Contrast Security

Envestnet | Yodlee, a leading data aggregation and data analytics platform for digital financial services, faced the challenge of seamlessly and cost-effectively aiding developers in identifying and fixing application security vulnerabilities within their code early in the Software Development Life Cycle (SDLC). The company also aimed to reduce the burden that development and security practitioners encounter by reducing the number of false positives reported. As a fintech company, security is paramount for Envestnet | Yodlee, and they needed to ensure that every product on its platform met the most stringent security and compliance requirements. The company periodically conducted code reviews to ensure there were no vulnerabilities, but they wanted a better solution that could reduce the number of false positives, as triaging them wasted time and reduced efficiency. They also desired a security solution that could scale, augment and seamlessly integrate with the current toolset.

The North American insurance subsidiary, a part of a global group that ranks among the world’s top providers of both commercial and property/casualty insurance, faced several challenges in its application security. The company wanted to increase awareness among developers about application security risk and safe-coding practices, enable discovery and remediation of vulnerabilities with minimal delays to the development process, reduce the backlog of unaddressed high-risk vulnerabilities, and roll out a global solution to all internal business units and groups. The company's existing application security processes were unsustainable. Vulnerability scanning with the legacy static application security testing (SAST) tool often took hours at a time, and many of the alerts in each report turned out to be false positives, wasting precious time and potentially delaying release cycles.

Floor & Decor, a rapidly growing retailer with over 200 locations and $3 billion in annual revenue, faced the challenge of ensuring comprehensive security for its retail business and development environments. The company needed to protect its business operations, particularly customer data, from potential security threats. The challenge was to implement a solution that could provide robust security for its retail stores and point-of-sale (POS) systems, while also managing strong growth. The company needed to limit false positives and scan for threats and intrusions faster, more seamlessly, and in real-time. The company also sought to reduce the time spent on identifying and handling security vulnerabilities, which was consuming significant staff time and resources.

CM.com, a global leader in cloud software for conversational commerce, was struggling with its application security strategy. The company's primary application security strategy consisted of penetration testing and static application security testing (SAST). However, these tools consumed considerable time on the part of both the security team and the development teams. The reports generated from these tests had to be analyzed by the security team, and a ticket would be created for each vulnerability that needed to be fixed. This process often resulted in days of delay before developers received feedback on what to do. These security-related delays created friction in the development process and increased complications and delays tied to fixing vulnerabilities that were identified in the process. They also resulted in resentment on the part of developers. Furthermore, the scan and penetration reports revealed that there was a great deal of room for improvement in the quality of the outputs of the development process.

One of the world's top 10 banks was undergoing a digital transformation to streamline its domestic and international business. The bank, with over 1,000 branches worldwide, 5,000 ATMs, over 50,000 employees, and millions of customers, was facing challenges in integrating security into its software development process. The bank's Application Security (AppSec) team had been relying on static tools to ensure the security of the software they developed in-house. However, changes in technology and the evolving threat landscape necessitated a more robust, automated AppSec testing solution. The bank was also rapidly moving towards using microservices for its platforms, which were used across multiple business units. The bank's software had been developed and released at an increasingly rapid pace since the development team had combined Agile sprints with DevOps methodologies. This fast-paced rollout of software introduced potential vulnerabilities and greater business risk. The bank's current AppSec tools and processes were found to be inadequate in addressing these issues, causing code release delays, scalability concerns, manual testing delays in development, and time-consuming developer training and education.

Kaizen Gaming, a leading GameTech company, faced significant challenges in its application security. The company's large development operation, which includes 28 fully staffed Scrum teams, was struggling with late identification of vulnerabilities in the software development life cycle (SDLC). This late detection resulted in remediation work being pushed to the end of the development process, causing extra work and stress. The company's reliance on penetration testing did not provide real-time, holistic observability into Kaizen’s overall application portfolio, leading to blind spots and inefficiencies. The company needed an automated, efficient, and scalable solution that could catch vulnerabilities earlier in the process without slowing down their developers. Additionally, the financial team preferred a pricing model that charges by the application rather than by the developer due to the company's large development team and tight margins.

The digital healthcare company was facing a challenge of business and technology innovation being hampered by traditional legacy security and infrastructure tools. The company required a solution that could quickly and seamlessly accelerate the company’s digital future by migrating securely to a cloud infrastructure. The company was also facing the challenge of solving the healthcare access problem. With approximately 6 million patients visiting the company per month to schedule and book doctor appointments, they needed to adapt, innovate, and modernize the healthcare industry by providing a frictionless healthcare experience for healthcare practitioners and for the 21st century patient. The company initially focused on private healthcare practices and building a technology solution optimized for that specific use case. They experienced early success, building momentum, and critical mass. The company soon realized that there was a significant opportunity to turn its focus and expand to a larger piece of the healthcare system by addressing the changes in healthcare demands.

The financial services firm in question was facing significant challenges in achieving comprehensive application security test coverage for its entire software portfolio. The existing application security tools were proving to be inaccurate and ineffective, leading to developer disengagement, product delays, and negative business impacts. The IT Security team was primarily focused on network security, relying on perimeter security solutions to protect their applications and data. The application development team had minimal involvement in application security, and the training they received did not keep pace with advances in application development and hacking. The security team lacked the visibility needed to work efficiently and effectively, with their scanner tool reporting many false positives and lacking the necessary information for developers to find and fix errors. The existing tools and processes were preventing a complete security analysis of their applications, delaying the delivery of new business-critical software functionality.

The U.S. based regional credit union, serving nearly 100,000 customers in rural communities, was facing challenges in delivering and securing modern software applications to protect customers’ private financial data. Prior to working with Contrast Security, the credit union’s application security efforts were ad hoc with periodic penetration testing and content analysis highlighting issues post-development. The credit union’s developers produce a significant amount of custom code that they release relatively frequently. Identifying vulnerabilities with traditional scanning tools was a challenge, as the tools generated a high number of false positives. The company also wanted to deploy Contrast in Dev/QA in order to identify potential vulnerabilities early in the SDLC and create a baseline. Additionally, prior to the installation of Contrast Protect, the credit union was potentially vulnerable to attacks.