Andsafe Turns to Datadog to Identify Key Areas of Security Risk | Datadog
Case study

andsafe turns to Datadog to identify key areas of security risk

Insurance

70 Employees

Germany

About andsafe

andsafe offers a comprehensive range of digital insurance products and services. The company’s goal is to provide businesses, private customers, and agents with easy-to-understand products and a good price-performance ratio.

“The visibility into production has been a game changer.”

case-studies/marcel-drechsler
Marcel Drechsler
Product Owner Developer Platform
andsafe
case-studies/marcel-drechsler

“The visibility into production has been a game changer.”

Marcel Drechsler
Product Owner Developer Platform
andsafe
Why Datadog?
  • Continuously monitors for vulnerable open source libraries in production
  • Enables teams to easily identify and prioritize remediation of the highest-impact vulnerabilities and apply recommended fixes to resolve issues quickly
  • Fast pace of innovation and feature launches
Challenge

As the complexity of its distributed system increased and its offerings expanded, it became difficult for andsafe to identify and prioritize vulnerabilities.

Use Case

Application Performance Monitoring

Software Composition Analysis

Key Results
Improved ability to identify key areas of security risk

Prioritizes application vulnerabilities

Seeking end-to-end insight as complexity grows

andsafe’s goal is to improve the customer experience for insurance by using technology to reduce administration, enable lean processes, and boost performance. The startup has experienced dramatic growth since its founding in 2019, adding approximately 10,000 new customers per month. That growth meant the company needed to scale quickly. It also needed to release new products rapidly. To do so confidently, andsafe needed a security solution that could complement its investments in observability. The products they tried initially gave them an incomplete view of metrics, traces, logs, and vulnerabilities across their environment. “We had some blind spots because we didn't know how our services were communicating with each other,” says Marcel Drechsler, Product Owner Developer Platform at andsafe. “It was hard to find the root cause of issues.

andsafe-img-1.png

Remediating high-impact vulnerabilities

The andsafe team initially used OWASP’s Java dependency check plugin for application security, but this only listed relevant CVEs in text form within the output of their CI pipelines. Developers had to manually research remediation steps, which consumed a lot of time.

andsafe already used Datadog for observability. Initially, it evaluated a Datadog competitor for security, but ultimately chose Datadog Software Composition Analysis (SCA) because of its friendly interface, good documentation, and usability. “I also like the pace of Datadog’s innovation and feature launches,” says Drechsler.

By using Datadog SCA, andsafe can now continuously monitor for vulnerable open source libraries in production. Teams can easily identify and prioritize the remediation of the highest-impact vulnerabilities and apply recommended fixes to resolve issues quickly. andsafe is also utilizing SCA to analyze vulnerabilities in third-party solutions. In one case, andsafe was able to identify high-risk vulnerabilities in a third-party solution when the vendor accidentally disabled transitive dependency checks. Since SCA scans for these dependencies out-of-the-box, andsafe remediated the issue and helped the vendor make its product more secure.

“Having a centralized observability and security platform will definitely help us increase productivity in the future.”

SCA becomes a foundational block for a long-term security program

Today, Drechsler and his team can easily prioritize application vulnerabilities so they can identify key areas of security risk. They have also been able to increase engineering resource efficiency and reduce MTTD/MTTR in their complex insurance platform from cradle to production because of Datadog’s intuitive approach to monitoring.

Ultimately, andsafe has improved visibility into its production environment, giving it more confidence to deploy updates and new features. “The visibility into production has been a game changer,” says Drechsler.

Going forward, andsafe expects to continue to grow rapidly. As it does, Datadog will help keep it moving fast in an industry often known for lack of speed and agility. “Having a centralized observability and security platform will definitely help us increase productivity in the future,” adds Drechsler.

Resources

gated-asset/appsec_form_header

guide

Application Security Management Product Brief
/blog/datadog-software-composition-analysis/datadog-software-composition-analysis-hero

BLOG

Mitigate vulnerabilities from third-party libraries with Datadog Software Composition Analysis
blog/state-of-application-security/state-of-application-security-2023/2023-app-security-report-hero-no-text-v2

BLOG

State of Application Security