Microsoft Trusts Rapid7 AppSpider
公司规模
Large Corporate
地区
- America
国家
- United States
产品
- AppSpider
技术栈
- RESTful APIs
实施规模
- Enterprise-wide Deployment
影响指标
- Customer Satisfaction
- Digital Expertise
技术
- 网络安全和隐私 - 应用安全
- 应用基础设施与中间件 - API 集成与管理
适用行业
- Software
- Professional Service
适用功能
- 商业运营
用例
- 网络安全
服务
- 系统集成
- 软件设计与工程服务
关于客户
Microsoft is a global technology company headquartered in Redmond, Washington, known for its software products, including the Windows operating system, the Microsoft Office suite, and the Internet Explorer and Edge web browsers. The company also produces a wide range of other consumer and enterprise software for desktops, laptops, tablets, and servers, including Internet search (with Bing), the digital services market (through MSN), mixed reality (HoloLens), cloud computing (Azure), and software development (Visual Studio). Microsoft is one of the largest companies in the world by market capitalization and has a significant influence on the technology landscape. The company has a strong focus on innovation and security, constantly evolving its products and services to meet the needs of its diverse customer base.
挑战
When Microsoft undertook an extensive evaluation of Web Application Vulnerability scanning solutions on the market, the company’s Cloud and Enterprise Security Services team knew it would be no small task. Microsoft wanted to build a world-class, scalable Web App Vulnerability scanning service that would serve all of their different service teams in building secure applications. With the technology landscape rapidly evolving, Microsoft foresaw that the homegrown solution it had previously relied upon for application security would soon struggle to keep pace with modern applications with rich, dynamic clients and numerous APIs on the back-end. So the team undertook an extensive, thorough evaluation that spanned several months and settled on AppSpider as one of its Web App Vulnerability Scanners, based in large part on the product’s roadmap towards being able to handle complex application ecosystems that have rich clients and RESTful APIs.
解决方案
Embarking on the proof of concept, the team knew they’d be looking at a range of products that all had the same basic functionality – in other words, their decision would ultimately boil down to a few key differentiators. The question was, which one would stand out from the rest as the best fit for their environment? A slew of in-depth questions would go into making the decision, such as: Given a baseline model, how effective is the scanner in discovering vulnerabilities? Are scan results available in a centralized data store that can be easily queried for later analysis and reporting? Can built-in reports be easily modified? How easily can new vulnerability tests be created and added? Can new authentication models be added to the scanner? Does the product meet regulatory compliance requirements, such as FedRAMP? How easily can built-in documentation be modified? Can custom checks specific to Microsoft be supported? Another important element was having the ability to develop custom attacks on their own, via API. “We wanted to develop an API with a common interface, with an engine in the background doing the legwork,” the PM manager added. “AppSpider had a good mix of what we needed, and the team particularly liked that the solution had extensibility and a strong API. That tipped the scale in their favor.” Another key consideration involved the fact that AppSpider would be focused on scanning Microsoft applications, so much was at stake: “We use AppSpider but it’s our API that we put in front of customers; our reputation is on the line. The fact that AppSpider has a rich API makes our lives a heck of a lot easier.”
运营影响
Case Study missing?
Start adding your own!
Register with your work email and create a new case study profile for your business.
相关案例.
Case Study
SET Creative Ditches Google Vault for Datto Backupify
When Kienholz first started at SET, the staff was using Microsoft Outlook for email with no form of data backup. It became apparent that something needed to change as the staff was often burdened with trying to recover emails from departed employees. Kienholz transitioned the team to Google’s Gmail and implemented Google Vault for backup purposes. While SET employees quickly adjusted to Gmail, which many use for personal email, the same could not be said for Google Vault. “Unlike most Google products, Vault was not user friendly at all. It’s very hard to search for items. We never really figured out how to do a restore either,” explained Kienholz. Due to SET’s work with high-profile brands, projects often go through many rounds of revisions right down to the eleventh hour. This means that every bit of information - especially data living in project managers’ emails - is crucial to delivering clients a polished design at deadline.
Case Study
Infosys achieves a 5–7 percent effort reduction across projects
Infosys, a global leader in consulting, technology, and outsourcing solutions, was facing significant challenges in application development and maintenance due to its distributed teams, changing business priorities and the need to stay in alignment with customer needs. The company used a mix of open source, home-grown and third-party applications to support application development projects. However, challenges resulting from distributed teams using manual processes increased as the company grew. It became more and more important for Infosys to execute its projects efficiently, so they could improve quality, reduce defects and minimize delays.
Case Study
Arctic Wolf Envelops Teamworks with 24x7 Cybersecurity Protection and Comprehensive Visibility
Teamworks, a leading athlete engagement platform, faced rising cyberthreats and needed enhanced visibility into its network, servers, and laptops. With software developers connecting from all over the world, the company sought to improve its security posture and position itself for future growth. The company had a secure platform but recognized the need for a more proactive solution to identify gaps within its technology infrastructure. Data exfiltration and malicious access were top concerns, prompting the need for a comprehensive security upgrade.
Case Study
Sawback IT and Datto Save Client From a Costly Mistake
Ballistic Echo, a software development house, faced a critical challenge when human error led to the deletion of thousands of lines of unique code. This incident occurred before the code was pushed to source control, resulting in significant loss of time, revenue, and work. The previous file-level backup solution they used was slow and inefficient, making it nearly impossible to manually recreate the lost work. The need for a more reliable and efficient business continuity solution became evident to avoid such disasters in the future.
Case Study
Opal Helps Customers Shine Thanks to Datto
SP Flooring & Design Center faced a ransomware attack that encrypted and locked their files. The attack was initiated through a compromised service account set up by an outside vendor. The ransomware infection was isolated quickly, but there was a concern about the extent of the data at risk. The company had backups in place but was unsure of how much information was compromised. The situation required immediate action to prevent further damage and restore the affected data.
Case Study
Zapier Aggregates Multiple Analytics in a Single Dashboard with the New Relic Platform
Zapier, a company that enables non-technical users to push data between hundreds of web applications, was facing a challenge in automating and provisioning servers for optimal performance. The company's environment consisted of 50 Linux servers on the Amazon Elastic Compute Cloud (EC2), a Django application split across several servers, and a backend consisting of a dynamic number of celery task workers fed by messages published to a RabbitMQ cluster. They also maintained a number of internal web services on nginx in front of Gunicorn and Node.js processes. Redis handled simple key and value stores, with logging handled by Graylog2 and ElasticSearch. However, they realized that no level of automation would be sufficient without an effective monitoring solution in place. They needed a tool that could provide immediate alerts when something was breaking and could be easily implemented into their environment.
