Continuous runtime application security helps leading fintech company to reduce time spent detecting and remediating critical software vulnerabilities from days to minutes
Software Intelligence company Dynatrace announced that leading fintech company, Soldo, is using Dynatrace® Application Security to help ensure its development and production environments are secure. Soldo offers organizations a simple, automated way to delegate, control, and track expenses for employees and departments and helps finance teams manage budgets with real-time visibility over company-wide spending. Its platform is built on a complex cloud-native technology stack, running in AWS and leveraging a Kubernetes-based architecture. Soldo also uses open-source code and adheres to agile and secure delivery practices to drive continuous innovation and align with strict financial services industry regulations.
“Soldo exists to help business owners focus on growing their organization without wasting time managing expenses and corporate spending”
Given the speed at which its dynamic cloud environment changes, and the prevalence of open-source code in its applications, Soldo needed to reduce the risk of vulnerabilities in its production environment. Achieving this was previously a challenge, as the company’s software testing practices and tools were mainly focused on pre-production. Each time its development and security teams discovered new zero-day vulnerabilities, such as Log4Shell, in production, they had to search for them manually. With the Dynatrace® platform’s automatic runtime vulnerability analysis and protection, the teams can continuously and automatically identify and prioritize vulnerabilities across the entire software delivery lifecycle, including at runtime, to deliver more secure digital interactions.
“Soldo exists to help business owners focus on growing their organization without wasting time managing expenses and corporate spending,” said Luca Domenella, Head of Cloud Operations and DevOps at Soldo. “This requires us to earn our customers’ trust that we can offer the highest level of protection for the troves of sensitive data they entrust with us. Dynatrace gives us an uncompromising level of control over the security of our software by continuously monitoring for vulnerabilities in our production environments. That means we instantly know how a new vulnerability affects our digital services, so we can respond quickly to keep our customers’ data safe.”
Soldo was already using the Dynatrace® platform to optimize the performance of its digital services and deliver seamless user experiences. After evaluating multiple runtime security solutions, it identified that extending its use of Dynatrace by activating its Application Security Module provided the best fit for its requirements due to the efficiency of its unified platform approach. Dynatrace now provides Soldo with a real-time, automatically prioritized view of all potentially impacted applications and data in its cloud ecosystem. This enables its teams to easily see where vulnerabilities exist and tier their remediation efforts accordingly. Davis®, the AI engine at the core of the Dynatrace platform, initiates remediation workflows automatically, enabling Soldo’s teams to reduce the time it takes to identify new zero-day vulnerabilities from days to minutes, leaving more time for innovation.
“The precise answers we get from Dynatrace are invaluable and save our teams from wasting countless hours trawling through security alerts to understand our risk,” continued Domenella. “For example, when Log4Shell emerged last year, Dynatrace instantly showed us exactly where and how the vulnerability affected our platform. Those insights enabled our teams to remediate the vulnerability in just a few minutes rather than the days or weeks it would otherwise have taken. Ultimately, Dynatrace helps ensure nothing escapes our DevSecOps lifecycle, so we can focus on strategic work rather than finding, triaging, and remediating vulnerabilities.”