The Sompo Group Adopts Contrast Security’s Platform to Empower Digital Transformation with Security Enhancements and Sophisticated Development of Custom Code and Open-Source Software

ByContrast Security Jun 25, 2021 3:16:52 PM

LOS ALTOS, Calif., June 25, 2021 – Sompo Holdings Inc., Sompo Japan Insurance Inc., and UB Secure Co. Ltd., today announced that Sompo Holdings and Sompo Japan have adopted Contrast Security's Contrast Assess and Contrast OSS to provide application security for the renewal project of their core system, which is the cornerstone of their digital transformation strategy. The adoption of Contrast’s platform enables Sompo Holdings and Sompo Japan to make security enhancements faster while accelerating development cycles that utilize both custom and open-source code.

In addition to Contrast Assess and Contrast OSS, Sompo Japan is also introducing Contrast Protect, which blocks attacks on applications in production environments, for new applications used to estimate payments for accident insurance.


1. Background and purpose of introduction
Sompo Japan is building a foundation to further promote their digital transformation. This will allow them to quickly provide higher value services with its "Mirai-Kakushin Project (Future Innovation Project)," which is to renovate complex and bloated core systems built in 1980s. This will allow them to expand core business areas with high added value and create new businesses by fully adopting open technologies like Java, and embracing modern software development. Sompo Japan quickly found that with the use of open-source software in addition to custom code increased the amount of vulnerabilities detected. It became necessary for them to look for an automated application security approach that would pinpoint true vulnerabilities and eliminate those that pose no risk (false positives) while remediating quickly to speed up development release cycles.

2. Overview of the solutions implemented
Sompo Holdings and Sompo Japan introduced both Contrast Assess and Contrast OSS. Contrast Assess enables real-time detection of application vulnerability and compliance risks in agile software development environments by incorporating intelligent agents into web application runtime environments to provide an immediate response to security and licensing issues and continuous verification and monitoring. Contrast OSS identifies vulnerabilities in open-source software components and indicates how they are specifically used in applications, enabling developers to take prompt remediation action.

The Contrast Application Security Platform transforms application security from being a business inhibitor to an enabler via an automated approach. This is particularly important in an economic climate where revenue growth and operational efficiencies can mean the difference between financial viability and failure.

The Contrast Application Security Platform includes:

  • Contrast Assess provides continuous vulnerability assessment that integrates seamlessly with existing software development life cycle (SDLC) processes.
  • Contrast OSS delivers automated software composition analysis (SCA) by detecting security and compliance vulnerabilities in third-party libraries and frameworks.
  • Contrast Protect observes code behavior in running applications and intelligently blocks threats with runtime protection and observability.
  • Contrast Scan revolutionizes static application security testing (SAST) with pipeline-native static analysis to analyze code and detect vulnerabilities early on in the SDLC with scan and remediation times dramatically faster than other SAST approaches.

Sompo Holdings, IT Planning Department Project Manager/Deputy Chief: Toshiyuki Tsuchiya
“In the development of the waterfall model, a security test is conducted in a later phase, such as conducting a security test at the testing stage. However, when it comes to security measures, the later the phase, the more staff hours and costs that are required. I wanted to know if a vulnerability could be detected earlier in the development process. By utilizing Contrast Security, we hope to ensure security while maintaining the release cycle deadlines.”

Sompo Japan, Security Evangelist: Toshinori Konaka
“While the renewal of our core system has allowed more freedom to use open technologies, it has become even more necessary to take measures against threats to open-source software and source code. In addition, the conventional development process has not matched the speed of countermeasures against the threats around the globe, so we were looking for a solution that could respond quickly without missing any vulnerabilities. Contrast Security's platform lineup of powerful tools combines detection capabilities and manageability, and I believe they can contribute to a significant reduction of risks in our system.”

Sompo Japan, Unit Leader: Tatsuya Nishiyama
“The challenge was how to manage and operate vulnerabilities easily without missing any in response to the progress of developing the core infrastructure and business applications in the core system renewal project. By using Contrast Security's products, we were able to see the positive results on the problem and proceed with its introduction.”

UB Secure, President: Kotaro Kando
“We are pleased to see that Sompo Group has adopted Contrast Security's products for their security solution supporting the digital transformation project. UB Secure is helping to provide safe and secure digital services by fitting solutions and services that make "security easier" for our customers. We will continue to actively make DevSecOps happen for Sompo Group.”

Contrast Security, Chief Strategy Officer: Surag Patel
“Digital transformation efforts are priority strategic initiatives for insurance groups around the world. Sompo Group specifically has an inspiring brand slogan to be “A Theme Park for Security, Health & Wellbeing,” which they aim to accomplish through creating high quality solutions that integrate powerful digital technology,” said Surag Patel, Chief Strategy Officer at Contrast Security. “We are thrilled to empower them on this digital transformation journey by providing them a modern software security platform built for the enterprise. Our platform is designed to enable enterprises like Sompo Japan to deliver their most bold software projects securely without delays from traditional security tools. Contrast Security transforms application security by using an automated approach to embed security observability into the entire software life cycle.”

3. About the future
Sompo Japan aims to further promote digital transformation, improve both productivity and security quality in the service development, and provide customers with higher value-added services quickly. As part of that broader strategy, Contrast Security will enhance the security and efficiency of development for Sompo Japan’s customers' digital transformation in the Japanese market.

About Sompo Japan Insurance Co., Ltd.:
Sompo Japan provides various P&C insurance products and services, and also provides services in response to car accidents by utilizing digital technology and support services to support safe driving by using drive recorders. To get prepared for the fast changes in recent years, Sompo Japan expands to new areas such as auto driving and car sharing.

About UB Secure Inc.:
UB Secure, Inc. provides the No.1 Web application testing tool “Vex,” various technology products to support DevSecOps, and security testing services. In addition, UB Secure has been recognized as a primary agency by Contrast Security, a first-class company in the U.S. market, for extensive experiences and insights in DevSecOps. UB Secure strongly supports DevSecOps solutions from Contrast Security based on the knowledge of security testing obtained from Vex, a solution that detects web application vulnerabilities and provides feedback based on diagnosis results of thousands of sites.

About Contrast Security:
Contrast Security is the leader in modernizing application security, embedding code analysis and attack prevention directly into software. Contrast's patented deep security instrumentation completely disrupts traditional application security approaches with integrated, comprehensive security observability that delivers highly accurate assessment and continuous protection of an entire application portfolio. This eliminates the need for disruptive scanning, expensive infrastructure workloads, and specialized security experts. The Contrast Application Security Platform accelerates development cycles, improves efficiencies and cost, and enables rapid scale while protecting applications from known and unknown threats.

Contrast Security
Jacklyn Kellick

Contrast Security

Contrast Security


Learn how to unify security strategy across & development operations. See how to set up a CAS program with only eight activities!

Download the Handbook