Quálitas Compañía de Seguros, S.A. de C.V., is a Mexico-based insurance company founded in 1993 specializing in auto insurance. Quálitas is the Latin word for Quality, which is not only the company’s commercial name but the driving force within the organization, through which the company has risen to become the leading auto insurance carrier in Mexico and Central America.


With rapid growth comes a larger online presence and more attackers trying to affect business

Insurance companies, like other organizations, are vulnerable to web application attacks due to the high volume of sensitive data that passes between stakeholders.

With international growth on the horizon, Quálitas needed to meet PCI compliance requirements to best serve its expanding customer base. A WAF solution that could do that, while also working to secure critical applications for the operation of its business, became top priority.


Imperva Cloud WAF: Easy to use, fast to deploy, and affordable

Quálitas initially started with a small Imperva deployment during a Proof of Value (POV) as part of their relationship with OCM-IT®, a Mexico-based company with presence in the USA and Central America, serving financial, corporate, industrial, educational, and government sectors. This POV gave Quálitas the maturity and experience to identify the business needs of its clients, in addition to customizing cybersecurity tools to streamline processes and the use of technology in favor of meeting business objectives.

During this initial test, an internal audit was being conducted on the application infrastructure. With the audit results showing attacks increasing and vulnerabilities not being mitigated with the current in place WAF solution, Quálitas quickly expanded the Imperva Cloud WAF services to 60 sites between Mexico, El Salvador, Peru, and Costa Rica.

The Imperva platform yielded a large amount of information related to the activity and access to Web applications, analyzed by Quálitas to confirm or discard valid and known requests. The success criteria were availability of public applications and the analysis of the threats that they receive.

Cloud WAF works to stop attacks with near-zero false positives, leveraging a global SOC to strive to ensure that organizations are protected from the latest attacks minutes after they are discovered. Cloud WAF is part of a multi-layered Application Security solution that combines Advanced Bot Protection, Advanced API Protection, and Advanced DDoS Protection, all from within a centralized management console.


Quálitas has not only benefited from enhanced application protection and visibility, but also greater operational efficiency through Imperva’s vast array of application delivery capabilities.

Since partnering with Imperva, the visibility of malicious traffic or non-valid requests on applications has made it possible to make blocking decisions by geographical area and allow the company’s services to stay reliable and maintain an adequate level of availability.

“One of the main values that we see is to maintain a level of visibility over public services and contain attacks that may impact them, in addition to all the information that can be consulted according to the behavior of each application.” Alejandro Garcia, Director, OCM-IT.

“The visibility that the control panel gives us based on the ID’s that the http headers throw, allows us to make better decisions and be efficient when analyzing security flaws and operation errors, by which the root cause is located more quickly.” Eduardo Calleja Arce, Information Security Manager, Quálitas Compañia de Seguros.