Case Study

3 Steps for Timely Cyber Intrusion Detection

August 19, 2020

The challenge: Putting code security at the center of development

Altice Europe, a leading player in the convergence between telecom and media in France, services 23 million customers through its SFR division—Société française du radiotelephone—providing voice, video, data, internet telecommunications and professional services to consumers and businesses. The business-to-consumer (B2C) IT division of SFR deploys dozens of major projects each year, including web, front-end, and office applications. The B2C IT Division wanted to increase its cybersecurity strategy and to complete its tools with a dynamic scanner capable of dealing with security in a dynamic mode, meaning within the framework of code execution and dialogue between several applications or between a front- or back-end, in order to ensure code security at the early stage of development.

Specifically, SFR wanted a solution that would:

Enable developers to get involved and updated on cybersecurity issues.
Reduce the volume of vulnerabilities during the production stage of projects.
Reduce potential impacts on customers as well as risks of financial penalties from legal authorities.
Enable developers/testers to fix bugs early in the SDLC.
Enable automated security testing and instant vulnerability detection as part of the CI/CD workflow.
Get contextual information to easily reproduce and fix vulnerabilities in real time.
Obtain instant results for quick remediation.
Improve accuracy of findings compared to SAST scanners.
Improve cross-functional collaboration.

The solution: Enterprise-scale IAST to identify vulnerabilities early in the SDLC

Synopsys’ Seeker IAST solution is designed to help find high-risk security weaknesses while fostering collaboration between development and security teams. Seeker detects web application vulnerabilities and ties them directly to business impact, providing a clear explanation of risks. Seeker’s seamless integration into CI/CD workflows enables automated application security testing without slowing down the release cycle.

Seeker saves valuable time, resources and costs by enabling developers to fix critical security flaws early in the SDLC. Seeker reduces risk by securing apps before they go to production. By automatically verifying findings in real time, Seeker helps reduce false positives that are common in other application security testing tools, making it easy to triage and prioritize on critical vulnerabilities that matter most. Seeker also provides developers with the exact location of vulnerabilities in the code, remediation suggestions, and code execution flow to help them quickly remediate vulnerabilities.

"SFR chose Seeker to help prevent code vulnerabilities of web applications and obtain real-time results for quick remediation," says Robert Cohen, Validation & Security Director at SFR.

The results: Putting developers at the heart of security testing

SFR is at the implementation stage with Seeker, but eventually the IAST solution will be used daily for every code review. The B2C IT Division is currently testing approximately a dozen of on-premises applications daily, and eventually will increase that number to several dozen applications. Less false-positive results and a substantial increase in productivity is expected when the solution is fully deployed.

Even at this early stage, SFR has already seen benefits from Seeker, including:

Improvement of detection compared to other software like classic SAST.
The ability to put back developers at the heart of security challenges and empower them on security norms conformity while they work on deliverables.

Seeker’s ability to identify vulnerabilities during code execution; its informative reports; its ability to identify code lines to ease the correction process for the development teams; and its remedial suggestions are cited by Zine-Eddine Yahoui, Senior Manager of Cyber Security for the business-to-consumer (B2C) IT division of SFR, as three of the solution’s features they like the most.

You must login or register in order to post a comment.

ON DEMAND: DevSecOps creates an environment of shared responsibility for security, where AppSec and development teams become more collaborative. With the right training and tools, developers can become more hands-on with security and, with that upskilling, stand out among their peers... however, they need the security specialists on-side, factoring them into securing code from the start and championing this mindset across the company.

ON DEMAND: The insider threat—consisting of scores of different types of crimes and incidents—is a scourge even during the best of times. But the chaos, instability and desperation that characterize crises also catalyze both intentional and unwitting insider attacks. Learn how your workers, contractors, volunteers and partners are exploiting the dislocation caused by today's climate of Coronavirus, unemployment, disinformation and social unrest.

Security Magazine

2020 November

This month, Security magazine brings you the Security 500 Report, Rankings and Thought Leader Profiles. How does your enterprise compare to others? Which security programs are leading the way? Also this month, we highlight how to plan, prepare for and build resilience to protests and other unplanned events, video surveillance tools for SMBs and more.

View More Create Account

Eliminating vulnerabilities early in the SDLC for Société Française du Radiotelephone

Case Study

The challenge: Putting code security at the center of development

The solution: Enterprise-scale IAST to identify vulnerabilities early in the SDLC

The results: Putting developers at the heart of security testing

Related Articles

Report Abusive Comment