Case Study

Fintonic Reduces Security Task Time by Up to 90% with Xygeni’s Solution

logo-fintonic

Case Study

About Fintonic

Fintonic is a prominent financial institution that provides secure and efficient financial services. Their mission is to make personal finances accessible to the public. The platform is verified and validated by experts in digital security and privacy. It provides an advanced access point for users to enter their accounts and financial information. Fintonic then guides them through analyzing millions of financial data points, helping users find relevant financial products.

Customers can anonymously and securely make financial and banking transactions using the Fintonic application. Managing numerous code repositories crucial to its operations, Fintonic continuously seeks innovative solutions to protect sensitive data and maintain the integrity of its development & CI/CD processes.

The Challenge

Fintonic faced significant challenges in ensuring the security of its development process. The primary concerns were the potential leakage of sensitive data and overall security vulnerabilities within the development process. Additionally, the team was worried about the SCM system’s ability to handle all these security issues efficiently without slowing operations.

To address these challenges, Fintonic needed a solution that could effectively scan for secrets, vulnerabilities, and malware in third-party open source dependencies and configurations in their Infrastructure as Code (IaC). Moreover, the solution had to integrate seamlessly into their development environment to prevent disruptions to their workflow.

We were concerned about our team and system’s ability to handle all security issues efficiently without slowing our operations.

Enrique Cervantes
CISO-CTO Fintonic

The Solution

After evaluating several options, Fintonic chose Xygeni because of its comprehensive security coverage and seamless integration capabilities. Xygeni’s ability to integrate directly into developers’ workstations stood out, as it prevents the accidental publication of secrets and ensures continuous monitoring and validation of security measures within the developers’ tools.

Furthermore, Xygeni’s holistic approach to security was exactly what Fintonic needed to maintain its rigorous standards without sacrificing speed or efficiency. Xygeni’s solution effectively scans for secrets, vulnerabilities, and malware in third-party dependencies and monitors suspicious activities, providing the robust security Fintonic requires.

Fintonic began the integration process with a Proof of Concept (PoC) to test Xygeni’s scanners. The smooth integration demonstrated Xygeni’s ability to monitor systems continually without causing workflow delays. This easy implementation allowed Fintonic to quickly incorporate Xygeni into its development environment, ensuring continuous security monitoring without delaying operations.

Xygeni Support Products

Although Fintonic has tested all Xygeni products, increasing analysis coverage and issues detection, the focus and validated benefits during the PoC were concentrated on the following:

ASPM

To provide a single analysis and prioritization pane of glass to ensure maximum focus and impact of the remediation activities on the application’s global security without increasing security team efforts.

Secrets Security

for certification of no secrets was exposed in any part of the current application and to validate control of leakages even before committing in the SCM.

Anomaly Detection

to detect any suspicious activity in the SDLC infrastructure to certify good user and privilege management practices for rotating developers.

The Results

Since implementing Xygeni, Fintonic has experienced significant improvements in its security processes. Key features of Xygeni have been particularly instrumental in this transformation:
75-90%
reduction in the time required to prioritize security tasks
Enrique Cervantes
CISO-CTO Fintonic

Suspicious Activities

Xygeni’s ability to monitor suspicious activities allow for quick action against potential security threats. By flagging unusual activity in the infrastructure, Fintonic can respond swiftly to protect their systems.

Prioritization Technology

Xygeni’s prioritization technology enables Fintonic to address the most critical security issues first, reducing unnecessary noise. This feature allows the team to focus on problems that provide immediately returns and significantly enhances security.

Health Check Module

The health check module efficiently identifies maintenance gaps and licensing issues with third party dependencies. This helps keep Fintonic’s systems secure, updated, and compliant.

Xygeni has transformed how we handle application security. Its comprehensive scanning capabilities allow us to find and prioritize every secret, vulnerability, and misconfiguration in our SCM. The insights provided by Xygeni make it easier for us to understand the impacts of these issues and address them promptly. It’s not just a tool; it’s an integral part of our security strategy now.

Enrique Cervantes
CISO-CTO Fintonic

Secure your Software Development and Delivery

with Xygeni Security