Introduction
Firebolt's mission is “to create the world’s most powerful cloud data warehouse and offer it as a service.” As a company that is “first and foremost customer driven”, earning their customers’ trust is built not only on product innovation but on the confidence that Firebolt will do what it takes to protect their proprietary and sensitive data. Nir Yizhak, Firebolt’s CISO, is responsible for putting this into practice and was looking for a single solution to manage all of their application security activities, streamline their operations, and reduce the triage and execution time between issue discovery and remediation. He was looking for an ASPM solution that could integrate with the tools they already had in place and could adapt and grow with any future evolution to their environment. Also, Nir did not want to divert valuable engineering time and resources toward either an in-house or partial solution, which ultimately led him to Legit Security’s code to cloud ASPM solution.
Solution Requirements
- Software composition analysis (SCA)
- SAST
- Pipeline scanning
- Cloud scanning
- Jira
They were also looking for a solution that could help them with:
- Secret scanning
- Misconfigurations
- Application event management
- Software bill of materials (SBOM)
How Legit Security Delivers For Firebolt
Legit delivered rapid value to Nir and his team, integrating with their entire toolset with minimal effort and providing immediate visibility into their application security posture from code to cloud. Once deployed, the solution gave them the awareness they needed to intelligently prioritize issues based on business and security needs. That deep context, combined with the ability to automatically open, assign and track trouble tickets in their existing Jira deployment, allowed them to significantly shorten the duration time of application-related issues. Legit also gave them the tools they needed to provide important visibility into code/development cycle-related issues and remediation trends to the executive team.
Legit Value
Ultimately, Legit Security gives Firebolt the single place they were looking for to orchestrate all of their ASPM activities, resulting in:
- Broader coverage
- Better visibility
- Shortened triage times
- Faster mean time to remediation
The Legit Solution
For Nir, Legit Security’s value is easy to articulate to any organization that develops software and needs to add a layer of security control to their SDLCs. The more you leverage external services like Github in the SDLC, the more you expose your software supply chain and increase the probability of attacks. The faster you bring in an ASPM solution, the better protected your organization will be. For Firebolt, Legit Security was easy to deploy and very quickly gave them the broad and deep visibility into their application security posture that they needed. This saves a lot of engineering time that would have otherwise been wasted trying to maintain the several different sets of tools they would have needed without an ASPM.