Case study

Global Commercial Real Estate Services Company Improves Security and Compliance

The company

A publicly traded global commercial real estate services firm with nearly $10B (USD) in annual revenue

  • Industry: Real Estate Services
  • Geography: Global
  • Employees: 50,000+
  • Products Supported: PeopleSoft

The challenge

The Client offers commercial real estate services for companies and investors in 60 countries, providing a wide variety of technology-driven solutions and services as well as relying on technology to manage company business.

Most large organization security teams are tasked with keeping aging, but mission-critical, platforms secure and fully functional. That often means continuing to operate a software platform well beyond its vendor public support or relying on prohibitively expensive vendor support contracts.

At some point, vendor patches for out-of-public support platforms are no longer available. That leaves companies increasingly vulnerable to attack and at risk of being found to be out of compliance with government, industry, and company regulations and policies.

That’s the place where the Client found itself in early 2020. Relying on an aging PeopleSoft platform, the Client was faced with known deserialization vulnerabilities, but few options for securing the platform, and all of them were time-consuming and expensive.

Facing a long and costly traditional “find & fix” vulnerability management process, the Client contacted Waratek to evaluate the company’s Secure compiler-based runtime application security solution.

The solution

The Client came to Waratek to help address known deserialization issues using the company’s unique ARMR compiler-based security rules that can be applied without source code changes while vulnerable applications continue to run. The Client applied additional rules to address other common exploits such as Process Forking, XSS, Path Traversal, and SQLi, as well as rules to harden the app to prevent unnecessary file reads, writes and network access by 3rd party machines.

After installation, the Client determined that all critical and high vulnerabilities were remediated. The time from first conversation to full protection in live production was eight business days.

Waratek Secure offers “always on” security protection for threats the OWASP Top 10, SANS 25, and zero-day attacks. Offering instant protection, Waratek Secure installs in minutes and doesn’t require code changes or routine tuning. Best of all, Waratek Secure has an ultra-low performance impact and will never produce false positives – ever.

Securing your applications from the most common vulnerabilities like cross-site scripting (XSS), SQL injection, and insecure deserialization has ever been faster or easier. Using Waratek Secure, powered by the compiler-based ARMR Security Platform, there is no need for direct interaction with the application code. No prior knowledge of the application is required, and there is no recompilation or restart necessary. Security is provided for the entire application stack, including third-party libraries and open source components.

“As a Public company, protecting our enterprise applications is a high priority and Waratek has played a significant role in achieving that goal.”

The results

Zero-day protection
Coverage of OWASP Top 10 and SANS 25
Reduction in false positives

Waratek's Security-as-Code platform not only found the cryptominer we had, but securely removed it within 48 hours, stopping us from having to rebuild our solution from scratch.

Related case studies

Ready to scale Security with modern software development?

Work with us to accelerate your adoption of Security-as-Code to deliver application security at scale.