Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

OÖ.LKUF Austria

From fast, but weekly reporting scanners to an automated, cost-saving enterprise solution: The Ober-Österreichische. Lehrer-Kranken- und Unfallfürsorge (OÖ.LKUF) institution has deployed a concept for fewer vulnerabilities and better information security using the new vulnerability management platform “SecurityCenter”.

The OÖ. LKUF healthcare institution is the second largest in Austria and cares for approximately 33,000 participants. Founded 90 years ago, OÖ. LKUF covers the needs of the public school teachers in Upper Austria and is a leading healthcare institution, especially in the area of funding services. Today, OÖ.LKUF is one of the most popular health care providers in Austria.

As a statutory corporation, OÖ.LKUF is required to fulfill all duties of its board of directors, board of administration and management committee as governed by applicable laws. The organization is certified to international standards (ISO 9001:2008, NPO Label for Management Excellence) and has established stringent policies to safeguard sensitive personal data and information assets (see inset on page 2: “Privacy Policies at OÖ.LKUF”) of its clients.

“IT is our backbone.”

OÖ.LKUF has a security program that ensures compliance by implementing certain security measures and maintaining a security awareness program for its employees. One crucial factor of the security program is a comprehensive, reliable, and always current analysis of vulnerabilities.

“SecurityCenter is a good product that met my requirements exactly. The excellent support and technical guidance provided by Tenable really convinced me. The collaboration with DigitalDefense greatly facilitated design and integration.”

“As for all modern enterprises, for us, too, IT is our backbone, which influences our business prosperity”, says Dominique Höglinger, Team Leader Information Technology and CISO at OÖ.LKUF, “The fact that we have the legitimate mandate to insure teachers and that we operate with their personal health data bears additional challenges in respect to data storage and protection.”

“SecurityCenter provides outstanding workflow management combined with the quality of the Nessus scanner, making the purchasing decision an easy one.”

Tenable’s Nessus vulnerability scanner, implemented some years ago, could no longer satisfactorily cope with these challenges as the IT environment became more and more complex. Nessus is still unparalleled in its detection speed and reliability, a fact that is regularly confirmed by comparisons with competing products, as used by OÖ.LKUF for two years for additional, external security checks. However, the challenge to centrally analyze weaknesses with integrated reporting on a daily basis could not be accomplished by the product. “The reporting,” Höglinger recalls, “was performed by hand on my desk, with a lot of effort, neither comprehensive nor regularly – not what we think our security posture should be.” In particular, compiling executive reports from the data was difficult, Höglinger notes. To be able to present a comprehensible report to the executive board, he had to invest hours of work copying, printing and rearranging screen shots and performing a statistical rework. All steps to create a report that was presentable to management had to be done manually.

“Once complicated, now quick and easy.”

When Tenable contacted OÖ.LKUF last year and demonstrated its SecurityCenter solution on premises, Höglinger was quickly convinced of the benefits it would bring to their program. “Decisive factor for our decision was the ongoing excellent scanning results of Nessus,” says Höglinger. “The scan is extremely fast, covers all vulnerabilities, even the newest, and shows appropriate mitigation options. During external tests, we experienced highly critical cases, which were, although very seldom at our organization, always detected by Nessus, but not by competing solutions.”

“It is important to me that scans complete quickly and with a high detection rate. It is also important that the results clearly describe what the vulnerability is, how it can be exploited and the remediation steps. SecurityCenter provides this on an on-going basis through a single comprehensive interface.” Mr. Höglinger

SecurityCenter combines the functionality of Nessus scanning with an enterprise-class vulnerability management platform. A great advantage of the comprehensive solution is the electronic work flow, says Höglinger. “In the case, [where] a vulnerability is detected, this allows the automatic opening of tickets and their distribution to the operative IT department. Each step can be replicated and is transparent, and most notably, the vulnerability analysis is no longer dependent on a single computer, but runs without interruption on a dedicated server.”

The permanent operation of SecurityCenter on a VMware vSphere server not only streamlines the actuality and reliability of the vulnerability analysis but also allows timed running of scans without the need of manual interference. “What was complicated and unsatisfactory in the past runs quickly and easily today”, Höglinger summarizes. “This is the reason why in the past reports were distributed irregularly, but now are on a monthly basis, without interrupting daily operations. And if management requires a report, I can select the components that make it comprehensible and meaningful, with only a few clicks.”

Scalable Future-Proof Cost Cutting Solution

Another key benefit for OÖ.LKUF is the solution’s scalability. The company currently maintains approximately 100 workstations, mostly Windows 7 clients accompanied by some Macs. SecurityCenter is able to support much bigger infrastructures and will therefore scale with the company’s growth. This ability is enabled by the “Log Correlation Engine”, an add-on for central log analysis and event monitoring. Höglinger says: “We definitely want to incorporate this solution in the future to be able to easily view and manage error logs from different remote servers centrally.”

OÖ.LKUF expects this new approach to save even more time and money, compared to the current environment which already allows many processes to be automated. The initial investment was pretty high compared to former solutions, states Höglinger, but the license validity and automated reporting, operation, and updating will result in significant resource savings.

“The solution really pays off,” Höglinger says, content with his decision. “It virtually runs on its own and is extremely reliable. Personnel expenditures have decreased and quality has improved significantly. The product has my highest recommendation.”

Privacy Policies at OÖ.LKUF

  • OÖ.LKUF uses Personally Identifiable Information (PII) only to perform its duties.
  • OÖ.LKUF ensures compliance with the rights and obligations of the privacy act (Datenschutzgesetz, DSG).
  • OÖ.LKUF’s employees are regularly trained in privacy and information security.
  • OÖ.LKUF’s technical systems and information security measures are designed to ensure the privacy, availability and integrity of information to the extent of a reasonable economical effort.
  • The effectiveness of the measures taken by OÖ.LKUF in respect to privacy and information security are continuously monitored and, if required, amended.

Download Case Study

Try for Free Buy Now
Tenable.io FREE FOR 30 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now.

Tenable.io BUY

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

Choose Your Subscription Option:

Buy Now
Try for Free Buy Now

Try Nessus Professional Free


Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year. Full details here.

Try for Free Buy Now

Try Tenable.io Web Application Scanning


Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.



Buy Now

Try for Free Contact Sales

Try Tenable.io Container Security


Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Try for Free Contact Sales

Try Tenable Lumin


Visualize and explore your Cyber Exposure, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Buy Tenable Lumin

Contact a Sales Representative to see how Lumin can help you gain insight across your entire organization and manage cyber risk.