NinjaCat + Sqreen Case Study

Protecting applications with a modern security partner: why NinjaCat chose Sqreen

Summary

Challenges

  • NinjaCat wanted to work with larger customers with greater security and compliance needs
  • Their business requirements demanded an agent-based application security solution
  • With a small security team, they wanted a security partner and an easy-to-use solution

Solution

  • Sqreen’s Application Security Management platform has given them unprecedented levels of visibility and insight into their applications
  • Sqreen Playbooks gives them the flexibility and control to protect against advanced business logic threats

Results

  • NinjaCat has had no false positives while blocking attacks ever since they started with Sqreen
  • Since implementing Sqreen, they have gotten top marks on their clients’ security questionnaires
  • NinjaCat has seen the best time-to-value of any security solution they’ve experienced
  • NinjaCat has a true security partner, with transparent communication and support




Founded in 2012, NinjaCat is a SaaS solution for marketing analytics reporting and monitoring. They are a 100% remote company with 60+ employees around the US. On the technical side, they operate in AWS, and have a largely PHP-based application, primarily in Laravel, which handles a couple hundred million requests per month. They also use some Node.js and Python as well for certain aspects of their environment. NinjaCat has a white labeling element to their product. They partner with enterprises and agencies for white labeling, which creates interesting technical demands around SSL and certifications.

NinjaCat does a lot of data storytelling, which uses aggregated analytical data. This means they don’t hold any PII. As they work more and more with agencies and enterprises, they wanted to increase their focus on security and compliance.

NinjaCat's website
NinjaCat’s website

With a push towards security in mind, they ran a gap analysis and started to improve their security posture across the board. As they filled the gaps they identified, one of the last large pieces that remained was a security solution to protect their applications. So they set out to find a solution that matched their particular needs.

One of the key needs NinjaCat had when they started looking for a security solution was that it be agent-based. Since white labeling is an element of their business and they’ve set up their infrastructure to support it, a traditional reverse proxy WAF solution wasn’t a workable option. A traditional WAF would have interfered with their business model and infrastructure on a technical level. With this factor in mind, NinjaCat set out to find an agent-based WAF.

User monitoring in Sqreen
User monitoring in Sqreen

It was at this point that NinjaCat found Sqreen. Unlike some of the other options they had explored, Sqreen offered a RASP component to their protection in addition to the agent-based WAF functionality, giving multiple layers of security protection. The deeper coverage and enhanced protections stood out, as having a RASP and WAF together meant that NinjaCat could leverage patterns and rules where that made sense, and ensure that they blocked attacks in real-time where that made sense. They trialed Sqreen and quickly saw how well it matched their needs.

“Once I started playing with [Sqreen], I saw that it was exactly what I wanted. The advanced features like user monitoring and playbooks provide a level of insight I’ve never had in any product or application in the past.” – Ronnie Pisani, CIO, NinjaCat

To evaluate Sqreen against the other next-gen WAF options they were considering, they ran a full suite of comparative testing. Sqreen matched or exceeded key security functionalities like vulnerability management and threat detection, and Sqreen’s in-app context brought in new functionality that other solutions couldn’t offer, like synchronous attack blocking without false positives, and full user context around an attack. Additionally, Sqreen won top marks on ease of use and installation. The choice was clear.

“With some other vendors, I felt like a number. With Sqreen, the team was phenomenal. Their culture was completely aligned with ours. All of our conversations were focused on solving problems and how we can partner together. It was a breath of fresh air.” – Ronnie Pisani, CIO, NinjaCat

As they moved forward with Sqreen, NinjaCat was able to get up and running quickly. They were able to get the SDK implemented and write a custom playbook with one developer and a few hours of time. The Playbooks are a big benefit for NinjaCat. They enabled the default Playbooks that fit their use cases and designed a few custom ones. For example, they have a segment of their product that consists of dashboards that are public to their clients’ clients. They are able to use Sqreen to capture that specific event and monitor it so they could write a Playbook to protect those.

“Sqreen’s dashboards and ability to get set up and running quickly really stood out to me. The PHP SDK was seamless. There was just one thing to install. What Sqreen brings on the RASP and SDK side is something I’ve never seen before. No product goes as far in my experience.” – Ronnie Pisani, CIO, NinjaCat

With Sqreen in production, NinjaCat started seeing results. They began blocking attacks for the first time, and have been able to investigate things at a much deeper level than they were able to prior to having Sqreen. The user monitoring and Playbook functionalities have brought new levels of visibility and insight for the team. Once they started blocking real-life malicious requests with Sqreen, the key stakeholders in NinjaCat were quickly convinced of the value.

“The time-to-value with Sqreen has been outstanding. I’ve worked with a huge number of WAFs and other security products in the past, and Sqreen has the best onboarding I’ve seen. We recently hired a new member to my team, and he’s been able to jump into Sqreen right away and get onboarded quickly. We haven’t had to spend months teaching Sqreen our environment or setting up complicated rulesets.” – Ronnie Pisani, CIO, NinjaCat

With any growing company, finding ways to scale becomes a primary focus. The team has worked hard on having an autoscaling infrastructure to support their growth, but that means they need to have autoscaling security. A problem with a traditional WAF is that funneling the entire load to a single asset or even a cluster makes scaling significantly more challenging. With Sqreen, any new web servers that NinjaCat spins up automatically have a new Sqreen agent ready to go. On top of that, Sqreen is inside their edge, so the team doesn’t have to worry about figuring out how the security will work with the particular load that comes with each new client they bring on.

“Sqreen is on autopilot now for me. We haven’t had a single false positive since we implemented it. I’m able to stay on top of our application security situation through email and Slack alerts, which frees up a lot of time for me to work more closely with our developers. Sqreen’s clarity of presentation supports me in educating our developers on security topics as well, so it’s been fantastic all the way around.” – Ronnie Pisani, CIO, NinjaCat

With one of the last major elements of their security gap analysis now settled, the NinjaCat team is working with larger and larger clients. With Sqreen in place, they’ve started getting top marks on security questionnaires from some of the largest clients they’ve ever worked with. Most recently, they’ve been working their largest client ever, and just got the best score that client has ever given on security. With a strong product and strong security, NinjaCat is ready to take on the future.

---

Request a demo to learn how Sqreen can help you protect your apps, APIs, or microservices.

Protect your SaaS application today

Get continuous security monitoring and protection for your apps without false positives.

Get Started For Free
Transparent security is here Scale your application security without impacting velocity Try Sqreen Today