Veracode Helps SOC Prime Integrate Security Into Its SDLC and Improve Time to Market

The Challenge

Prior to selecting Veracode, SOC Prime was using open source tools and other web application scanners. Due to a lack of tools for testing the source code, the company carried out manual testing right before production. This resulted in substantial rework for the development team and increased the company’s expenses. SOC Prime realized that to keep up with its competitors and bring new, innovative products to the market, the company needed a third-party vendor offering security solutions that would be in sync with its development tools, enable source code testing, and aid it in the transition to DevSecOps.

Being a SaaS-based vendor, the key concern for SOC Prime was finding an AppSec provider delivering cloud-based solutions. As Vlad Garaschenko, Chief Information Security Officer (CISO) at SOC Prime stated, “We sell our product as a SaaS platform, so we are really close to this philosophy of SaaS products. It’s understandable for us, and it’s clear to us how to deal with this process. It’s the approach we use with our Threat Detection Marketplace.”

Another challenge for SOC Prime was finding an AppSec vendor that could help the company meet industry regulations. “Compliance is very important to us,” stated Vlad Garaschenko. Still, SOC Prime has been long striving to compile all the necessary documentation to claim its security-conscious business strategy and successful SOC 2® compliance certification.

The Solution

After evaluating several AppSec vendors and soliciting feedback from the company’s customers, SOC Prime selected Veracode. As Oleg Pasichnyk, Chief Financial Officer (CFO) at SOC Prime, explained:

“I knew that we needed better security for our applications because we’ve been doing manual testing on our own for quite some time ... It’s much better to spend our time working on our products.”

Veracode is not only a cloud-based AppSec solution, it also offers source code testing methods and – vital for security-minded SaaS vendors like SOC Prime – the company is able to help customers achieve compliance. SOC Prime is currently using Veracode’s Static Analysis solution, including the IDE Scan, Pipeline Scan, and Policy Scan. The IDE Scan helps SOC Prime identify flaws and vulnerabilities in its source code while the developer codes. The Pipeline Scan helps SOC Prime identify flaws in its code during the build phase, giving SOC Prime the option to break the build if vulnerabilities are present. And, lastly, the Policy Scan helps SOC Prime ensure that its applications comply with the policy and industry standards creating visibility for cross-functional remediation.

The Results

SOC 2® compliance is considered of paramount value for companies that are looking for reliable SaaS product vendors, therefore SOC Prime’s aspiration to accomplish this certification has been among one of the key company goals from a compliance perspective.

SOC Prime has recently completed the SOC 2 Type I auditing procedure, which has proven that SOC Prime’s information security practices, policies, operations, and procedures meet the relevant standards for secure data management. During the tough and lengthy SOC 2 Type I certification process, SOC Prime has leveraged Veracode’s Policy Scan, which enabled the company to easily achieve compliance with industry standards and work toward new compliance achievements. Aleks Bredikhin, CTO at SOC Prime stated, “Our next action is to collect evidence for compliance, because we are currently in the process of attaining our SOC 2 Type II certification. Veracode is really helpful with compiling evidence, so it saves us from this process.”

Since implementing Veracode AppSec solutions, SOC Prime has noticed several business benefits. By shifting security left with the Veracode Static Analysis tool, SOC Prime’s developers have managed to assess the code security in the development phase, which has lowered the cost of rework and improved time to market for SOC Prime’s software solutions. Moreover, since Veracode is a cloud-based AppSec provider, SOC Prime has also saved money on operational costs and maintenance associated with servers. “We’ve looked at the results and we’ve definitely noticed the savings,” stated Oleg Pasichnyk, CFO at SOC Prime. Finally, by implementing Veracode, SOC Prime has been able to increase customer trust by proving that its products are secure.

“When we are positioning our products to enterprise customers from different parts of the world or different verticals, including government and security providers, they often ask, ‘How are you checking your software? Do you run pen tests? Do you analyze source code? Do you have any certifications?’ And we can now respond, ‘Yes, we can send you a report from Veracode’ ... So that instantly increases trust and confidence on both sides,” stated Andrii Bezverkhyi, CEO of SOC Prime.