下载PDF
Fastly + Betterment: Autoscaling Production Application Security in Betterment’s CI/CD Pipeline
技术
- 应用基础设施与中间件 - 事件驱动型应用
- 网络安全和隐私 - 应用安全
适用行业
- 电网
- 国家安全与国防
用例
- 供应链可见性(SCV)
- 篡改检测
服务
- 系统集成
挑战
Betterment 是一家在线财务顾问,管理着超过 140 亿美元的资产,拥有超过 380,000 名客户的用户群,需要一种解决方案来保护客户 PII 和金融资产。该公司每天通过其持续集成和部署 (CI/CD) 管道启动大量 Web 服务器,因此了解其用户帐户是否、何时以及如何受到攻击至关重要。 Betterment 的工程和安全团队最关心的是信噪比。他们需要一个 Web 应用程序防火墙 (WAF),能够自动扩展并准确阻止攻击,而无需增加支持呼叫量或为团队增加更多工作。该解决方案还需要能够阻止攻击,而不需要持续的签名调整或影响性能。
关于客户
Betterment 是一家在线财务顾问,管理着超过 140 亿美元的资产。该公司为访问其在线平台的超过 380,000 名客户提供支持。为了满足这一庞大的用户群的需求,该公司每天通过其持续集成和部署 (CI/CD) 管道启动大量 Web 服务器。该公司的工程和安全团队担心信噪比,需要一种能够自动扩展并准确阻止攻击的解决方案,而无需增加支持呼叫量或为团队增加更多工作。
解决方案
Betterment 采用 Signal Sciences,通过自动化部署和更新来减少安全团队的工作量,并在不影响性能的情况下快速获取明智的见解。为了配置信号科学,Betterment 的运营团队编写了一个简单的 Ansible 剧本。这确保了任何新的应用程序实例都会自动安装 Signal Sciences 模块和代理作为其 CI/CD 管道的一部分。 Signal Sciences 提供了强大的开箱即用的安全覆盖,可以阻止恶意请求,而不会影响应用程序的性能和可用性或增加 Betterment 的攻击面。该解决方案还提供易于使用的仪表板,以实现可见性、显示并向相应团队报告任何检测到的漏洞,以便及时修复。此外,Betterment 使用 Power Rules 来防止针对其独特应用程序逻辑的攻击并确保财务数据的安全。
运营影响
相关案例.
Case Study
Hydro One Leads the Way In Smart Meter Development
In 2010, Ontario’s energy board mandated that time-of-use (TOU) pricing for consumers be available for all consumers on a regulated price plan. To meet this requirement, Hydro One needed to quickly deploy a smart meter and intelligent communications network solution to meet the provincial government’s requirement at a low cost. The network needed to cover Hydro One’s expansive service territory, which has a land mass twice the size of Texas, and its customers live in a mix of urban, rural, and remote areas, some places only accessible by air, rail, boat or snowmobile. Most importantly, the network needed to enable future enterprise-wide business efficiencies, modernization of distribution infrastructure and enhanced customer service. To meet these needs, Hydro One conceptualized an end-to-end solution leveraging open standards and Internet Protocols (IP) at all communication levels. The utility drew upon industry leaders like Trilliant to realize this vision.
Case Study
Selling more with Whirlpool
Whirlpool wanted to add connectivity to appliances and transform the company's relationship with customers. Traditionally, Whirlpool interaction with customers was limited to purchases made once every ten years. Connected washer and dryers provide exciting new features like remote management of start times and inter-machine communication.
Case Study
SAS® Analytics for IoT: Smart Grid
Companies face falling revenues, rising infrastructure costs, and increasing risk of outages caused by inconsistent energy production from renewable sources. Less money is coming in as more people and organizations take steps to curb their energy use. Utilities are paying more to maintain and build infrastructure due to increasing complexity, resulting from the rising number of intermittent and variable renewable energy sources connected in the distribution grid.
Case Study
Enel Secures Italian Power Generation Network
Electric energy operators around the world are working to increase the reliability and cyber resiliency of their systems. This includes Enel, a global power company that manages and monitors the Italian power grid. This grid:• Serves 31 million customers• Has a net installed energy capacity exceeding 31 gigawatts• Includes more than 500 power generation plants,including hydroelectric, thermoelectric, and wind• Is managed and monitored by Enel 24/7/365• Is operated by Terna, the Italian Transmission System Operator (TSO)Enel is responsible for the availability of the grid’s underlying ICS and industrial network. It also manages Regional Control Centers and Interconnection Centers which connect with the TSO. The TSO manages the flow of energy to the grid plus controls and remotely regulates the power generation of power plants, increasing and decreasing power production as required. The complex system of interaction and cooperation between Enel and the TSO has strong security implications as well as operational and business challenges.
Case Study
IoT based Energy Quality Availability Monitoring Solution
There were several challenges faced:Since this data would be in the public domain, accuracy and authenticity of this data were of paramount importance. It should be able to withstand scrutiny.It is challenging to build an appliance that can withstand a wide range of voltage fluctuations from as low at 90v to as high as 320v. Since the device would be installed in remote locations, its resilience was of paramount importance.The device would have to deal with poor network coverage and have the ability to store and re-transmit data if networks were not available, which is often the case in rural India. The device could store up to 30 days of data.The platform that deals with the data should be readily available and highly reliable and never lose a packet of data.
Case Study
Data Capture for Afghanistan Forces
Electronic equipments on the field of Afghanistan provided information on the status of the vehicle and to identify potential threats surrounding it to the British Force. The monitoring and interpretation of this data requires robust and sophisticated digitization for data capture and communication.