Case Study: MSCI achieves rapid vulnerability response and 45-day patch compliance with Qualys

MSCI Stays a Step Ahead in the IT Security Arms Race

MSCI, a global provider of investment decision‑support tools serving thousands of financial‑services clients, faced the challenge of securing a rapidly growing, complex IT estate so customers and regulators could trust its systems. With more than 8,000 virtual servers, multiple device types and a strict 45‑day patch window, the company needed full asset visibility, continuous vulnerability scanning and clear audit-ready reporting to manage operational risk and protect its reputation.

MSCI deployed the Qualys Cloud Platform (Qualys Enterprise) to automate discovery, tagging, scanning and vulnerability analytics across its infrastructure. The solution delivered actionable scorecards and executive summaries, enabled rapid response to new CVEs (notably proving zero exposure to Heartbleed within 24 hours), streamlined customer audits and strengthened patching processes — improving security posture while preserving customer confidence and regulatory compliance.

MSCI

Balazs Szeplaki

VP, Global Information Security Engineering & Operations