm.com/financialmarkets

To learn more about RSA - Italian branch of RSA Group visit: www.rsagroup.it

Products and services used

IBM products and services that were used in this case study.

Hardware:
System x: System x running Windows, System x: System x3755 M3

Software:
Proventia Network Intrusion Detection System

Legal Information

© Copyright IBM Corporation 2011 IBM Corporation 1 New Orchard Road Armonk, NY 10504 U.S.A. Produced in the United States December 2011 All Rights Reserved IBM, the IBM logo, ibm.com, Virtual Patch and X-FORCE are trademarks of International Business Machines Corporation, registered in many jurisdictions worldwide. A current list of IBM trademarks is available on the Web at “Copyright and trademark information” at ibm.com/legal/copytrade.shtml Other company, product or service names may be trademarks or service marks of others. The information contained in this documentation is provided for informational purposes only. While efforts were made to verify the completeness and accuracy of the information contained in this documentation, it is provided “as is” without warranty of any kind, express or implied. In addition, this information is based on IBM’s current product plans and strategy, which are subject to change by IBM without notice. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, this documentation or any other documentation. Nothing contained in this documentation is intended to, nor shall have the effect of, creating any warranties or representations from IBM (or its suppliers or licensors), or altering the terms and conditions of the applicable license agreement governing the use of IBM software.