Seeking end-to-end insight as complexity grows
andsafe’s goal is to improve the customer experience for insurance by using technology to reduce administration, enable lean processes, and boost performance. The startup has experienced dramatic growth since its founding in 2019, adding approximately 10,000 new customers per month. That growth meant the company needed to scale quickly. It also needed to release new products rapidly. To do so confidently, andsafe needed a security solution that could complement its investments in observability. The products they tried initially gave them an incomplete view of metrics, traces, logs, and vulnerabilities across their environment. “We had some blind spots because we didn’t know how our services were communicating with each other,” says Marcel Drechsler, Product Owner Developer Platform at andsafe. “It was hard to find the root cause of issues.”
Remediating high-impact vulnerabilities
The andsafe team initially used OWASP’s Java dependency check plugin for application security, but this only listed relevant CVEs in text form within the output of their CI pipelines. Developers had to manually research remediation steps, which consumed a lot of time.
andsafe already used Datadog for observability. Initially, it evaluated a Datadog competitor for security, but ultimately chose Datadog Software Composition Analysis (SCA) because of its friendly interface, good documentation, and usability. “I also like the pace of Datadog’s innovation and feature launches,” says Drechsler.
By using Datadog SCA, andsafe can now continuously monitor for vulnerable open source libraries in production. Teams can easily identify and prioritize the remediation of the highest-impact vulnerabilities and apply recommended fixes to resolve issues quickly. andsafe is also utilizing SCA to analyze vulnerabilities in third-party solutions. In one case, andsafe was able to identify high-risk vulnerabilities in a third-party solution when the vendor accidentally disabled transitive dependency checks. Since SCA scans for these dependencies out-of-the-box, andsafe remediated the issue and helped the vendor make its product more secure.
“Having a centralized observability and security platform will definitely help us increase productivity in the future.”
SCA becomes a foundational block for a long-term security program
Today, Drechsler and his team can easily prioritize application vulnerabilities so they can identify key areas of security risk. They have also been able to increase engineering resource efficiency and reduce MTTD/MTTR in their complex insurance platform from cradle to production because of Datadog’s intuitive approach to monitoring.
Ultimately, andsafe has improved visibility into its production environment, giving it more confidence to deploy updates and new features. “The visibility into production has been a game changer,” says Drechsler.
Going forward, andsafe expects to continue to grow rapidly. As it does, Datadog will help keep it moving fast in an industry often known for lack of speed and agility. “Having a centralized observability and security platform will definitely help us increase productivity in the future,” adds Drechsler.