As a provider of cloud-based application security for hundreds of companies around the globe, Veracode deployed an advanced approach to its network infrastructure security. The security team was proud of its cybersecurity program, and they wanted to communicate their success with prospective and existing customers. To elevate their brand and to position themselves ahead of industry peers, Veracode needed a way to easily convey their security posture with customers and compare themselves against the industry.

Veracode’s visionary board of directors asked for insight into the company’s cybersecurity performance. As a result, the Chief Information Officer was tasked with sharing actionable metrics and generating reports that he could easily present to his board to help drive productive security discussions.

"Being able to show our board, leaders, and even customers and partners how Veracode is performing over time and relative to others in our space is a powerful tool for communicating our commitment to security excellence, and has also become a terrific competitive differentiator."

Bill Brown
CIO & CISO, Veracode
Veracode

Veracode uses BitSight Security Ratings for Benchmarking to objectively and quantitatively measure the company’s cybersecurity performance. With BitSight, the information security team at Veracode can continuously monitor their own cybersecurity posture and compare their performance against the industry. If any issues arise on their network, BitSight provides suggested remediation steps to help improve performance. To demonstrate their advanced cybersecurity approach, the team can then download and send their prospective customers a report of their security rating.

When the CIO presents cybersecurity to the board of directors, he uses data from BitSight to discuss security. BitSight can detect a variety of risk vectors, including compromised systems, data breaches, diligence data, and user behavior, and displays dynamic reports that highlight changes and trends in security ratings over time.

Convey the company’s cybersecurity success and share with prospective customers

Convey the company’s cybersecurity success and share with prospective customers

Compare security posture against an entire industry or individual companies

Compare security posture against an entire industry or individual companies

Use metrics to communicate security performance to the board of directors

Use metrics to communicate security performance to the board of directors

Continuously monitor cybersecurity and identify key trends

Continuously monitor cybersecurity and identify key trends

BitSight Security Ratings for Benchmarking enable Veracode to continuously monitor the security of their network infrastructure and quickly identify issues that require attention. If the security team identifies an issue, they can view suggested remediation steps to help improve performance. Veracode uses BitSight to gain metrics around compromised systems, data breaches, open ports, peer-to-peer file sharing activity, and other critical risk vectors. Since BitSight displays twelve months of data, the company can quickly identify trends and assess the success of any security initiatives.

Veracode takes a proactive approach to cybersecurity by sharing a report of their BitSight Security Rating with prospective clients, which helps them establish trust with each client. “As the leading application security company, we take our own security performance very seriously and see it as a critical element in our reputational risk management strategy,” says Bill Brown, CIO and CISO at Veracode. “Being able to show our board, leaders, and even customers and partners how Veracode is performing over time and relative to others in our space is a powerful tool for communicating our commitment to security excellence, and has also become a terrific competitive differentiator.”

The CIO and risk management teams trust the accuracy of the ratings and leverage metrics from the platform to drive critical business decisions. With BitSight’s dynamic reports, actionable data, and continuous performance indicators, Veracode has been able to effectively communicate to its internal and external stakeholders the progress and value of the company’s information security program.

Veracode is an application security company headquartered out of Burlington, Massachusetts. Founded in 2006, the company is a leader in securing web, mobile and third-party applications for the world’s largest global enterprises. By enabling organizations to rapidly identify and remediate application-layer threats before cyber criminals can exploit them, Veracode helps enterprises speed their innovations to market – without compromising security.

Veracode’s cloud-based platform, deep security expertise, and systematic, policy-based approach provides enterprises with a scalable way to reduce application-layer risk across their global software infrastructures. The company serves hundreds of customers across a wide range of industries, including nearly one-third of the Fortune 100, three of the top four U.S. commercial banks, and more than 20 of Forbes’ 100 Most Valuable Brands.