FreeAgent Case Study

How FreeAgent prevented 33 major attacks last year with Sqreen



  • Have good processes in place and manage security internally, but started to have needs beyond what they could handle in-house
  • Looking for a top-notch application security solution that was better than a WAF
  • Their physical infrastructure isn’t common, and they needed a solution that could work with their environment


  • Sqreen provides FreeAgent with an Application Security Management (ASM) solution that provides better and deeper coverage than a WAF can offer
  • Sqreen’s ASM platform provides them with peace of mind due to its protection capability and deep integration with their alerting environment


  • Over the past year, Sqreen has blocked 33 major incidents for FreeAgent
  • Sqreen blocks an average of 6 attacks per day with no false positives
  • Flexible and powerful Playbooks and modules enable FreeAgent to protect against the exact scenarios they want to handle.
  • FreeAgent has peace of mind around application security with the knowledge that they have the right protection in place

Founded in 2007, FreeAgent is cloud-based accounting software targeted at small businesses and their accountants, predominantly in the UK. In 2018, they were bought by the Royal Bank of Scotland, but remain operationally independent. On the technical side, they have a monolithic Rails application with a MySQL backend. They are currently migrating away from hosting in UK data centers to the cloud in order to handle rapid scaling needs more effectively.

FreeAgent has a history of good security practices, even before they brought on a full-time security leader. As a security-forward company, they’ve instilled a strong culture, and have excellent physical infrastructure security in place. As they’ve started to grow their security team, they found themselves looking for external support on the application security front to keep up with the needs of their 70+ engineers.

FreeAgent's application overview
FreeAgent’s application overview

To improve their application security posture, they set out to find a web application firewall (WAF), as that was the first type of tool that came to mind in the application security space. However, during their research, they came across runtime application self-protection (RASP) solutions, and when comparing them to WAFs, felt that WAFs came up short. The detailed insights into application vulnerabilities and faster times to remediation compared to what WAFs could offer were a big driver for going with a RASP. They found WAFs to be less reliable, easier to bypass, less detailed, and lacking in coverage when compared to RASPs. As a result, they decided that a security solution with a RASP element was a much better fit for their needs.

They set out to evaluate RASP vendors and were unable to find anything in the market that matched what they were looking for. Then they found Sqreen.

One of the first things that jumped out to the team about Sqreen was the ease of setup and use. Installing Sqreen was super easy – just a matter of adding a gem into their app. This gave them the confidence to explore and experiment with the product, since it was something they could add and remove with ease, rather than something that required a lengthy setup process.

Installing Sqreen in Ruby
Installing Sqreen in Ruby

An area of concern for them was around the specifics of their environment. Their physical infrastructure setup was not common, as they used an unusual variant of Linux that didn’t include some of the libraries/dependencies that other tools required in order to operate. With Sqreen, they just installed the gem and it worked straight away.

When evaluating Sqreen, they considered the potential pros and cons. One item that fell into both camps was that Sqreen was a startup. To FreeAgent, that meant that Sqreen was better positioned to understand their needs and move at their pace, but also came with the risks that any startup has. It was Sqreen’s self-service that won them over in the end. They tried Sqreen’s free trial, installed a gem, and that was that. There was no big rip-and-replace like some other security vendors required, and no consultants needed for setting it up.

One thing I appreciated right away with Sqreen was their support. It’s just fantastic all the way down. They were super responsive during our onboarding, and I felt like we could rely on their help whenever we needed it.

Richard Grey, Head of Information Security, FreeAgent

Seeing benefits: how FreeAgent uses Sqreen

With Sqreen up and running, FreeAgent quickly saw the benefits. Sqreen integrated seamlessly with their alerting environment in Slack, cutting out the need to sit in front of the dashboard and keep an eye out for attacks. When the first attacks did come in, Sqreen responded immediately and left them with a feeling of peace of mind around their application security.

The main benefit to me is peace of mind. With Sqreen, I know we have the right protection in place for our application, so we can focus on getting increasing levels of security value through advanced features like customized Playbooks.

Richard Grey, Head of Information Security, FreeAgent

FreeAgent gets a lot of value from diving into the advanced features of Sqreen, particularly around Playbooks. One example of how they leverage Playbooks is in their approach to advanced business logic threats. They’ve created some Playbooks to set thresholds for core business functionality to identify patterns of abuse. FreeAgent offers a free trial, and they use Sqreen to see if people sign up for a trial and head straight towards particular areas of the product in attempts to abuse them or commit attempted fraud.

Playbooks in Sqreen
Playbooks in Sqreen

Risk profiles in Sqreen’s User Monitoring dashboard help FreeAgent proactively reach out to users if they think there’s a potential problem with their accounts. Account Takeover (ATO) attacks happen with some frequency, and Sqreen empowers them to be able to monitor user accounts for these attacks and let impacted users know if any malicious activity is suspected.

Another area of benefit for FreeAgent is around application visibility. With a monolithic Ruby application, they have a good understanding of their environment, but not always around their dependencies. Sqreen provides early visibility into vulnerable dependencies to compliment their automated dependency alerting setup.

Dependency management in Sqreen
Dependency management in Sqreen

Getting results: monitoring and blocking attacks with Sqreen

Over the year that FreeAgent has had Sqreen set up in their environment, they’ve logged and handled 33 major attacks. Each day, Sqreen blocks an average of 5-6 attacks for FreeAgent in real time, and provides monitoring and remediation capabilities for many more.

With Sqreen, we’ve been able to deal with some major attacks with ease over the past year. On top of that, the number of false positives is negligible, if not zero, which is a fantastic benefit. I know I only have to spring into action if it’s merited!

Richard Grey, Head of Information Security, FreeAgent

Today, as they’ve started to scale security, one of the actions FreeAgent has taken is to leverage Sqreen to serve more of the company’s security requirements. Sqreen helps FreeAgent prioritize and support their 70+ devs with just a small security team. Another layer to the defense-in-depth approach, Sqreen is helping FreeAgent to build a strong and resilient security environment.


Request a demo to learn how Sqreen can help you protect your apps, APIs, or microservices.

Protect your SaaS application today

Get continuous security monitoring and protection for your apps without false positives.

Get Started For Free
Transparent security is here Scale your application security without impacting velocity Try Sqreen Today