Security Alarm System Leader Streamlines Application Security

A leading security alarm and monitoring provider has been a trusted name in home and commercial security for over 150 years. The company started with early telegraph-based security systems and has since evolved into a modern leader in both residential and commercial alarm services. With around 17,000 employees, nine monitoring centers, and more than six million customers across over 200 locations in the U.S., they’ve built a solid reputation in the security industry. However, keeping such a large operation secure in the digital age requires constant effort, especially when managing cybersecurity threats across an expansive digital infrastructure.

The company has a team of over 100 developers working on security across 750 repositories. Their security team includes experts in static application security testing (SAST), software composition analysis (SCA), and cloud infrastructure, and they collaborate closely with the governance, risk, and compliance (GRC) team. This collaborative team works to maintain a secure environment for both their employees and their millions of customers.

Despite all the resources and talent at their disposal, the security team faced a significant challenge. They were using several different tools to manage security vulnerabilities, which resulted in a noisy and often confusing data stream. With so much data coming in, it became difficult to sort through false positives and inconsistent information. Tools that used Common Vulnerability Scoring System (CVSS) ratings didn’t provide enough context about how vulnerabilities could be exploited or what business impact they might have. This lack of clarity made it difficult for the security team to prioritize risks effectively. 

Additionally, the customer needed tighter integration with their project management tools, Jira and ServiceNow, where they tracked security issues and managed multi-level approval processes for exceptions. While they had tried other solutions in the past, those options were too limited, too complex, or simply too expensive to meet their needs.

From the first evaluation, the customer was impressed by AppSOC's ability to offer a complete solution. AppSOC provided everything they needed on a single dashboard, allowing the team to view all their security data in one place. This was a big improvement over the fragmented view they had been using before. On top of that, the AppSOC team was incredibly responsive to the company’s needs, customizing their platform to fit the customer’s specific requirements. According to the Director of DevSecOps, AppSOC "provided everything we needed in one place."

One of the biggest advantages of AppSOC was its ability to consolidate data from all the customer’s different tools into a single, comprehensive dashboard. This meant that the security team could easily prioritize, and correlate security issues based on actual risk, not just on severity scores. AppSOC took the analysis further by incorporating exploitability intelligence using the Exploit Prediction Scoring System (EPSS), as well as additional business context. This combination allowed the customer to prioritize issues more effectively and focus their attention on vulnerabilities that posed real threats to the business.

Another key feature that made a difference for the customer was AppSOC’s automation. Not only did the platform collect and analyze data, but it also automated workflows and synced seamlessly with Jira and ServiceNow. This was particularly valuable when dealing with exception management, where approvals from multiple levels of management were needed. AppSOC’s Exception Management tools made the approval process smoother and faster by enabling multi-level approvals for a range of managers and stakeholders.

‍

It wasn’t just the platform’s features that made the difference, but its simplicity and ease of use. AppSOC’s Executive Dashboards were a hit with the company’s leadership team because they provided a clear, high-level view of the organization’s security posture. This allowed management to understand the company’s risks and how the security team was mitigating them. The platform’s bidirectional integration with Jira also made it easier for the security team to track and manage issues without jumping between different systems.

Before choosing AppSOC, the customer had tried other solutions, including those from their existing tool vendors and other application security posture management (ASPM) platforms. However, none of these alternatives offered a complete, integrated solution like AppSOC. The other tools were either incomplete when it came to application security and vulnerability management, or they were too difficult to implement and maintain. Some were simply too costly to justify.

AppSOC stood out not only because of its comprehensive approach but also because of its flexibility and compatibility with the customer’s existing tech stack. The company used a variety of tools for their security needs, including Rapid7 for SAST, Checkmarx for Infrastructure as Code (IaC) scanning, Crowdstrike for Cloud Security Posture Management (CSPM), and Bitbucket for CI/CD. AppSOC integrated with all these systems seamlessly. It also integrated with Qualys for vulnerability management (VMDR) and worked perfectly with the customer’s IT management tools, such as Jira for issue tracking, Okta for single sign-on (SSO), and ServiceNow for incident response.

But the real game-changer was the relationship that AppSOC built with the customer. They weren’t just selling a one-size-fits-all platform; they worked closely with the company’s security team to understand their unique needs. The AppSOC team listened to feedback and continually customized their platform to meet those needs, making the security team feel like they were building the solution together. This collaborative approach was a significant factor in the customer’s decision to go with AppSOC.

Today, the security customer is much better equipped to handle its security challenges. With AppSOC’s comprehensive and automated approach, the security team can now focus on the real threats to their business without getting bogged down in false positives or inconsistent data. The platform’s ease of use, intelligent prioritization, and seamless integration with existing systems have saved the team time and improved their ability to manage risks.

In an industry where security is paramount, the home and commercial security company can now rest assured that they have the right tools and processes in place to protect their customers and their business. Thanks to AppSOC, they’ve streamlined their operations and gained greater visibility into their security posture, setting themselves up for success in the constantly changing world of cybersecurity.