X

Duo Security, a part of Cisco, is a leading provider of unified access security and multi-factor authentication delivered through the cloud. Despite being a successful security company, Duo was interested in innovative security solutions that could provide an additional layer of protection to their code. They were particularly intrigued by a technology that could automatically double-check their code and common code libraries quickly and seamlessly. While they had never had a major problem, this “sanity check” sounded like a great idea. However, they insisted on a solution that was well-designed, technically advanced, lightweight, efficient, and did not consume a lot of resources or slow them down. Before Data Theorem, Duo used key materials, checked how things were communicating over the network, and ensured users followed best security practices. They confirmed their code through automated tests, manual checks, etc. but were intrigued by the idea of a third-party 'sanity check', providing an extra layer of protection to ensure nothing is ever missed.

Eko Health, a developer of FDA-approved, AI-powered heart sound and EKG sensors for heart disease monitoring, was in need of a robust, 'always-on' solution to prevent application security data breaches. The company was seeking a vendor to work with on mobile security, as they recognized that current mobile defenses were not keeping pace with new threats. Eko Health was not only looking to get ahead of threats, but also find a solution that is easy to integrate, provides quick results, and is constantly innovating. The team had spent time building their own solutions and exploring open source options, but these efforts were not yielding the desired results. The slow results, cumbersome tasks, and loss of productivity led them to seek a more efficient discovery and autoremediation solution. In 2020, the challenge and demands of managing moving targets in healthcare, as well as reducing re-work for developers led them to Data Theorem.

Cvent, a leading meetings, events, and hospitality management technology provider, was facing challenges with the security of their applications. The applications were created using open-source tools, and the security process was largely manual. This made it difficult for the development team to accelerate their code development and release cycles while ensuring the security of each release in pre-production. Additionally, Cvent was struggling with conducting third-party checks on partners. While compliance checklists and audits were in place, they only captured a snapshot of a partner's commitment to security at a given time. This left Cvent and their partners vulnerable to security incidents from connected devices or phishing emails. Prior to Data Theorem, Cvent relied on penetration testing audits to expose vulnerabilities. However, the high costs and limited coverage of this methodology made it an inadequate solution. Cvent wanted application security to be a critical part of their daily development process.

Thrive TRM, a leading provider of modern recruiting software for executive search firms, faced a significant challenge in securing their application’s full stack. The security team at Thrive TRM was constantly discovering new attack surfaces within both client and cloud endpoints. They needed a solution that could not only secure these surfaces but also track and discover any new APIs. The team was also in search of a Security Orchestration Automation and Response (SOAR) platform that could meet these needs. During application penetration testing, Thrive realized the importance of assessing the risk associated with their application’s attack surface. They found that while some tools could identify application attack surfaces, they often failed to identify data that circumvented network firewalls and WAFs, and daily changes that kept up with the CI/CD lifecycle. This left their application vulnerable to attackers.

Provident Credit Union, a financial institution serving over 125,000 members in the San Francisco Bay Area, was facing a significant challenge in managing the security of their mobile and web banking applications. These applications were managed by third-party vendors, and while these vendors provided annual audit material and were available for internal and external audits, Provident felt the need to enhance the security measures. Being located in Silicon Valley, Provident's user base comprised some of the most technically-advanced consumers who demanded top-notch security. Provident needed a method to validate the security of their third-party vendor applications and add an additional layer of security with continuous scanning of their mobile and web banking applications. They also wanted to integrate security reviews as part of their application deployment process. Prior to implementing Data Theorem’s solution, Provident relied on the same third-party vendor for security application, maintenance, and ongoing improvement to protect their members' data and personal financial information.

Bluescape, a global leader in Virtual Work Platforms, faced a significant challenge in maintaining the security of their frequently updated mobile applications. The company needed an application security solution that could keep pace with each release. The ideal solution would not only identify traditional security defects but also mobile-specific security issues that developers may not be aware of. The need for a modern application security platform that could keep up with Bluescape’s product breadth, AWS-backend scalability, and overall speed was a significant challenge. Prior to engaging with Data Theorem, Bluescape relied on their internal security team for mobile application security testing. However, this approach was not sustainable or efficient given the pace of development and the specific security needs of their mobile applications.