CUSTOMER SUCCESS

Reducing Application Vulnerabilities and Overall Business Risk

HIGHLIGHTING BUSINESS VALUE THROUGH THE SECURITY OF MODERN SOFTWARE IN DEVELOPMENT AND PRODUCTION ENVIRONMENTS

Customer Success | U.S. Credit Union

Organization Snapshot

Industry : Regional U.S Credit Union/Financial Services Company

Location : United States

Challenge : Deliver and secure modern software applications to protect customers’ private financial data.

“We were pleasantly surprised with how clean the application solution is, considering we had not used a tool like this before. Our developers are eager to learn more about Contrast Assess given how user-friendly it is.”

Assistant Vice President, Application Development

OVERVIEW

This U.S. based regional credit union is one of the largest financial institutions dedicated to serving farmers and rural residents. As part of the nationwide credit system and with nearly 100,000 customers throughout the rural communities of the U.S., they work to promote growth and competitiveness in agricultural and rural communities across the country. Reversing the usual flow of capital, this credit union raises funds in the world’s capital markets and puts them to work, creating jobs and driving economic growth, thus ensuring the vibrancy of rural communities. This customer-first approach helps U.S. agricultural producers feed the world, strengthen the rural economy, and provide jobs that help rural families thrive.

This financial institution is committed to evolving processes in digital transformation to meet the needs of its customers today and well into the future. In the current business climate, that equates to protecting its customers’ sensitive financial data with secure software solutions. With that goal, the credit union partnered with Contrast to increase its security posture and build upon its application security testing. Contrast helps the company’s developers to proactively manage custom code to mitigate vulnerabilities and risk, while preventing cyberattacks that could lead to a data breach. The company utilizes both Contrast Assess and Contrast Protect, as it evolves toward more rapid and automated Agile DevOps processes, across the entire software development life cycle (SDLC).

“Existing tools were fine for commercial off the shelf software and to a limited degree HTML analysis, but as soon as we got into custom code or something unique to our organization, those tools were ineffective. We could do some things manually, but there really isn’t sufficient time and resources to stand up to that kind of effort, and even scale.”

 
Assistant Vice President, Application Development

CHALLENGES

FORMALIZING A PROACTIVE APPLICATION SECURITY STRATEGY

Prior to working with Contrast Security, the credit union’s application security efforts were ad hoc with periodic penetration testing and content analysis highlighting issues post-development. With the addition of a common platform solution with Contrast Assess and Contrast Protect, this credit union implemented a more strategic, integrated and pro-active approach to building and augmenting their application security posture. This financial services company can significantly reduce costs related to third-party penetration testing, static content analysis, and dynamic analysis security testing. In addition, given Contrast’s ability to protect applications both on-premises and in the cloud, the credit union now has the assurance to pursue the next phase of its strategy in moving applications to the cloud.

Today, the credit union’s developers are empowered to weave security into their code. When Contrast automatically identifies a vulnerability, recommendations to remediate are sent directly to developer teams, enabling them to address the problem early in the development stage of the SDLC. As a result of this automated approach to application security testing, there has been significant impact in reducing costs and resources to remediate. Hence, developers are empowered and motivated to use Contrast because it can be used to identify software flaws and recommend potential solutions in order to remediate in real-time as they develop code.

ASSESSING CUSTOM CODE WITH CONTRAST IN ORDER TO SHIFT-LEFT

The credit union’s developers produce a significant amount of custom code that they release relatively frequently. Identifying vulnerabilities with traditional scanning tools was a challenge, as the tools generated a high number of false positives. The company also wanted to deploy Contrast in Dev/QA in order to identify potential vulnerabilities early in the SDLC and create a baseline.

Unlike traditional manual static (SAST), dynamic (DAST) and penetration testing tools, Contrast Assess automatically analyzes custom and open source code from the credit union. Contrast Assess deploys agents via instrumentation that become part of the application portfolio to provide 24/7 monitoring. These agents are constantly assessing vulnerabilities in all stages of the SDLC.

CONTINUED PROTECTION WITH CONTRAST PROTECT

Prior to the installation of Contrast Protect, the credit union was potentially vulnerable to attacks. Contrast Protect provides detailed information on attacks, tackles issues associated with malicious activity, and stops unknown exploits using Runtime Application Self-Protection (RASP). With the deployment of Contrast, the credit union has seen a substantial reduction in the time it takes to achieve its business outcomes.

RESULTS

By leveraging Contrast’s platform, this regional credit union has transformed its resource-intensive, ad hoc security effort into an integrated and proactive application security strategy that more effectively protects sensitive customer data while reducing costs. Application security is integrated into code without the need for security experts. Contrast Assess arms developers with accurate, real-time feedback via integration with messaging tools such as Slack, and standard development bug tracking tools and processes. Contrast provides actionable recommendations for developers so they can quickly remediate on exactly where and how to fix vulnerabilities within the code.

Contrast Protect provides additional and continuous protection of production code through automated attack blocking. Contrast’s platform with Assess and Protect provides this financial services company a layered modern security model at the speed of rapid DevOps processes to meet customer needs and scale for the future.

USING CONTRAST ASSESS

  • Delivers integrated application security without the need for security experts
  • Reduces false positives
  • Sends accurate application assessment to developers with details on code and solutions to remediate vulnerabilities
  • Provides visibility into all application environments
  • Reduces penetration testing costs

USING CONTRAST PROTECT

  • Builds defenses directly into the application
  • Delivers rapid responses
  • Provides accurate, continuous protection through manual and automated attack blocking
  • Allows the business to go fast and be secure without code reconfigurations

Reading on the go?

Download a PDF of this case study to save it for later.
Download PDF
cta-background-image.png

Discover how easy it is to spot and stop attacks.

See what the new era of self-protecting software looks like. Schedule your live demo.
GET DEMO