Proactive Software Testing Meets Proactive Security Monitoring at Applause

Software bugs, like security vulnerabilities, can crop up in unexpected places, and the only way you can really be prepared for them is by testing and monitoring in real-world scenarios. Lab testing can only go so far when it comes to software performance (and security vulnerabilities, for that matter), and that’s exactly how Applause came about. We realized there was a big opportunity to create a new way to test software, websites, mobile apps and other digital properties using a global community of professional testers that could actually test on real devices in real locations under real-world conditions.

With security audits and white hat penetration testing as one of our testing services, it’s important to us that we practice what we preach on our own platform. To do this, we use Threat Stack to achieve a proactive and comprehensive security posture. Here are a couple of insights into the ways we leverage Threat Stack’s capabilities.

Big Customers = High Security Stakes

At Applause, we’re proud of our roster of customers: HBO, Google, Coca Cola, Audi, Michael Kors… you get the picture. Applause plays a critical role in helping them deliver great digital experiences via functional testing, usability studies, research and payment validation for their websites, mobile apps and IoT products, which is why it’s a no-brainer that our platform needs to be fully secure and protected. With such high-caliber customers, compliance is also a big factor in doing business, so we love Threat Stack’s compliance reporting feature, which helps us document and validate compliance controls and processes — many of which we also meet using Threat Stack.

The Applause infrastructure is powered by several cloud service providers, with our largest footprint in AWS. With more than 1,500 instances on AWS alone, we need complete visibility across our environment so we can proactively address issues and take action fast if something happens. This way, we can ensure that most of our time is focused on delivering a pristine experience for our customers, not on configuring and managing security tools and alerts. This is exactly where Threat Stack comes in.

At Applause, we never want to spend our time cleaning up a security issue we didn’t see coming. With Threat Stack automatically and continuously monitoring our critical infrastructure for new and unknown threats, we can be sure we’re at the forefront of security, able to identify risks before they ever impact a customer. For our customers, that means they don’t have to worry about data loss or data integrity issues; and can spend their time making the experience of their apps even better for their users. It’s a good thing for everyone involved.

Threat Stack Solves Tomorrow’s Security Problems For Us

I’m a big believer in using fewer and better tools to get the job done. Managing an already-busy team, there is no time to mess with dozens of security tools, especially ones that are stuck solving yesterday’s problems. Threat Stack is really the best of both worlds for us. The Threat Stack Cloud Security Platform™ tightly integrates many key features we need in one central dashboard:

  • Vulnerability management
  • Incident response
  • Threat intelligence
  • Compliance reporting

With these features all in one place, we’re able to implement security best practices in one fell swoop. And getting this functionality out the door and in the wild was a cinch (pretty much our motto at Applause) — we simply deployed the Threat Stack agent to our infrastructure, and we had instant visibility across our main line production systems on AWS. That’s a great thing for a team that is very agile and fast-moving. Knowing that Threat Stack’s vulnerability management capabilities can catch issues before they’re released into production is a huge win for us, and it’s why Threat Stack is key to our security posture.

Built-In Visibility Does the Job Faster

Having deep visibility into our AWS infrastructure allows us to proactively catch and respond to issues the moment they arise. With Threat Stack, we know exactly when anomalies occur, and have the details we need to respond accurately and quickly. Previously, this was a very tedious and time-intensive process, especially when it came to gathering threat intelligence. While we had tools in place that monitored for vulnerabilities, they only gave us vague alerts and details, leaving the heavy investigative work up to our already-busy team, whose talent, quite honestly, is better applied to more strategic security work.

Now, every time we deploy changes, we know Threat Stack is right there with us, ensuring nothing goes out the door that shouldn’t. And not only does Threat Stack automate security monitoring to catch issues faster, the system also learns what’s normal and not normal in our environment so we only get alerts that really indicate an issue. That in itself is a huge time saver.

It’s Not Just What, But How

Being responsible for not just what we deliver to customers but how we deliver it, I’ve seen first hand the value of tools that integrate several important functions in one shared interface. Not only does it make my team happier and my job much easier, but it also increases the accuracy of our work. If your current security solutions are only checking the boxes and not really preparing your team for the new and unknown, I recommend giving Threat Stack a try.