Download PDF

Fastly > Case Studies > Autoscaling Production Application Security in Betterment’s CI/CD Pipeline

Autoscaling Production Application Security in Betterment’s CI/CD Pipeline

Technology Category

Application Infrastructure & Middleware - Event-Driven Application
Cybersecurity & Privacy - Application Security

Applicable Industries

National Security & Defense
Oil & Gas

Use Cases

Supply Chain Visibility
Tamper Detection

Services

System Integration

The Challenge

Betterment, an online financial advisor with over $14 billion in assets under management and a user base of over 380,000 customers, needed a solution to protect customer PII and financial assets. The company required a solution that could automatically scale and block attacks without impacting performance or requiring ongoing signature tuning. The company's Engineering and Security teams were particularly concerned about the signal-to-noise ratio based on their previous experience with legacy WAFs. It was crucial for them to find a WAF that could scale automatically and accurately block attacks without increasing support call volume or creating additional work for the Engineering or Security teams.

About The Customer

Betterment is an online financial advisor with more than $14 billion in assets under management. The company supports a user base of over 380,000 customers who access its online platform. To cater to this large user base, the company spins up numerous web servers daily through its continuous integration and deployment (CI/CD) pipeline. The company's Engineering and Security teams were previously concerned about the signal-to-noise ratio in their legacy WAFs and needed a solution that could scale automatically and accurately block attacks without increasing support call volume or creating additional work.

The Solution

Betterment adopted Signal Sciences to reduce the workload of its Security team by automating deployment and updates, and providing quick access to informed insights without compromising performance. To provision Signal Sciences, Betterment’s Operations team wrote a simple Ansible playbook. This ensured that any new application instance would automatically have Signal Sciences modules and agents installed as a part of its CI/CD pipeline. Signal Sciences provided robust security coverage that could block malicious requests without impacting the performance and availability of the application. The solution also offered easy-to-use dashboards that provided visibility, surfacing any detected vulnerabilities and reporting them to the respective team for timely remediation. Betterment also used Power Rules to prevent attacks against their unique application logic and keep financial data safe.

Operational Impact

The implementation of Signal Sciences has resulted in a significant reduction in the workload of Betterment's Security team. The automation of deployment and updates has streamlined processes, while the quick access to informed insights has improved decision-making without compromising performance. The robust security coverage provided by Signal Sciences has enhanced the company's ability to block malicious requests, thereby improving the security of customer data. The easy-to-use dashboards have improved visibility into vulnerabilities, enabling the respective teams to remediate them in a timely manner. The use of Power Rules has further enhanced security by preventing attacks against the company's unique application logic.

Quantitative Benefit

Reduced workload for the Security team by automating deployment and updates
Quick access to informed insights without compromising performance
Robust security coverage that can block malicious requests without impacting application performance and availability