Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

OÖ.LKUF Austria

From fast, but weekly reporting scanners to an automated, cost-saving enterprise solution: The Ober-Österreichische. Lehrer-Kranken- und Unfallfürsorge (OÖ.LKUF) institution has deployed a concept for fewer vulnerabilities and better information security using the new vulnerability management platform “SecurityCenter”.

The OÖ. LKUF healthcare institution is the second largest in Austria and cares for approximately 33,000 participants. Founded 90 years ago, OÖ. LKUF covers the needs of the public school teachers in Upper Austria and is a leading healthcare institution, especially in the area of funding services. Today, OÖ.LKUF is one of the most popular health care providers in Austria.

As a statutory corporation, OÖ.LKUF is required to fulfill all duties of its board of directors, board of administration and management committee as governed by applicable laws. The organization is certified to international standards (ISO 9001:2008, NPO Label for Management Excellence) and has established stringent policies to safeguard sensitive personal data and information assets (see inset on page 2: “Privacy Policies at OÖ.LKUF”) of its clients.

“IT is our backbone.”

OÖ.LKUF has a security program that ensures compliance by implementing certain security measures and maintaining a security awareness program for its employees. One crucial factor of the security program is a comprehensive, reliable, and always current analysis of vulnerabilities.

“SecurityCenter is a good product that met my requirements exactly. The excellent support and technical guidance provided by Tenable really convinced me. The collaboration with DigitalDefense greatly facilitated design and integration.”

“As for all modern enterprises, for us, too, IT is our backbone, which influences our business prosperity”, says Dominique Höglinger, Team Leader Information Technology and CISO at OÖ.LKUF, “The fact that we have the legitimate mandate to insure teachers and that we operate with their personal health data bears additional challenges in respect to data storage and protection.”

“SecurityCenter provides outstanding workflow management combined with the quality of the Nessus scanner, making the purchasing decision an easy one.”

Tenable’s Nessus vulnerability scanner, implemented some years ago, could no longer satisfactorily cope with these challenges as the IT environment became more and more complex. Nessus is still unparalleled in its detection speed and reliability, a fact that is regularly confirmed by comparisons with competing products, as used by OÖ.LKUF for two years for additional, external security checks. However, the challenge to centrally analyze weaknesses with integrated reporting on a daily basis could not be accomplished by the product. “The reporting,” Höglinger recalls, “was performed by hand on my desk, with a lot of effort, neither comprehensive nor regularly – not what we think our security posture should be.” In particular, compiling executive reports from the data was difficult, Höglinger notes. To be able to present a comprehensible report to the executive board, he had to invest hours of work copying, printing and rearranging screen shots and performing a statistical rework. All steps to create a report that was presentable to management had to be done manually.

“Once complicated, now quick and easy.”

When Tenable contacted OÖ.LKUF last year and demonstrated its SecurityCenter solution on premises, Höglinger was quickly convinced of the benefits it would bring to their program. “Decisive factor for our decision was the ongoing excellent scanning results of Nessus,” says Höglinger. “The scan is extremely fast, covers all vulnerabilities, even the newest, and shows appropriate mitigation options. During external tests, we experienced highly critical cases, which were, although very seldom at our organization, always detected by Nessus, but not by competing solutions.”

“It is important to me that scans complete quickly and with a high detection rate. It is also important that the results clearly describe what the vulnerability is, how it can be exploited and the remediation steps. SecurityCenter provides this on an on-going basis through a single comprehensive interface.” Mr. Höglinger

SecurityCenter combines the functionality of Nessus scanning with an enterprise-class vulnerability management platform. A great advantage of the comprehensive solution is the electronic work flow, says Höglinger. “In the case, [where] a vulnerability is detected, this allows the automatic opening of tickets and their distribution to the operative IT department. Each step can be replicated and is transparent, and most notably, the vulnerability analysis is no longer dependent on a single computer, but runs without interruption on a dedicated server.”

The permanent operation of SecurityCenter on a VMware vSphere server not only streamlines the actuality and reliability of the vulnerability analysis but also allows timed running of scans without the need of manual interference. “What was complicated and unsatisfactory in the past runs quickly and easily today”, Höglinger summarizes. “This is the reason why in the past reports were distributed irregularly, but now are on a monthly basis, without interrupting daily operations. And if management requires a report, I can select the components that make it comprehensible and meaningful, with only a few clicks.”

Scalable Future-Proof Cost Cutting Solution

Another key benefit for OÖ.LKUF is the solution’s scalability. The company currently maintains approximately 100 workstations, mostly Windows 7 clients accompanied by some Macs. SecurityCenter is able to support much bigger infrastructures and will therefore scale with the company’s growth. This ability is enabled by the “Log Correlation Engine”, an add-on for central log analysis and event monitoring. Höglinger says: “We definitely want to incorporate this solution in the future to be able to easily view and manage error logs from different remote servers centrally.”

OÖ.LKUF expects this new approach to save even more time and money, compared to the current environment which already allows many processes to be automated. The initial investment was pretty high compared to former solutions, states Höglinger, but the license validity and automated reporting, operation, and updating will result in significant resource savings.

“The solution really pays off,” Höglinger says, content with his decision. “It virtually runs on its own and is extremely reliable. Personnel expenditures have decreased and quality has improved significantly. The product has my highest recommendation.”

Privacy Policies at OÖ.LKUF

  • OÖ.LKUF uses Personally Identifiable Information (PII) only to perform its duties.
  • OÖ.LKUF ensures compliance with the rights and obligations of the privacy act (Datenschutzgesetz, DSG).
  • OÖ.LKUF’s employees are regularly trained in privacy and information security.
  • OÖ.LKUF’s technical systems and information security measures are designed to ensure the privacy, availability and integrity of information to the extent of a reasonable economical effort.
  • The effectiveness of the measures taken by OÖ.LKUF in respect to privacy and information security are continuously monitored and, if required, amended.

Download Case Study

Download

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Try Tenable Web App Scanning

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management and Tenable Lumin.

Buy Tenable Web App Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try Tenable Lumin

Visualize and explore your exposure management, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Your Tenable Lumin trial also includes Tenable Vulnerability Management and Tenable Web App Scanning.

Buy Tenable Lumin

Contact a Sales Representative to see how Tenable Lumin can help you gain insight across your entire organization and manage cyber risk.

Try Tenable Nessus Professional Free

FREE FOR 7 DAYS

Tenable Nessus is the most comprehensive vulnerability scanner on the market today.

NEW - Tenable Nessus Expert
Now Available

Nessus Expert adds even more features, including external attack surface scanning, and the ability to add domains and scan cloud infrastructure. Click here to Try Nessus Expert.

Fill out the form below to continue with a Nessus Pro Trial.

Buy Tenable Nessus Professional

Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Tenable Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Select Your License

Buy a multi-year license and save.

Add Support and Training

Try Tenable Nessus Expert Free

FREE FOR 7 DAYS

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Already have Tenable Nessus Professional?
Upgrade to Nessus Expert free for 7 days.

Buy Tenable Nessus Expert

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Select Your License

Buy a multi-year license and save more.

Add Support and Training