Rainforest Case Study

How Rainforest QA’s security team got peace of mind with Sqreen


  • No visibility into attacks or other security events on their applications
  • Rainforest needed a solution to monitor and provide visibility at the application level that could be used by a security team of one.
  • Spending a lot of time on compliance and sales requests


  • Rainforest implemented Sqreen to get application-level visibility and alerting capabilities
  • Sqreen’s playbooks gave them a way to monitor exactly the activity they wanted to track with flexible business logic customization
  • Sqreen helped them reduce the time spent on compliance requests by satisfying an aspect of vendor security questionnaires


  • Ability for one person to stay on top of the security situation of Rainforest’s applications, freeing up time to work on other pressing security needs
  • A super simple and non-disruptive set up and installation
  • Flexible protection and monitoring that they can dictate with business logic

Founded in 2012, Rainforest QA offers modern testing for web and mobile apps, changing the way QA is done in a continuous deployment world. Rainforest uses Google Cloud Platform and runs predominantly Ruby, taking care to implement a best-of-breed monitoring stack with tools like New Relic and Sentry. As Rainforest has grown and worked with larger companies, they’ve upleveled their security protection over time. With over 200 employees and a security team of one person, Rainforest needed to find a way to implement security that could scale and that could deliver reliable value for a time-constrained team.

Rainforest Website

What first prompted Rainforest QA to look at security solutions was a lingering question of how many and which users were engaged in suspicious activity within their applications. The question came up multiple times, but they never had a way to answer it. They implemented an OS monitoring tool, an infrastructure security tool, and a user behavior monitoring tool to get some answers here, but soon realized they had no visibility at the application level.

Their lack of visibility came to a head when they set out to do a pentest. The security team wanted to understand what was happening during the pentest and get indicators of compromise and vulnerabilities, but they had no way to find out this information with their current setup. It was at this stage that they set out to find an application monitoring solution. They explored a few options that were either much too expensive or were only able to offer WAF solutions that couldn’t provide the reporting, visibility, and control that they were looking for. Then they found Sqreen.

Sqreen has been super easy and non-disruptive to install and integrate into our environment. I’ve had problems with integrating other tools, so was a bit skeptical going in, but I’ve run into no issues whatsoever with Sqreen.

Nicolas Valcárcel, Security Architect at Rainforest QA

They tested Sqreen during the pentest and were extremely happy with the results. Sqreen was able to identify the pentesters and detect their attacks, giving the team rich visibility into what was going on in the application during the entire pentest. The user accounts used by pentesters were flagged as high risk and the full timeline of security incidents was highlighted. They implemented Sqreen widely after the pentest and opened up their application level visibility. With Sqreen’s Flow Map, they can even see how internal apps are interacting with each other; something they never thought possible before.

Suspicious User Detail
Suspicious user monitoring in Sqreen from the demo app

Once Sqreen was set up, the team began working with Sqreen’s playbooks. They quickly realized that they could set up reporting and visibility for specific business logic problems they were having. One early example was around users hitting a 404 error on unauthorized playbooks. They weren’t able to tell if these users were performing malicious requests to enumerate the pages or reaching them by accident. They set up a playbook in Sqreen to determine if those endpoints were returning unauthorized user errors or not, and were able to quickly get to the root cause. With this new found visibility, they could improve the quality of their applications and better protect against attackers, without having to change their APIs.

Sqreen playbooks
Sqreen playbooks

These days, Sqreen is part of the security team’s daily workflow. They keep tabs on the state of their application security and have peace of mind knowing that Sqreen will alert them should anything require their attention. Additionally, Sqreen speeds up their ability to address compliance and sales requests by fulfilling parts of many vendor security questionnaires. This frees up the team to focus on keeping security a close part of their CI/CD pipeline and maintaining tight relationships with developers and engineering managers.

Sqreen is open constantly in my browser. I check it every day and keep up with email alerts. As a one person security team, the value for me is really peace of mind. I know Sqreen will alert me when anything happens, so I can focus on the other security items on my plate.

Nicolas Valcárcel, Security Architect at Rainforest QA


To know more about Sqreen, visit our product page or request a demo for a live presentation to learn how Sqreen can help you protect your apps, APIs or microservices.

Protect your SaaS applications today

Get continuous security monitoring and protection for your apps and scale your security.

Get Started For Free
Transparent security is here Scale your application security without impacting velocity Try Sqreen Today