BAC Credomatic Meets Compliance Standards, Safeguards Against Ransomware with ExtraHop
Holistic visibility provided one comprehensive view of security landscape
Optimized resources saved time and money
Integration amplified impact and bolstered security posture
The ExtraHop dashboard demonstrates that over the past five months we've had no breaches, which creates a high degree of trust. This is even more important than detecting vulnerabilities. It sends a message to the entire organization: we have a healthy environment, we are committed to a strong cybersecurity posture, and we and our clients can sleep well.
Vinicio Chaves Alvarado
Cybersecurity Manager, BAC Credomatic
PCI DSS requirements and swell of ransomware attacks demand new approach
As the leading provider of consumer financial services in Central America, BAC needed to comply with PCI DSS (Payment Card Industry Data Security Standard) to secure credit and debit card transactions against data theft and fraud. This required a shift from allowing each country to individually establish security practices, to forming a standardized cybersecurity strategy around ExtraHop network detection and response (NDR).
Central America experienced a surge in ransomware attacks in 2022 attributed to Conti and Hive. These attacks further highlighted the need for a strong security posture as more people realized any organization could be a target.
Inclusive visibility delivers single-pane view of cybersecurity and fosters trust
Cybersecurity manager Vinicio Chaves's team focused on building a cybersecurity governance framework. He shares, "We recognized that we had a visibility challenge. A single unharmonized server, one application or a solitary user could create a vulnerability." BAC needed a solution that utilized artificial intelligence and machine learning capabilities to protect the organization against increasingly destructive threats.
"We chose ExtraHop Reveal(x) because it efficiently accelerates the detection of threats with superior visibility across our entire ecosystem," Chaves explains. "ExtraHop allows us to see which servers may be compromised by cryptomining, something that we were unable to do before."
Additionally, the Conti and Hive ransomware attacks in Costa Rica amplified concern among company executives about the potential for a similar event at BAC. ExtraHop enabled Chaves to create a dashboard to show all IOC (indicator of compromise) data for each country, for near real-time threat identification across the company.
Chaves says, "The ExtraHop dashboard demonstrates that over the past five months, we've had no breaches, which creates a high degree of trust. This is even more important than detecting vulnerabilities. It sends a message to the entire organization: we have a healthy environment, we are committed to a strong cybersecurity posture, and we and our clients can sleep well."