How productboard is moving closer to SOC 2 compliance with Sqreen
- productboard wanted to achieve SOC 2 compliance and needed a security solution to fulfill several of the necessary controls
- They wanted to gain visibility into their application’s security and block attacks automatically
- With a small security team, they wanted a security partner and an easy-to-use solution that could integrate with their production application and software development lifecycle
- Sqreen’s Application Security Management platform helps them satisfy compliance needs in four categories
- Sqreen delivers real-time alerting and blocks security incidents inside their application
- productboard has been able to check boxes in four SOC 2 categories since implementing Sqreen
- productboard now blocks many attacks, including 2-3 critical attacks per day
- productboard has integrated Sqreen into their development and alerting environment, making their developers more productive and secure
Founded in 2014, productboard is a leading product management system, helping product teams get the right products to market faster. They are split between San Francisco and Prague, with over 150 employees worldwide. On the technical side, they are fully cloud native, as a SaaS solution running on AWS. Their backend is Ruby on Rails, with a React frontend, and they deploy microservices in Node.js.
As they grew towards Series B and working with larger customers, the security team organized around the goal of becoming compliant with SOC 2 and other major security frameworks. They set out to find a tool that would enable them to detect and prevent any suspicious activity in their application, as well as keep track of new vulnerabilities.
Prior to undertaking this search, they were struggling to understand what the day-to-day attacks on their platform were. They wanted to gain visibility into the security of their application and be able to detect and block the ongoing day-to-day attacks and malicious requests that targeted their platform.
They set out to find a security solution that could meet their compliance and security needs. They started their search with some of the well-known SIEM tools but found them too big and complex for their current stage, and significantly more expensive than desired. At this point, they expanded their search to other application security tools and found Sqreen.
Productboard tested Sqreen and quickly saw that not only did it meet their compliance needs, it delivered much more. Security and compliance were the main reasons for this search, but the visibility and monitoring capabilities that Sqreen brought were a huge bonus. For a small team that’s scaling fast, they didn’t have to worry about security issues cropping up, because Sqreen was monitoring them. They could fully rely on the Sqreen platform, giving them peace of mind.
The developer team was a key stakeholder in the decision. Beyond a tool to meet compliance needs, they wanted something highly usable and intuitive. Sqreen’s user experience (UX) helped convince the developer team of its value. The intuitive UX, along with the ability to integrate with different SDKs, made it easy to embed Sqreen into existing developer workflows.
The team decided to go with Sqreen, and they have seen fantastic results across the board. On the compliance front, Sqreen was able to help productboard across four different areas:
- Asset inventory: Sqreen’s App Inventory helps them understand their application assets and check boxes in this section.
- Change management procedures: Sqreen monitors and scans their applications in development. Every single change becomes a separate application deployed and hosted in their cluster, and each of these applications is protected by Sqreen.
- Incident management: Sqreen is productboard’s main tool for this area of compliance. They’ve fully integrated webhooks with Sqreen incidents, which send events to their ops genie management tool. Whenever there’s an incident, Sqreen alerts the security manager immediately.
- Access management: Sqreen supports SAML/SSO protocols, which contributes towards their access management compliance needs.
For application and product security, Sqreen protects productboard’s applications from attacks, delivers real-time notifications and alerting for unexpected behavior, and helps them tackle business logic threats through flexible Playbooks.
A key benefit of Sqreen is the real-time alerts for unexpected behavior or requests. We love that we can have these alerts across all the different languages that make up our applications.
Mario Kamburov, Security Engineer, productboard
For protection, productboard blocks attacks and subsequently blocks the IP addresses of attackers to prevent further instances. Bots use scanners to find vulnerabilities and overload their platform every day. Sqreen blocks and covers them against these botnet attacks. Of these attacks, 2% are more complex, while 98% are standard botnets.
In a single day, we have 2-3 different complex attacks, such as scans + discovery + SQL injection attempts. Sqreen not only lets us see that these are happening, but also blocks them. We have the fine-grained control to dictate our response with Sqreen too. For the more aggressive attacks, we can block the IP address forever, while we can respond with temporary pauses for more basic ones.
Mario Kamburov, Security Engineer, productboard
With a security solution in place that not only gives them great visibility into their application security, but also monitors and protects against attacks, all while moving them closer to full compliance with SOC 2, productboard is looking forward to diving into Sqreen’s more advanced features in the future.
Request a demo to learn how Sqreen can help you protect your apps, APIs, or microservices.
Protect your SaaS application today
Get continuous security monitoring and protection for your apps without false positives.Get Started For Free