Insurance Case Study
Table of Content:
3.Solution
5.Results
Introduction
Privacy and security of customer data is paramount for insurance institutions in building and sustaining both customer trust and compliance This case study delves into the successful implementation of Bright Security’s Dynamic Application Security Testing (DAST) solution by a North America based top 5 Global insurance provider. By adopting a dev-centric DAST solution, the company automated the detection and remediation of vulnerabilities early in their Software Development Life Cycle (SDLC), empowering more than 15,000 developers with a direct scan platform.
Background
As a major player in the global insurance market, the company operates more than 50 worldwide subsidiaries, with more than 10,000 applications and APIs, across numerous territories and languages, supporting various and sometimes conflicting governmental restrictions, regulations and compliance requirements. Recognizing the potential risks associated with application vulnerabilities, the company sought a solution for early detection and remediation while automating the entire process within their existing software development process, across every business unit.
Solution
To achieve their integrated development and security goals, the organization chose Bright Security’s enterprise DAST solution. Bright automates scans, reporting, and the entire vulnerability management workflow, offering an efficient and effective security approach. Leveraging Bright’s extensive API library for streaming and integrations, the company deployed multiple enterprise-grade API scripts, further customizing and streamlining the workflow, and made use of Bright’s unique 24/7 human staffed engineering and support teams to ensure worldwide delivery and success across their enterprise.
Implementation
The implementation commenced in 2024, seamlessly integrating the tool into multiple development CI/CD pipelines. During 2024, the insurance provider onboarded hundreds of their most critical and sensitive customer-facing applications and teams onto the Bright Platform, conducting roughly 1000+ scans per month. After reliable and robust success and scaling throughout 2024, the company set an ambitious goal to onboard all applications and all subsidiaries into Bright by the end of 2025. During 2025, the organization has grown their monthly scan volume by 100% each month, and remains on
target for their complete adoption by year end, relying on the platform stability and reliability of Bright, and their high level of satisfaction with Bright’s solution and services to scale to whatever size is required with additional acquisitions and business development in new markets.
Results
Monthly DAST testing and vulnerability remediation is now a mandatory security practice integrated into their ongoing development process. Consistent DAST testing eliminates a previous need to wait months for third-party security testing or for running infrequent DAST scanning with more limited scope. Using Bright, the company was able to prioritize valuable security testing throughout the development life cycle, and revamped their vulnerability management practices as a result. The company now conducts an average of 800 scans per day and has plans to triple their engagement in the future, adding new business groups and subsidiaries in the immediate future. The provider was able to reduce vulnerability detection and remediation time by more than 75% by implementing Bright’s solution.
Conclusion
This case study highlights the significant benefits of the Bright Security DAST for one of the world’s largest insurance providers. The adoption of Bright enhanced the security, compliance, speed and efficiency of their development processes, enabling the company to stay ahead of threats and vulnerabilities and the resulting threats that can threaten application environments and their overall business.
