Trov develops world-leading digital insurance solutions for its global customers in finance, insurance, mobility, and retail. The San Francisco-headquartered firm counts some of the world’s oldest and largest financial institutions among its client base, so security is paramount to preserve its reputation (as well as its customers’) and bottom line. Trov’s IT infrastructure is fully Amazon Web Services (AWS) based and compliance is a major consideration, given the highly regulated industries many clients operate in.
Financial services is one of the world’s most widely targeted industries. One report claims that it accounted for 62% of exposed data in 2019, even though it was linked to just 6.5% of data breaches. Hacking and malware was listed as the number one cause (75%) of such breaches. Vishnu Varma, Security Architect at Trov, is responsible for deploying, maintaining, and testing with Rapid7 technology in his environment to combat these threats.
As industries like banking and insurance go digital to enhance the user experience and streamline inefficient business processes, it is increasingly their apps, rather than brick and mortar locations, that are the first point of contact for customers. This also makes them a major target for attackers looking for sensitive customer information. That puts the pressure on for companies like Trov.
“Our partners put their logo on our products and market them to their end customers. But we’re the people building the products from scratch, and we are responsible for securing them,” explains Varma. “We have to make sure that we secure each phase of our software development lifecycle (SDLC), from static code analysis up to monitoring production applications.”
The first challenge for Trov, before Varma joined the firm, was to find a new vulnerability management provider. Its existing Qualys solution was generating too many false positives on production machines, and the firm therefore needed more clarity into this crucial area of the IT environment to better manage vulnerability risk.
Trov chose Rapid7 InsightVM to do exactly this. InsightVM is Rapid7’s leading vulnerability management solution designed to deliver real-time visibility with fewer false positives. The Insight Agent included in InsightVM also offers information on how bugs can impact business risk, allowing customers to prioritize remediation efforts effectively.
Trov migrated seamlessly: Deployment of agents went without a hitch, and Varma now uses the tool to assess continuously for new vulnerabilities.
Trov also leverages tCell by Rapid7, a next-gen cloud WAF and RASP tool designed to provide enhanced visibility, automated monitoring and protection for customers’ application ecosystems. It offers application firewall and browser security capabilities, zero-day, API, and account takeover protection, injection prevention, and protection against all OWASP Top Ten threats.
Varma says he logs in every day to view any flags and suspicious IPs, and also receives alerts about serious application risks. tCell is primarily being used at present as an application monitoring tool to look for any suspicious activity, notify the Trov team, as well as recognize any deviations in Trov’s content security policies (CSPs).
Both Rapid7 products have brought major security enhancements to Trov. InsightVM helps Varma to review which production machines have the most vulnerabilities, including those most in need of attention, so that regular reports can be compiled and sent to DevOps to update and fix. The depth and breadth of visibility it offers has also been important, providing the security team with more insight into risk at the container layer.
Supporting Trov’s compliance efforts has been another big win for InsightVM, especially against annual ISO 27001 and PCI DSS audits.
“Each business partner we have conducts an annual security assessment. They send us a questionnaire asking for our latest vulnerability reports and that kind of thing,” explains Varma. “So all we need to do is generate and download a report in InsightVM every other month, which we just attach as evidence.”
As for tCell, it has enhanced security and saved internal stakeholders time and effort, both by generating far fewer false positives than traditional WAF offerings, and by improving transparency and control.
“Developers hate when a security team blocks or delays the deployment due to a package vulnerability. So what they have done is, they removed the competent analysis part in the pipeline and I'm just looking at the tCell stuff. And if I have anything flagged, I create a ticket,” explains Varma.
“tCell's given us a single centralized platform where multiple stakeholders can log in to view any suspicious activity, as well as make any policy updates to CSP, or look at any dependencies related to third-party packages and vulnerabilities. It’s been really transparent for us because previously when we had a WAF, nobody had control over who could change the rules and those kinds of things.”
The tCell dashboard has also helped save the security team time on investigations, versus the old way of doing things with AWS WAF logs pulled through Sumo Logic, he says.
“It's more interactive, I can add filters, detection points, a lot of different features which are helpful for us in understanding and display it in a prettier way versus the raw event. And if we want to see the raw event as well, it can display this in the bottom section,” adds Varma.
Trov continues to evolve its use of Rapid7 tools, with plans to switch on the blocking capabilities of tCell and to push alerts through Slack and its SIEM for a more streamlined process. Whatever they try next, Varma knows the Rapid7 is here to help.
“My experience with Rapid7 has always been great. Each time we try to evaluate new products or have some new use cases, they’re really interactive and really helpful,” he says. “And any support request gets answered within the same day. It’s exactly what we need.”