Faster, Secure Recruiting Apps for the Fortune 100
Data Theorem helps Thrive extend their API security to the cloud & enforce governance.
The Company
Thrive is a software company that develops cutting-edge applications that help recruiters and talent executives make better hiring decisions. Their collaborative, easy-to-use features allow you to spend less time managing a database and more time advising the hiring team. Elite search firms, VC/PE firms, and in-house recruiters around the globe use Thrive TRM to reduce search times and improve outcomes for hiring managers. So it is imperative that Thrive protects the data that belongs to these high ranking professionals.
The Challenge
The security team at Thrive TRM works tirelessly to ensure data privacy and compliance. Due to uncovering new attack surfaces within both client and cloud endpoints almost everyday, they needed a solution to secure their application’s full stack. The team had an additional goal to find a Security Orchestration Automation and Response (SOAR) platform that secures, tracks, and discovers any new APIs as well. In order to fulfill these requirements, the team evaluated a number of vendors one of which was Data Theorem.
Past Alternatives
During application penetration testing, Thrive knew the importance of assessing the risk involved with their application’s attack surface. While some tools are great at identifying application attack surfaces, they will often fail to identify data that circumvents network firewalls and WAFs, as well as daily changes that keep up with the CI/CD lifecycle. This can leave an application open to an attacker. Thrive leveraged the SOAR criteria for their search and found that Data Theorem covered all of them and beyond, with API security capabilities that were automated.
According to Gartner, the three most important capabilities of SOAR technologies are:
Threat and vulnerability management: These technologies support the remediation of vulnerabilities. They provide formalized workflow, reporting and collaboration capabilities.
Security incident response: These technologies support how an organization plans, manages, tracks and coordinates the response to a security incident.
Security operations automation: These technologies support the automation and orchestration of workflows, processes, policy execution and reporting.
The Solution
The Thrive team was impressed with how Data Theorem was able to identify data leakage that had gone undetected. They discovered that they needed API security beyond what their cloud provider prescribed to them. The automated process of creating a secure code for developers and having the ability to test different solutions by scanning before going into production has helped them immensely and expanded their use of the product to 17 users.
As we have more integrations, each new API represents another potentially unique hack into our systems. The Data Theorem platform underscores the importance of automated, daily scanning so that risk gaps can be addressed quickly.
Additionally, the Thrive team has leveraged the Data Theorem platform to help enforce corporate governance policies. When issues are found by the Data Theorem analyzer engine, not only are they automatically flagged with remediation details but the Data Theorem support team has acted as Thrive’s go to security experts by providing additional information on each issue, letting Thrive know what data is at risk and how hackers can penetrate these vulnerabilities.
Thrive has found tremendous improvements in their TRM security responses after implementing Data Theorem solutions. Given the current transition of numerous recruitment personnel and strategy to fully virtual, Data Theorem is vital for providing the help and support needed for Thrive to evolve seamlessly toward a cloud-oriented business model. The partnership allows Thrive and Data Theorem to find a new normal in the industry and better prepare for the future.
Statistics
OF APPS SCANNED FROM THE VERY FIRST RELEASE : 100%
CRITICAL FLAWS (P1 ISSUES FROM THE VERY FIRST RELEASE) : 0
CLOSED ISSUES IN ONE YEAR : 132
The value of the platform has increased over time. We went from ‘Why do we need this’ to 'We really need this’. It has become increasingly invaluable to the teams and continually challenges us to improve our security posture.