Case Studies :: Contrast POV Guide

Case Studies

The following summarizes the publicly available Contrast customer case studies by:

Who was the target audience and buyer
What was the problem they were trying to solve
Why was Contrast purchased and how did we solve their problem

Creating Marketplace Efficiencies for the Healthcare Industry

This is a summary of the case study. You can see the full case study here.

Team Who Procured Contrast

Application Security Team

Pain Points

Digital transformation towards DevSecOps
Hampered by legacy security tools
Required a solution that could accelerate a secure migration to AWS
AWS shared responsibility model
Healthcare compliance (SOC 2 Type II, HITRUST, HIPAA)

Why Contrast?

Reduced the inefficiencies and limitations of SAST and DAST
Automated security into the AWS infrastructure
Scalability, efficiency, and speed

Securing the Digital Commerce Ecosystem for Merchants, Consumers, and Banks

This is a summary of the case study. You can see the full case study here.

Team Who Procured Contrast

DevOps/DevSecOps

Pain Points

SAST and DAST delayed software development velocity
Needed to automate security analysis for continuous delivery of a microservices-based application
Needed to analyze custom and open source code
Required a solution that could accelerate a secure migration to AWS (EC2, ECS/Fargate)

Why Contrast

Saving time: Freeing up around 10 hours a week for 2-3 people to focus on other security related work.
Gaining visibility sooner: Vulnerabilities are found much earlier, eliminating unforeseen and last-minute roadblocks for quicker deployment.
Getting results faster: Starting each project with secure coding in mind, developers can see their results almost immediately with the IDE plugin.

Automating Application Security to Protect Corporate Data Assets at the Speed of Business

This is a summary of the case study. You can see the full case study here.

Team Who Procured Contrast

AppSec

Pain Points

SAST and DAST were insufficient to detect and fix vulnerabilities
Needed to reduce false positives in order to increase development velocity
Rapid business and technology acquisitions required a fast and scalable application security platform
Need to shift developer mindset to consider security when writing code

Why Contrast

Increased developer productivity through reduced
test-fix-deploy cycle times
Greatly reduced false positiives
Enabled developers to code more security (i.e., shift security left)
Provided a stronger layered security posture

Serving Up and Delivering Secure Digital Applications On Time

This is a summary of the case study. You can see the full case study here.

Team Who Procured Contrast

IT, Security

Pain Points

Wanted to shift security left to reduce costs of fixing vulnerabilities later in the SDLC
Needed to increase software development velocity while eliminating security risks
PCI DSS compliance

Why Contrast

Increased velocity of secure software delivery via continuous security monitoring, and not slow legacy scan-based approaches
Enabled developers to find and fix vulnerabilities early in the development process

Highlighting Business Value Through the Security of Modern Software in Development & Production Environments

This is a summary of the case study. You can see the full case study here.

Team Who Procured Contrast

Development

Pain Points

Legacy SAST, DAST, and pen testing tools could not keep pace with their frequent releases
Inaccurate ad hoc scan results slowed down their software releases
Wanted to be more proactive in identifying and fixing security vulnerabilities
Needed something better as they evolved towards rapid automated Agile/DevOps practices
Needed better protection capabilities

Why Contrast

Enabled developers to quickly find and fix vulnerabilities
Allowed them to integrated AppSec into their development process without the need of security experts
Contrast Protect provided an extra layer of protection and afforded them time to fix vulnerabilities by protecting against exploits

Weaving Security into the Developer’s Mindset and Processes

This is a summary of the case study. You can see the full case study here.

Team Who Procured Contrast

AppSec

Pain Points

Increasing development velocity by combining Agile with DevOps introduced greater business risk
Code release delays were caused by traditional Static (SAST) and Dynamic (DAST) Application Scanning Tools
Scalability concerns using scanning tools for every single release
Manual testing delays in development
Time-consuming developer training and education

Why Contrast

Code created is highly secure before it is released into production environments
Reduction in pen testing costs through optimized processes
AppSec team is able to deliver software security on a broader scale, and for a much lower cost, than when using legacy SAST and DAST tools.
Application Security fits seamlessly into Agile and DevOps processes
Enabled and educated the development team by merging security with quality coding
Increased code quality and overall performance of their developers

Focus on Fortune 500 Retail / E-commerce Company

This is a summary of the case study. You can see the full case study here.

Team Who Procured Contrast

AppSec

Pain Points

Application security became a disruption to the agile release cycle schedule
AppSec was on the critical path for every production deployment
SAST & DAST products took up to 24 hours to produce reports; prone to human error
Process added significant “rework cost” or forced postponement of security fixes
Vulnerability scanning and remediation added a delay of weeks to every release
The team’s involvement in every release meant it was unable to stay on schedule
Development team knew it had vulnerabilities to address, but it did not know the root causes, sufficient details, or metrics.

Why Contrast

Surprisingly easy deployment
Easy integration of Contrast into the SDLC tools the company used
Application Security team is no longer the bottleneck
Applications now report their vulnerabilities as they are tested; there is no longer a separate application security scanning step
Can drill down to application-level detail and inform engineering team what vulnerabilities to fix, where to fix them and how to fix them
Quick and easy access to organization-level metrics

Financial Services Firm Loves Application Security

This is a summary of the case study. You can see the full case study here.

Team Who Procured Contrast

Security

Pain Points

Secure code training didn’t keep pace with advances in development and hacking
Code scanning tools and manual code reviews were difficult to work with, disrupted their development process, and produced mostly false-positives.
App sec reviews would occur only once the application had been fully written. The development team was thus blindsided by issues in pre-production
Little insight into the security risks of third-party libraries used in their apps
Penetration tests also generated few relevant findings
Existing tools and processes ultimately prevented a complete security analysis of their applications, delaying delivery of new business-critical software functionality.

Why Contrast

Contrast’s approach to finding and presenting vulnerability data in a way that was understandable by both developers and the security team
Works from within the application
Development team improved app security and could provide predictable delivery without adding headcount or expertise to the team
Real-time results allow developers to fix problems as they come up
Access to source, importance, and resolution of vulnerabilities
Helps the development team identify vulnerable libraries and whether apps are using vulnerable code within them
Helped the development team nearly eliminate vulnerabilities introduced in the later stages of the SDLC
Reduced vulnerability resolution time from weeks and months to hours

Envestnet | Yodlee

This is a summary of the case study. You can see the full case study here.

Team Who Procured Contrast

AppSec

Pain Points

Legacy AppSec tools require manual efforts to scan and triage an enormous and unmanageable number of false positives
Legacy tools cannot operate at the speed that DevSecOps requires
Has undergone nearly 200 audits by financial institutions over a recent 24-month period

Why Contrast

Significant reduction in the number of time-wasting false positives
Increased developer productivity through a reduced test-fix-redeploy cycle times
Security woven into daily coding practices
Reduced Penetration Testing costs
Accelerated software time-to-market
Allowed the AppSec Engineers to have a much better level of visibility and accuracy in pinpointing key software application vulnerabilities
highlighted key vulnerabilities and provided immediate and actionable recommendations to triage
Contrast’s partnership with AWS allows it to provide the performance and compliance requirements our customers demand

Securing the Automated Pipeline - Beeline’s Perspective

This is a summary of the case study. You can see the full case study here.

Team Who Procured Contrast

InfoSec, Engineering, and Threat/Vuln Management

Pain Points

Weekends wasted as production push fails and dev and infrastructure teams blame each other
Security tools from the “good old days” far too slow and cranky, can’t match DevOps deployment speed
Shifting left is still a gatekeeper process, which doesn’t scale
Needed a tool that could run in both old school (on-prem), Cloud, Hybrid & DevOps worlds
Needed to handle Windows and Linux, Containers and Servers, .NET/Java/Node.js

Why Contrast

Contrast runs as a component of the app and is deployed as part of the underlying app server
Built into the deployment process
Can include security concerns in health check functions
Helped establish a trusted registry for images
Provides software component inventory
App Security becomes just another part of QA
AppSec work is well documented for auditing purposes
Keeps developers, auditors and security team all happy