Banco Davivienda has been at the service of Colombians since 1972, meeting the needs of individuals and businesses in the rural, mining, and energy sectors through a comprehensive portfolio of innovative products and services. It is part of the Bolívar Group, a financial institution with over 80 years of history in Colombia. Today, Banco Davivienda has more than 670 branches and nearly 3,000 ATMs, making it the third-largest financial institution in the country. It continues to expand and thrive across Central America.
New challenges, new cybersecurity solutions
COVID-19 caused many organizations to accelerate their digital transformation processes. And while much progress has been made since then, a plethora of new cybersecurity challenges have also emerged.
“The pandemic showed us that criminals can change course very quickly. They developed new attack vectors much more quickly than we could adapt our defenses,” says Fabian Zambrano, Director of Cybersecurity at Banco Davivienda, adding that the challenge became even more pressing when employees started working remotely and presented wider targets.
Banco Davivienda’s cyber defense strategy was based on a centralized Security Operations Center (SOC), which responded to known cyberattacks and threats by bringing together a team of experts. However, this approach was not sufficient to meet the new demands on digital security.
It took the team an average of 27 hours to resolve each incident and the system was unprepared for the identification and detection of new threats—especially those that used techniques not previously encountered.
IRIS: The cornerstone of a new cybersecurity model
In a digital world where both expectations and threats are evolving quickly, Banco Davivienda saw it was time for a new strategy. It needed to develop an ability to anticipate and manage threats that matched its wider commitment to digital technology and service.
Having previously deployed other ServiceNow applications, Banco Davivienda understood its potential to be an ideal partner to help implement and improve its processes. It had a clear goal: to strengthen its cybersecurity posture focusing on key aspects, such as preventing attacks, quickly identifying threats, understanding how cybercriminals operate, and proactively assessing its defenses.
Banco Davivienda worked with ServiceNow on IRIS—a project that marked a significant shift to a more agile and adaptive cybersecurity model in which change is an ongoing process, not an endpoint. The goal was to develop a proactive system to deal with known threats, anticipate and adapt to new vulnerabilities, and protect the bank and its customers.
“In our ever-evolving digital world, the dynamic between cyber defense and attack is like a game of ‘prey and hunter’,” says Fabian. “You have to run faster just to stay in the same place, and traditional cybersecurity models simply aren’t enough.”
IRIS represents a significant move towards a cybersecurity model that adapts and evolves continuously, using artificial intelligence to adjust its defenses in real time. With this approach, Banco Davivienda can now anticipate and respond to emerging threats more effectively, ensuring advanced protection for the financial and personal information of both its customers and employees.
Now a key part of Banco Davivienda’s strategy to stay ahead of the curve, IRIS ensures security in a constantly changing digital ecosystem and a never-ending race against cybercriminals.
The platform that provides peace of mind
The IRIS project was launched thanks to ServiceNow IT Service Management (ITSM) and ServiceNow IT Operation Management (ITOM). Both gave Banco Davivienda the ability to automate processes and better visualize its workflows, while the availability of multiple solutions within a unified operating platform provided further capabilities to its team.
Banco Davivienda now has a transformed cybersecurity platform delivered by an advanced system that operates automatically and independently. It is a significant leap forward in how the bank monitors and protects its network against cyberthreats. Real-time responses to any signs of danger are enabled by the automation, collection, and analysis of security data from multiple sources—from social networks to mobile devices and external applications.
“This revolutionary approach improves our ability to identify both known and potential emerging threats,” says Fabian. “It also allows us to take immediate action to minimize potential damage and better protect customers’ valuable information.”
By adopting this autonomous operation model, Banco Davivienda ensures a more robust and dynamic cybersecurity defense, keeping its infrastructure and data secure in the face of any challenge.
In its evolution towards more advanced cybersecurity practices, Banco Davivienda also discovered options that allowed it to move beyond the conventional Security Operations Center (SOC) model. Its new ‘SOCless’ approach is a more agile, automated, and—most significantly—decentralized security environment.
The system is supported by threat detection and response (TDR) technology that runs in real time in combination with a new Cybersecurity Mesh Architecture. With ‘SOCless’, the team has adopted a more integrated and flexible cybersecurity management model to implement the bank’s new ‘change-as-a-constant’ approach.
With IRIS, Banco Davivienda has moved from correlation alerts to designing self-executing workflows. Incidents that used to take 27 hours to process can now be handled in just one second; this improvement has significantly increased its ability to handle alerts, from 300 per month previously to more than 15,000 a month today. This leap in capacity would have been impossible to achieve using the bank’s old methods.
“We now have complete dashboards that are updated constantly,” says Fabian, “thanks to the automated learning processes and workflows we’ve built with agile methodology, so we’re able to act on what’s needed and share it with the cybersecurity community.”
These improvements have enhanced the bank’s effectiveness and reduced the costs associated with deploying security solutions, managing incidents, and recovering data. More significantly, they have increased the confidence, financial security, and quality of life for Banco Davivienda customers.