Signal Sciences

Legacy WAFs provided high operational costs and response times, especially during critical traffic spikes.As the company continued to expand its offerings and provide great digital experiences for its customers, DeNA knew it needed to scale its web security posture to match. But their legacy hardware WAF was causing the team multiple issues and made it difficult to operate efficiently.It was impossible for the DeNA team to reroute customer page requests if their WAF was not performing correctly.The legacy WAF performance, combined with the high price of scaling hardware investments, made it clear to DeNA that they needed a new solution that can perform under pressure.

Vimeo, a leading professional video platform with over 150 million users globally, was facing a challenge in terms of visibility into production traffic and new merger and acquisition activity. The company's rapid scaling and recent acquisitions necessitated a robust application security program to prevent prevalent attacks like XSS, SQLi, API abuse, and account takeover. Additionally, Vimeo required a solution that would seamlessly integrate with their newly built AWS infrastructure without the need for extensive tooling and upkeep. The company also wanted all requirements to be consolidated under a single vendor for ease of use across multiple teams.

Eventbrite had lost confidence in their security vulnerability scanner’s ability to identify malicious code or backdoors attackers could leverage and needed a comprehensive solution to protect their global sites and M&A properties.Additionally, Eventbrite was building its security strategy for securing acquired properties. They needed a vendor that could install it easily, provide security coverage quickly, and provide effective web layer security for any future merger or acquisition activity with a single solution.Eventbrite had never utilized a web application firewall (WAF) as part of their security stack: the team was hesitant about the performance, tuning, and maintenance issues that are common with legacy WAFs. But they reached a breaking point with vulnerability scanners and needed a vendor that would restore confidence in their security posture.

Namely, a cloud-first, all-in-one HR platform, was experiencing rapid growth, which necessitated the prioritization of its web defense. As the customer base of Namely expanded, so did its responsibility of managing web defenses, including detection, prevention, and response. In a fast-paced agile development environment, security leader Daniel Leslie was tasked with building security and IT from scratch. He was seeking innovative ways to manage website defenses, having had experience with legacy Web Application Firewalls (WAFs). His core criteria for a solution included technical alignment, ease-of-use, best-in-class security functionality, and total cost of ownership (TCO). The challenge was to find a solution that could provide 'finished data' rather than raw log data, enabling faster, more accurate, and actionable insights.

Datadog is a monitoring and security platform service for cloud applications. Thousands of customers rely on Datadog to see metrics and events from software across their DevOps stack, such as cloud and security monitoring, alerts, logs, and more. Founded in 2010, the company rapidly scaled to serve its global customers by embracing the value of modern engineering and architecture practices.As the organization continued to grow, Datadog’s security team knew that their homegrown application security tools would not scale at the rate required to support a rapidly growing customer base. Adopting a WAF was the next move, but Datadog required one that provided flexibility in modern cloud architectures, supported a rapid CI/CD pipeline’s code changes and deployments without extensive tuning, and didn’t unnecessarily consume resources across security, SRE, and development teams.

DoorDash, a last-mile logistics platform that connects customers with their favorite local and national businesses across the United States and Canada, was experiencing rapid growth and high traffic volumes. To manage this, their security team initially used a homebrew combination of Splunk and AWS WAF to block attacks while allowing legitimate traffic through. However, as their customer traffic scaled, the team found that AWS WAF required significant rules maintenance. This was a challenge as it was time-consuming and could potentially lead to security vulnerabilities if not managed properly. The need for a more efficient and effective solution became apparent.

LeanTaaS, a company that serves leading hospitals and healthcare providers across the country, was in need of a security solution that could provide real-time visibility and defense for their cloud-based APIs. The company uses a lean approach and data analytics to create more efficient medical facilities, and develops software products that combine lean principles, predictive analytics, and machine learning to enhance hospital efficiency. Over 50 providers across the nation rely on their products to increase patient access, decrease wait times, reduce healthcare delivery costs, and improve revenues. However, securing their cloud-based web services and APIs while meeting HIPAA compliance requirements posed a significant challenge.

Cybrary, an online training and career development platform for IT and cybersecurity professionals, was facing a multitude of attacks across its APIs and web properties. Their legacy web application firewall (WAF) was proving inadequate in terms of usability and attack coverage. The two-person infrastructure team at Cybrary was grappling with issues that their legacy WAF could not address. The traditional model of blocking based on pattern matching, such as a specific SQL-injection string, was not effective for their needs. The legacy WAF was not only difficult to configure and debug but also provided incomplete attack coverage and blocked valid requests. It lacked real-time visibility, alerting, or a functional dashboard to monitor activity over time. As a security-focused organization, Cybrary needed to maintain their brand identity and ensure their security practice was cutting-edge.

Movember, a non-profit organization dedicated to impacting men’s health, transitioned to a cloud environment to better serve their donors and campaign participants, and streamline their processes. However, during this transition, they encountered a significant challenge. Their traditional Web Application Firewall (WAF) solutions were unable to scale during peak traffic periods without requiring constant tuning and intervention from their team. For six months, Movember struggled to integrate a legacy WAF solution into their modern application infrastructure. The solution was never fully implemented, causing frustration and resulting in a solution that had to be discarded and replaced. The organization needed a seamless and secure web application protection solution that could keep up with their rapidly scaling cloud infrastructure.

Snapdocs, a company offering a loan closing automation application for the mortgage industry, faced a significant challenge in enhancing their security posture. Their application, which provides a workflow for buyers, lenders, title and escrow representatives, and notaries, required real-time visibility to prevent account takeovers. The mortgage industry, with its numerous parties involved in a real estate transaction, presents multiple threat vectors. Notaries, for instance, often use weak passwords on their email accounts and sometimes share the same login credentials across websites. This makes the industry a prime target for wire transfer fraud, with attackers executing phishing campaigns to take over accounts and redirect funds to fraudulent third-party accounts. Snapdocs needed a solution that could identify malicious requests and other attack event patterns to prevent account takeovers. They also sought faster visibility into attackers’ web requests to trigger alerts and stop them.

Chick-fil-A, a major fast-food chain with over 2,400 restaurants in the United States and annual revenues exceeding $10 billion, was seeking a robust and flexible web application security solution. The company's digital transformation strategy heavily relied on consumer-facing mobile and web applications for food ordering, which were crucial for enhancing customer satisfaction and driving revenue growth. However, the existing legacy Web Application Firewall (WAF) that relied on pattern matching rulesets was inadequate in a development lifecycle characterized by distributed software design and deployments. The challenge was to find a future-ready WAF that could be easily installed across distributed architecture and effectively prevent account takeover (ATO) attempts and other attacks on public-facing apps in production.

Namely, a cloud-first, all-in-one HR platform, was experiencing rapid growth, which necessitated the prioritization of its web defense. As the customer base of Namely expanded, so did its responsibility of managing web defenses, including detection, prevention, and response. In a fast-paced agile development environment, security leader Daniel Leslie was tasked with building security and IT from scratch. He was seeking innovative ways to manage website defenses, having had experience with legacy Web Application Firewalls (WAFs). His core criteria for a solution included technical alignment, ease of use, best-in-class security functionality, and total cost of ownership.

Prezi, a cloud-based presentation platform with over 100 million users, was facing a significant challenge due to its rapid growth. The company was seeking to replace an existing, labor-intensive tool with a new web application firewall (WAF) to provide automated, accurate protection for their web applications. Prior to this, Prezi used an open source IDS/IPS solution. As a cloud-based platform, Prezi’s primary goal was to have a WAF with enterprise-grade detection and reaction capabilities. They needed a solution that could automatically and reliably detect attack patterns on web traffic without the noise (hundreds of notifications to matches on RegEX signatures) and provide integrations to gain advanced insights.

Sauce Labs, a leading provider of continuous testing cloud for web and mobile applications, was facing a significant challenge in protecting its web applications distributed across a hybrid cloud environment with different application stacks. The company, which has been named to the Deloitte Technology Fast 500 list for four consecutive years, helps businesses ensure their mobile applications and websites work flawlessly on every device, operating system, and browser. However, the company was grappling with potential attack vectors including click fraud and abuse of its free trial virtual machine offering. The Senior Director of Product Security, John Kennedy, was keen on finding a solution that would provide a robust defense against these threats.

Datadog, a monitoring and security platform service for cloud applications, faced a significant challenge as it continued to grow. The company's homegrown application security tools were not scalable enough to support its rapidly expanding customer base. The organization needed to adopt a Web Application Firewall (WAF), but it had specific requirements. The WAF needed to provide flexibility in modern cloud architectures, support rapid code changes and deployments in a CI/CD pipeline without extensive tuning, and not consume unnecessary resources across security, SRE, and development teams. The challenge was finding a solution that could meet these requirements while keeping up with the pace of Datadog's growth.

Glossier, a rapidly growing beauty ecommerce brand, was faced with the challenge of protecting their website and the increasing volume of user data from application attacks and account takeovers. As an ecommerce site, Glossier needed to have a clear understanding of site traffic patterns, including any attacks and anomalies that were occurring. However, without a dedicated security team, the company was struggling to provide the necessary tools to their team that would help them understand and respond to these security issues in real time.

Winning Group, a growing appliance retailer based in Australia, was facing a significant challenge in scaling their security and visibility to match the growth of their e-commerce sales. The company operates several web properties and was planning for future expansion and growth, including M&A activity. This prompted the need to strengthen their overall security posture at the application layer to protect customer-facing web applications, payment gateways, customer portals, and APIs. Prior to implementing Signal Sciences, Winning Group used various methods to secure their web applications, including maximizing best practices for their CDN, firewall, and coding methods. However, they faced issues with real-time visibility, increased man-hours due to lack of automation, and unsatisfactory customer experience and services from their CDN provider.

Betterment, an online financial advisor with over $14 billion in assets under management and a user base of over 380,000 customers, needed a solution to protect customer PII and financial assets. The company spins up numerous web servers daily through its continuous integration and deployment (CI/CD) pipeline, making it crucial to know if, when, and how their user accounts might be under attack. The biggest concern for Betterment’s Engineering and Security teams was the signal-to-noise ratio. They needed a Web Application Firewall (WAF) that could automatically scale and accurately block attacks without increasing support call volume or creating more work for the teams. The solution also needed to be able to block attacks without requiring ongoing signature tuning or impacting performance.

Duo, a leading authentication platform, was in search of a solution that could provide application security visibility for its platform and websites without introducing additional security or operational risks. The company's platform supports billions of authentication requests globally every week, and it was crucial for Duo's security team to monitor and secure this traffic without negatively impacting the user experience or introducing additional security risks. Their previous experiences with hardware and cloud Web Application Firewalls (WAFs) had resulted in single points of failure and difficulties in managing traffic, prompting the need for an alternative approach.

OFX, an international financial transfer platform based in Sydney, Australia, processes over $22 billion annually through its web application. Having recently migrated to the cloud, OFX sought to increase visibility and protection against Open Web Application Security Project (OWASP) attacks and authentication abuse in its cloud-first microservices infrastructure. Partners interact with the OFX platform via APIs that communicate with microservices within the OFX network. The Head of Digital Security, Richard Lane, was tasked with building the security program and team. He aimed to ensure that their microservices weren’t implicitly trusting others and sought a product that would provide visibility. He wanted a solution that would be easy to install, use, and effectively block malicious traffic automatically, including logins, without causing production incidents.

Shinola, a company dedicated to producing high-quality, American-built products, operates an e-commerce website with high-volume traffic periods during peak sales seasons. They wanted to increase security awareness of attacks and anomalies at the application layer. The company needed a web application security technology that would increase visibility without disrupting the rapid deployment models required to stay ahead in the fast-paced retail market. They required improvement in their security posture while democratizing the shared responsibility of security across the enterprise. Shinola’s DevOps team desired proactive distribution of security data to enhance their overall security operation. They needed a web application security technology that could cut down on inefficiencies while ensuring security across all of their applications.

BloomNation, an online retailer delivering fresh flowers from local florists across 5,000 cities and towns in the United States, was facing a significant challenge in late 2019. The company's national profile had been boosted after being listed on Built In LA’s 50 Best Small Places to Work list, which unfortunately attracted malicious actors to their website on a larger scale. BloomNation was experiencing a flood of abusive attack traffic, including DDOS, SQLi, XSS, and credential stuffing, from malicious actors attempting to scan their web applications. This situation had a significant impact on the organization, with engineers spending time away from building and deploying product features to manually research and block IP addresses to keep the website up. The influx of traffic also negatively impacted the customer experience, with page load times slowing and the site breaking as attack requests increasingly hit their server instances.

Vimeo, the world’s leading professional video platform, faced a significant challenge in maintaining the security of its rapidly expanding user base, which includes over 150 million users globally. The company's rapid growth and recent acquisitions necessitated a robust application security program to prevent prevalent attacks like XSS, SQLi, API abuse, and account takeover. Additionally, Vimeo needed a solution that would seamlessly integrate with their newly built AWS infrastructure without requiring extensive tooling and upkeep. The company also sought to consolidate all requirements under a single vendor for ease of use across multiple teams. A lack of visibility into production traffic and new merger and acquisition activity further highlighted the need for attack detection modernization.

Investing.com, a global financial portal and internet brand, was grappling with a significant challenge. The company, which provides news, analysis, streaming quotes, charts, technical data, and financial tools about the global financial markets, was facing a massive onslaught of data scraping bots. These malicious actors were deploying bots and scrapers to harvest the data that Investing.com pays financial exchanges to publish. The company was dealing with 30-40 million content scraper requests per week that they needed to stop. As an advertising-supported business, the theft of this data was not only a breach of security but also a significant financial drain.

Remitly, the largest independent digital remittance company in the United States, was faced with the challenge of protecting its proprietary global transfer network. The company needed a technology that could satisfy PCI requirements and protect customers’ sensitive transactions through its mobile application. Remitly deals with irregular traffic patterns, which posed a significant challenge. For instance, they once observed a spike in account transfers all happening from a small network segment on the Pacific coastline of South America. The company had to determine if this traffic indicated an attack or valid requests, and do so in real time. Allowing the traffic carried the risk that the transactions were malicious, requiring Remitly to reimburse the cost of the fraudulent transfers. A traditional web application firewall (WAF) would have no way of distinguishing this traffic, leaving customers frustrated if they chose to blacklist the IP.

Maritz, a holding company providing a range of services to Fortune 500 companies, faced a significant challenge in enhancing its security posture to support PCI DSS requirement 6.6. Several of its business units accept credit card information, necessitating annual reporting on PCI DSS compliance. The company decided to implement a web application firewall as an additional layer of security for its PCI environment. However, with numerous business units, applications, and diverse technology stacks, Maritz needed a single product that could be deployed across all current and future hosting environments, whether physical or virtual, on-premises or cloud. The company was also seeking a solution that was easy to use, with automated blocking and simple deployment, to replace their previous open-source solution that required extensive manual effort to operate.

Chef, a leading engineering group, was in need of a security solution that could keep pace with their rapidly evolving DevOps practices and business requirements. The company's engineering and operations teams were seeking a way to enhance visibility into the shifting vulnerabilities and attack vectors across their applications. The challenge was to find a security solution that would enable them to identify and address security issues in the same manner they were already handling operational issues, without causing any negative impact on performance.