Case Study: Fifth Third Bancorp achieves continuous, accurate vulnerability management and reduced audit costs with Qualys

Automated Vulnerability Management Reaps Dividends

Fifth Third Bancorp, a Cincinnati-based bank managing about $220 billion in assets with 1,167 branches and a large IT estate (roughly 5,000 servers and 30,000 desktops), struggled with ineffective, manual vulnerability scanners that produced siloed, point-in-time data and many false positives. That inefficiency forced frequent costly third‑party assessments and left the bank unable to trend risk continuously or get accurate, timely vulnerability information to the right support teams.

Fifth Third moved to Qualys’ security-as-a-service for automated, on‑demand vulnerability management, deploying 20 appliances to audit more than 30,000 IPs and scan all ports with a centralized database and asset tagging. The result was far more accurate, less intrusive audits, fewer false positives, reduced reliance on outside assessments, streamlined reporting and compliance (including PCI and SOX), and ongoing improvements through API-driven report automation and planned SIEM integration—delivering continuous, cost‑effective risk management.

Fifth Third Bancorp

Brian L. Klenke

CISSP, Manager of Information Security Vulnerability Management Team