For more than 60 years, JG Summit Holdings, Inc. has played a key role in serving its domestic markets across the Philippines. Originally founded as an agribusiness, the organization has grown to become a highly diversified conglomerate, with verticals covering everything from real estate and hotels to banking and energy.
Operating in a wide range of B2C sectors, JG Summit sees digital transformation as a key strategic goal. By embracing data-driven internal processes and client-facing systems, the group aims to shape high-quality customer experiences that nurture loyalty and facilitate business growth.
Gonz Gonzales, Chief Information Security Officer at JG Summit Holdings, Inc., takes up the story: “At the same time as we embarked on our digital transformation, we also decided to shape a new information security strategy. This included the formation of a central security operations center [SOC], which is responsible for setting out best practices for companies across the group.”
When the COVID-19 pandemic struck, Gonzales and his team realized that JG Summit’s digital channels would be more important than ever to maintain efficient operations and continue to engage with customers.
“The pandemic led us to dramatically accelerate our transformation, as stay-at-home orders required us to enable new capabilities such as digital collaboration tools for employees and self-service portals for customers,” Gonzales continues. “While embracing online tools helped smooth the transition to remote working, it also created new challenges—particularly around cybersecurity.”
In the past, JG Summit relied on vulnerability management tools designed for a traditional corporate IT network. However, with employees and applications increasingly operating outside of the perimeter, the group targeted a new approach to protect all its endpoints.
Gonzales adds: “The COVID-19 crisis triggered a significant uptick in cyber incidents around the world, as attackers attempted to exploit the situation to gain access to corporate systems. To protect our businesses and customers, we looked for a way to secure our applications, transactions, and data beyond the corporate firewall.”
Why they chose Qualys VMDR:
To realize its security goals, JG Summit selected Qualys VMDR® with integrated apps for asset identification and management, vulnerability management, threat detection, prioritization and response. Delivered via the cloud, Qualys solutions enable the company to rapidly detect and remediate vulnerabilities across its more than 2,500 mission-critical endpoints.
“We were looking for a provider with an excellent track record for vulnerability management success, a robust product roadmap, and responsive customer support—and Qualys ticked all those boxes," recalls Gonzales. “During the vendor evaluation process, we consulted with industry analysts, and it quickly became clear that Qualys was the market-leading provider.”
JG Summit configured Qualys VMDR to scan its most critical server assets, 75 percent of which are hosted by a managed service provider, while the remainder are deployed on-premises at JG Summit corporate offices in the Philippines.
“With Qualys VMDR, we gain full visibility of our critical assets and an instant understanding of their exposure to external threats,” continues Gonzales. “We now automatically scan our servers with additional follow-up scans as required to verify that remediation work has been carried out successfully by the system owner or managed service provider.”
By generating accurate, fine-grained reports in VMDR and universal dashboards, JG Summit’s SOC can rapidly gather and disseminate security insights to management and senior leadership teams across the group—helping to ensure timely action on vital remediation work.
“Because we operate in highly regulated sectors such as finance and aviation, governance and compliance are always top of mind,” explains Gonzales. “Leveraging the same data we’ve collected for VMDR, we can monitor the status of each of our assets and show the owners exactly what they need to do to stay in compliance.”
By deploying Qualys VMDR, JG Summit has gained deeper and more accurate insights into vulnerabilities across its critical systems—empowering the SOC to better protect JG Summit employees and customers using its digital services.
“Without a doubt, Qualys VMDR is the backbone of our vulnerability management program,” says Gonzales. “Whenever there’s a question about whether an asset is at risk, we trust Qualys dashboards to give us the answer instantly. Over the last eight months, we’ve seen an unprecedented number of zero-day exploits, but Qualys solutions give us peace of mind that our mission-critical systems are protected. Equally importantly, the rich data we’re now gathering is contributing to faster and better-informed decisions on our defensive posture across the organization.”
VMDR is now supporting companies across the JG Summit group, including the company’s financial services arm: Robinsons Bank.
“With so many customers in lockdown because of the pandemic, Robinsons Bank aimed to enhance its high quality of service by boosting the number of products and services available online,” explains Gonzales. “Previously, testing and releasing a web app into production was a time-consuming process that could take up to two weeks of work. Thanks to Qualys, we extended VMDR to test apps in as little as 24 hours, and launch them with full confidence that they are secure. Helping Robinsons Bank to react with agility to the new demands of the pandemic.”
While JG Summit’s journey with VMDR is just beginning, the company is already measuring the positive impact of Qualys solutions on its security posture. The SOC has driven down resolution times for vulnerabilities significantly, and the group is now investigating the possibility of using Qualys CyberSecurity Asset Management (CSAM) to secure its estate of employee notebook and desktop devices, totaling more than 25,000 endpoints.
“Maintaining positive control over our IT environment is a cornerstone of our information security strategy that starts with having a full view of all the hardware, software, and data in the group,” comments Gonzales. “We are extremely interested in CSAM, as it will enable us to see beyond our internal network and get a complete picture of all the assets to detect any security gaps like unauthorized or end-of-life software and respond with appropriate actions to mitigate the risk.”
“Qualys offers us a team that’s extremely easy to work with and a solution that’s top notch—helping us to stay ahead of cyber threats and protect the entire group”
Chief Information Security Officer, JG Summit Holdings, Inc.
JG Summit’s relationship with Qualys continues to deepen. Gonzales concludes: “Over the years we have worked with Qualys, they’ve become a true partner to JG Summit. Qualys is genuinely interested in our long-term plans, and always takes the time to explore how they can help us realize our goals. Qualys offers us a team that’s extremely easy to work with and a solution that’s top notch—helping us to stay ahead of cyber threats and protect the entire group.”