Automated cybersecurity ecosystem
Learn how we developed an automated cybersecurity ecosystem to detect and eliminate software security vulnerabilities for a banking institution that later evolved into a universal cybersecurity solution.
6 IT experts
About the client
Our client is a traditional US-based bank that was expanding their online presence to attract more customers. They wanted to implement new functionality and expand the range of financial services available in their customer service software.
The company hired us to develop new web and mobile banking applications because the old versions were technically unstable. They couldn’t withstand high loads caused by the increasing number of consumer financial transactions.
We assessed the client’s existing applications and found that they were vulnerable to external attacks, putting customers’ personal and financial information at risk. After communicating the issue to the client, they asked us to ensure a secure software development process to:
- reduce the number of security vulnerabilities in the new software
- prevent data breaches and cyber attacks
- reduce post-release expenses on addressing security issues
We established a secure software development lifecycle (S-SDLC). Our security approach evolved into a cybersecurity ecosystem for automated detection and management of software vulnerabilities.
The ecosystem is integrated into the client’s CI/CD pipeline, allowing for automated security control checks. In the event that a vulnerability is identified, the system automatically creates a Jira ticket for further action.
Implementing security controls
Security controls integrated into our S-SDLC allowed us to detect vulnerabilities early and release secure software at the production stage.
Security testing included:
- Static application security testing (SAST)
- Dynamic application security testing (DAST)
- Infrastructure as code (IaC) security scanning
Vulnerability scanning included:
- Detecting unintentional commits of secrets (keys, passwords, tokens, SSNs)
- Dependency scanning
- Docker image scanning
Security audits included:
- Cloud security audits
- Kubernetes (K8s) security audits
Security ecosystem architecture
Our ecosystem architecture included five main elements:
1. Implementation of the CI/CD pipeline
Implementing CI/CD allows our client to optimize costs and upgrade their product’s security layer by incorporating security controls for code merging. This decreases the risk of deploying code with security vulnerabilities.
2. Vulnerability orchestration module on AWS Lambda
We built a security module and deployed it on AWS Lambda to automate the creation of Jira tickets with all necessary information about vulnerabilities, security vulnerabilities analysis and management, as well as notifications.
3. Storage and processing on AWS
After executing a specific job like SAST, the artifacts (output results) are saved in an AWS S3 bucket. This allows us to have a history of files, upload as many files as we need, and separate projects by folders. The results of such scanning are processed by AWS Lambda, which is triggered by the creation event.
4. Jira tickets creation
The created ecosystem supports functionality for creating and managing tickets with a description and location of each vulnerability, its threat level, and tags with a project name and scanner tool.
5. Notifications via Slack
Users get Slack notifications about newly created vulnerabilities and their severity.
Together with our client, we achieved the following results:
Customization. Our solution is easily customizable for any project and industry and can be integrated into diverse business procedures.
Cost-efficiency. Similar out-of-the-box solutions may cost around $100 per developer per month, while our solution doesn’t require any monthly or annual fees. Additionally, it features automated vulnerability detection, an optimized S-SDLC, and expert input for implementing the proper system protection. If a client decides to opt for ready-made software, they would have to pay extra for these services.
Scalability. We chose industry-proven technologies and tools that helped us develop a flexible security ecosystem that can scale in the future and won’t require much additional reconfiguration.
ELIMINATE SECURITY VULNERABILITIES IN YOUR PRODUCT
Our experts will roadmap and implement best practices and advanced technologies for top-grade software security
Implementing KYC/KYB for user and business verification and fraud prevention
Business intelligence for banking
Business intelligence for improved operational efficiency and cost optimization
Digital banking application optimization
Increasing user engagement by improving the app’s UI/UX and implementing business intelligence