Boosting security across a federated organization

Arc XP's digital experience platform is an integrated ecosystem of cloud-native tools, featuring an agile content management system, a suite of digital subscription tools, built-in digital asset management, video delivery, and a front-end experience and content delivery platform to enable organizations across the globe to create and distribute content and transform the way they tell stories to their customers. Arc XP’s immense scale allows organizations to effectively monetize websites, drive ecommerce, and deliver multichannel digital experiences rapidly, reliably, and securely. Since its launch in 2014, Arc XP has experienced explosive growth. Today, it serves customers in more than 25 countries, delivering more than eight billion unique monthly page views across more than 2,000 sites.

Security is one of Arc XP’s strategic priorities. As the company scaled, Roman Garber, principal application security engineer, sought to ensure they were detecting all malicious activity targeting their applications and APIs.

As an organization with divisions that operate autonomously, Arc XP wanted a single source of truth that could enable more effective collaboration among its distinct teams. In addition, Arc XP needed to detect suspicious behavior in its customers’ code. The Arc XP platform allows customers to run their own code inside the Arc XP application, creating a shared security responsibility model with Arc XP responsible for the platform and its customer responsible for its code.

“[The shared security model] inherently diversifies our risk,” says Garber. “We need to protect our platform as well as help our customers catch any vulnerabilities in their code.”

Arc XP engineers examined several solutions, including runtime application self protection (RASP) solutions, but found the ROI wasn’t compelling. The company ultimately chose to add Datadog Application Security Management (ASM) to secure its platform in production and get real-time visibility into attacks that target its environment. Datadog’s distributed tracing capabilities enable ASM to show deep insights, such as user attribution and the attack flow through each microservice. This helps teams understand if response efforts need to be prioritized, and if so, pinpoint how to remediate.

Enabling faster remediation and improved collaboration

Datadog ASM’s monitoring capabilities enable Arc XP engineers to see which of their services are at risk, when they are under attack, and whether those attacks trigger vulnerabilities. In addition, ASM shows the exact function in which a potential vulnerability is triggered, the rule that was matched, the query the attacker used, as well as advice for how to fix the problem, enabling faster remediation. Overall, ASM improves collaboration among development, security, and operations teams, as there is now a single source of truth used by all teams.

“With ASM we can see if any services are experiencing an issue we need to address and where it's coming from,” says Garber. “In other words, Datadog ASM can quickly pinpoint an attack or anything unusual happening that we need to check out.”

ASM also helps Arc XP engineers address another priority: providing developers the freedom they need to do their jobs, but in the most secure way possible. The organization doesn’t view security as a gatekeeper to releasing new features quickly, but rather as a service-oriented function enabling developers to do their best work. The company expects the products they use to follow the same philosophy.

“Using Datadog for application security allows us to determine what’s happening and to make a more informed choice about whether blocking is necessary or not,” says Garber.

“We have to be agile in terms of what we block and what we don’t block and how we go about it, which means we need information. That’s what we look for from Datadog.”

The final layer of observability

ASM adds to Arc XP’s defense-in-depth strategy, providing a secondary defense in case any malicious request makes it through other layers of defense. The combination of observability context with security detection rules provides critical insights, including alerts for potentially malicious requests coming from resources considered trusted.

“Datadog ASM serves as the final layer of observability by adding a security lens to data already being monitored,” says Garber.

“If an attacker is attempting a SQL injection against our platform, we will see that within our other security tools. But we need the ability to also see if the SQL injection is actually triggering a vulnerability in the code, or if the attack attempt is harmless.”

With ASM, Arc XP can better protect its own platform and give its customers early alerts if their code has issues. For example, one customer had a vulnerability in their website code. “An attacker found an issue in our customer’s code and probed it for a SQL injection vulnerability. Datadog detected this and alerted the security team in time so that we could inform our customer and they could roll out a fix,” says Garber. “Those types of capabilities cement our role as a trusted security advisor to our customers.”

If you want to see Datadog Application Security Management in action, request a personalized demo here.