Case Study

NASDAQ traded company uses Oligo to Implement a ‘maximum value minimum effort’ Security

Case study - NASDAQ company uses Oligo to Implement a ‘maximum value minimum effort’ Security

Highlights

87%

Reduced the total number of vulnerabilities by 87% within the first few months of Oligo deployment.

300 hours

Saved an estimated 300 hours in manual triage time monthly by cutting down false positive alerts by 60%.

Revealed true risk urgency and severity,

bolstering effective risk management.

Eliminated complex correlations,

simplifying interactions with multiple security product findings.

Boosted DevOps team confidence

and efficiency with Oligo’s accurate and intuitive data presentation.

Case study - NASDAQ company uses Oligo to Implement a ‘maximum value minimum effort’ Security

Challenge

  • Security alerts overload - The dev team was frustrated from being flooded with many security tickets that are irrelevant. It affected the trust the team had in the existing tools and led to a waste of time and resources.
  • Prioritization rationale - The alerts prioritization didn’t match the severity that the team associated with it and therefore the team had to manually correlate findings from different tools.
  • False positive alerts - It was difficult to differentiate between genuine risks and false positives due to insufficient information about the risks and results produced by security tools.
  • Security visibility gap - There was no ability to understand the potential attack surface and pain points in one platform.
Case study - NASDAQ company uses Oligo to Implement a ‘maximum value minimum effort’ Security

Solution

  • Focus on the most urgent risks through runtime insights - Gaining insights into the behavior and context of cloud applications and their libraries enhances understanding of key security issues. This results in focused and trusted risk prioritization, eliminating the noise and chaos created by security scanners, and enables the user to truly understand each and every risk.
  • Achieving comprehensive application security visibility in one platform - the mixture of code-execution intelligence and cloud contextual insights creates a platform from which the company can gain awareness of the potential attack surface and manage all their application security efforts.

Headquarters
United States

Employees
2,100

Founded
2005

Industry
Software, Cyber Security

The company provides a security software platform that allows organizations to track, visualize, analyze, and protect unstructured data.

Case study - NASDAQ company uses Oligo to Implement a ‘maximum value minimum effort’ Security

Amir W.
DevOps team lead

Amir W., the DevOps Team Lead in charge of information security, is dissatisfied with the complexity caused by using multiple security products, which scatter data across various locations.

It requires managing multiple products installed on multiple environments, and in order to obtain valuable information, it is necessary to perform complex correlations between the findings of each product with one another.

Due to this challenge, he began seeking a runtime security solution that could offer extensive coverage and precise outcomes. Runtime security solutions can access applications in real-time, providing detailed insights into the ongoing processes as the application operates in a cloud environment.

Through the use of runtime security, it is possible to achieve a thorough understanding of the application's code actions, such as which libraries are loaded or actually running, as well as its cloud context, including which applications are accessible to the internet.

Runtime application security and observability - Oligo security - open source security- Quote

“I don’t like using many security products, so I looked for a comprehensive product that will encompass all the capabilities I need. Runtime security embodies the principle of 'maximum value - minimum effort,' offering broad security coverage and delivering the most accurate findings.”

Case study - NASDAQ company uses Oligo to Implement a ‘maximum value minimum effort’ Security

Amir W.
DevOps team lead

When you understand what you see, it is much easier to fix it

The team faced a deluge of tickets from security scanners lacking accurate prioritization, making it difficult to discern urgent issues. Turning to Oligo, they sought a solution that would provide real-time understanding of their systems and precise risk prioritization. Amir W., DevOps Team Lead, highlighted the limitations of traditional security scanners, stating, "All tickets created by traditional security scanners are 'acute' and 'critical', but not all of these critical risks come to expression." Oligo's intuitive and trusted data offered focused and valuable information, setting it apart from other security products. This endorsement reflects Oligo's ability to deliver actionable insights for effective security management.

Solving security issues starts with understanding the organization’s potential attack surface. The team saw that Oligo helped them to achieve an accurate picture of the attack surface in real-time. As a result, Oligo is helping the team gain a clear understanding of their environment, enabling them to focus on the most urgent issues first and eliminate the noise created by security scanners operating through the code or the build phase.

Case study - NASDAQ company uses Oligo to Implement a ‘maximum value minimum effort’ Security
Runtime application security and observability - Oligo security - open source security- Quote

“Oligo gave us the ability to understand exactly where our pain points are. This is very valuable, as that's the first step to solving security issues.Understanding the cloud context and the library state, gaining awareness of runtime insights - these all are creating an intuitive picture of the security posture, and make it easy to address the most urgent risks first.”

Before using Oligo, achieving an accurate picture of the potential attack surface was mostly done through the hard work of security analysts and engineers, correlating findings from a few products, and conducting manual research. Oligo immediately provided the information that the team looked for, all in one platform.

Runtime insights that reveal the real risk’s urgency and severity

The team was overwhelmed with a flood of data, causing frustration as they struggled to make sense of it all. Security scanners generated numerous security tickets, some of which were irrelevant or even unfixable. This situation undermined the team's confidence in their existing tools and resulted in a waste of resources.

Oligo helped the team to focus and grasp a better understanding of the risks within their environment and achieve risk prioritization that is accurate and considers the attack potential of each risk. Security scanners which operate from the code or the build phase aren’t accessible to runtime insights. They cannot provide real-time information about the risk, so the long list of CVEs they produce isn’t prioritized accurately, and include many vulnerabilities that are not actually exploitable.

Runtime application security and observability - Oligo security - open source security- Quote

“Traditional security scanners generate an overwhelming amount of data, making it hard for teams to understand and respond effectively.

In today’s security landscape, you have to be focused on contextual runtime insights instead of being focused on the built Image and what it holds. That is exactly what Oligo is doing, and that is a great match for our needs.”

Case study - NASDAQ company uses Oligo to Implement a ‘maximum value minimum effort’ Security
Runtime application security and observability - Oligo security - open source security- Quote

“We searched for a product that will provide the true severity for each risk. Traditional security scanners result in a list of CVEs alongside their CVSS score. We looked for insights that will reveal the real risk’s urgency and severity by its attack potential. That’s exactly what Oligo is providing, and showing it very intuitively.”

The team felt that using only the CVSS score to prioritize alerts didn't provide sufficient data to assess risks. CVSS scoring isn’t the most impactful parameter when performing a risk assessment, and can even be confusing when the vulnerable code is not accessible. Oligo provided the company focus by collecting runtime insights which discover the influence of the security posture and potential attack surface on each risk. This results in an accurate and reasoned risk prioritization which makes sense to security teams and saves them time and effort.

Oligo’s security approach is suited for today’s security landscape

Amir emphasizes the importance of the insights and data that Oligo provides and the professional work of the team. Considering runtime intelligence in making a risk assessment and prioritization is the right way to ensure security in today’s complex security posture.

As the team progresses in optimizing their security approach, Amir W. sees Oligo as a key ingredient in assuring the company's continued triumph. "Oligo equips us with the assurance in the security posture of our applications," he states. "It empowers our DevOps teams to work efficiently, improving our productivity and allowing us to provide the best possible services to our users. We no longer need to stress about the status of our cloud environments or the possibility of an unseen security risk lurking in the shadows.

Runtime application security and observability - Oligo security - open source security- Quote

“I have great trust in Oligo’s people. The deployment and integration have been done perfectly and seamlessly. The security approach of your product is suited for today’s security landscape.”

Zero in on what's exploitable

Oligo helps organizations focus on true exploitability, streamlining security processes without hindering developer productivity.