Challenge: Increasing Regulatory Demands & Privilege- Related Threats
Located in São Paulo, Brazil, CABESP was established in 1968 with the mission to provide a full-range of healthcare services to Banespa’s employees and their family members. Today, CABESP’s 300 employees help support roughly 91,000 customers, through a broad network of 15,000+ providers, including healthcare professionals, hospitals, practices, and labs.
CHANGING LANDSCAPE BRINGS NEW CHALLENGES
According to Anderson Elias Mendes, CISO at CABESP, as larger companies have improved their security posture, hackers are setting their sights on smaller companies. In his 13 years in IT security, Mendes has noticed a shift from the reactive security investments that often followed a breach-type event, to the more proactive approach that is now underway at CABESP. “Today, organizations in Brazil increasingly focus on a more holistic risk management approach that spans from information security awareness and training programs, to better classification of data, risk assessments, developing security controls, and operationalizing incident response planning,” asserts Mendes.
Facing increased regulatory demands, combined with the need to minimize potential internal privilege misuse and prevent external attacks from leveraging privileged credentials, CABESP sought to take control of privileged accounts across their high-value IT assets.
With no privilege access management (PAM) solution in place, and the scope for privileged attacks continuing to expand, Mendes’ team meticulously vetted PAM vendors, conscious of finding a long-term fit that could grow with their environment and evolving needs.
“From the outset, we sought a single privilege management solution that could trace privileged credentials and provide clear insight into how the account was used”, explains Mendes. “We wanted to be able to store, rotate, and enforce check-in and check-out of all privileged passwords – namely for operating systems, databases, applications, and network assets,” continues Mendes. “Another important consideration for us was the user-friendliness of a solution across implementation, maintenance, and day-to-day to management. The solution also had to deliver a good cost/benefit ratio that we could easily validate.”
Once BeyondTrust’s PowerBroker Privileged Access Management platform entered the picture, it quickly emerged as the leading solution. The PowerBroker PAM platform consists of powerful, integrated solutions for enterprise password management, server privilege management, and endpoint least privilege. Organizations can start with one PowerBroker solution, and easily activate others as their needs evolve.
Ultimately, for CABESP, BeyondTrust PowerBroker was differentiated from the competi-tors across several key areas, including:
1. Providing a complete, all-in-one PAM solution (privilege management, session manage-ment, password safe, approval workflow, auditing, reporting, and more). “No other vendor could deliver such an integrated solution,” says Mendes.
2. Easy to implement and manage – and with a strong anticipated return on investment (ROI).
3. Minimal upfront investment in infrastructure: BeyondTrust PowerBroker simply fit within CABESP’s existing infrastructure. Unlike other PAM solutions, complex re-architecting of their environment, and the associated costs, was not required for CABESP to benefit from the full functionality of PowerBroker.
4. Tight integration with other solutions, such as patch management and BeyondTrust’s Retina CS Enterprise Vulnerability Management solution, which along with PowerBroker, can be managed through a single, unified IT risk management platform.
Read the full case study by downloading the PDF. Also available in Portuguese.