Download PDF
Empowering Developers to Deliver Secure Software: A Case Study on a Major North American Insurance Subsidiary
Technology Category
- Application Infrastructure & Middleware - Event-Driven Application
- Cybersecurity & Privacy - Application Security
Applicable Industries
- Equipment & Machinery
- National Security & Defense
Applicable Functions
- Product Research & Development
- Quality Assurance
Use Cases
- Cybersecurity
- Tamper Detection
Services
- Cloud Planning, Design & Implementation Services
- Cybersecurity Services
The Challenge
The North American insurance subsidiary, a part of a global group that ranks among the world’s top providers of both commercial and property/casualty insurance, faced several challenges in its application security. The company wanted to increase awareness among developers about application security risk and safe-coding practices, enable discovery and remediation of vulnerabilities with minimal delays to the development process, reduce the backlog of unaddressed high-risk vulnerabilities, and roll out a global solution to all internal business units and groups. The company's existing application security processes were unsustainable. Vulnerability scanning with the legacy static application security testing (SAST) tool often took hours at a time, and many of the alerts in each report turned out to be false positives, wasting precious time and potentially delaying release cycles.
About The Customer
The North American insurance subsidiary highlighted in this case study has been in business in the United States and Canada for more than 100 years. It is a part of a global group that ranks among the world’s top providers of both commercial and property/casualty insurance. The North American operation has more than 10,000 employees, and its customers represent a wide-ranging diversity of industries. The information security leader for North America has focused on maturing the application security program as a top priority, given that applications are among the favorite targets for cyber criminals.
The Solution
The company shifted application security further left in development with Contrast Assess. The Contrast Customer Success team aided onboarding and provides ongoing support, while Contrast Professional Services helped with implementation and rollout of the solution. Contrast Assess uses instrumentation to embed continuous security scanning within each application, with real-time feedback for developers that gives them guidance on how to remediate problems as they occur. The company also leverages the Contrast platform’s built-in integration with Microsoft Teams to manage vulnerability notifications within the company’s primary collaboration tool. The deployment of Contrast Assess has also been a catalyst for cultural change at the organization, with developers now actively participating in the delivery of secure applications.
Operational Impact
Quantitative Benefit
Related Case Studies.
Case Study
Smart Water Filtration Systems
Before working with Ayla Networks, Ozner was already using cloud connectivity to identify and solve water-filtration system malfunctions as well as to monitor filter cartridges for replacements.But, in June 2015, Ozner executives talked with Ayla about how the company might further improve its water systems with IoT technology. They liked what they heard from Ayla, but the executives needed to be sure that Ayla’s Agile IoT Platform provided the security and reliability Ozner required.
Case Study
IoT enabled Fleet Management with MindSphere
In view of growing competition, Gämmerler had a strong need to remain competitive via process optimization, reliability and gentle handling of printed products, even at highest press speeds. In addition, a digitalization initiative also included developing a key differentiation via data-driven services offers.
Case Study
Predictive Maintenance for Industrial Chillers
For global leaders in the industrial chiller manufacturing, reliability of the entire production process is of the utmost importance. Chillers are refrigeration systems that produce ice water to provide cooling for a process or industrial application. One of those leaders sought a way to respond to asset performance issues, even before they occur. The intelligence to guarantee maximum reliability of cooling devices is embedded (pre-alarming). A pre-alarming phase means that the cooling device still works, but symptoms may appear, telling manufacturers that a failure is likely to occur in the near future. Chillers who are not internet connected at that moment, provide little insight in this pre-alarming phase.
Case Study
Premium Appliance Producer Innovates with Internet of Everything
Sub-Zero faced the largest product launch in the company’s history:It wanted to launch 60 new products as scheduled while simultaneously opening a new “greenfield” production facility, yet still adhering to stringent quality requirements and manage issues from new supply-chain partners. A the same time, it wanted to increase staff productivity time and collaboration while reducing travel and costs.
Case Study
Integration of PLC with IoT for Bosch Rexroth
The application arises from the need to monitor and anticipate the problems of one or more machines managed by a PLC. These problems, often resulting from the accumulation over time of small discrepancies, require, when they occur, ex post technical operations maintenance.
Case Study
Robot Saves Money and Time for US Custom Molding Company
Injection Technology (Itech) is a custom molder for a variety of clients that require precision plastic parts for such products as electric meter covers, dental appliance cases and spools. With 95 employees operating 23 molding machines in a 30,000 square foot plant, Itech wanted to reduce man hours and increase efficiency.
