company-culture
Caitlin Marco
By Caitlin Marco
Posted On June 04, 2018

Customer Story: How dscout Protects Against Web Application Attacks

Case Study | Runtime Application Self-Protection | Application Security | Next Gen Cloud WAF

tCell enables dscout to bring runtime application self-protection (RASP) technology inside applications without slowing down the user experience.

 dscout, the leading SaaS qualitative research platform, deployed its next-generation cloud web application firewall. With tCell, dscout is able to protect against OWASP Top 10 type attacks with the added benefit of browser-side controls not available from traditional WAF vendors.

"When it comes to our security operations, dscout adopts a continuous improvement approach," said Nick Terkay, vice president of engineering and the head of security for dscout. "In our search for a purpose-built cloud WAF to give us the always-on protection we needed, tCell stood out as the best option to effectively monitor and defend our applications at runtime."

After moving to Heroku's Private Spaces environment, dscout began looking for an application security solution that would augment its penetration testing program with reporting in real-time. Additionally, dscout identified the need for high-performing RASP functionality that would reside inside the application without slowing the user experience or introducing bloat.

Not only did tCell meet those requirements, its next-generation cloud WAF offered a suite of features that allowed dscout to separate attack attempts from breaches. tCell enables flexible blocking rules for automatic protection against real attacks including the OWASP Top 10, cross-site scripting (XSS), SQL injection, command injection, remote command execution and account takeover. This rapid detection and response capability arms teams with visibility into active threats – dramatically reducing the time it takes to respond.

"With tCell, we added the flexibility to apply different levels of controls -- alert, block and whitelist -- based on each attack type. tCell's open architecture improved operations by allowing us to set up Slack hooks and integrate with other tools to enable efficient, lean security management," added Terkay.
tCell offers robust threat protection at the application layer for companies with continuous integration/continuous deployment environments, DevOps and microservices.

"dscout's innovative approach to consumer research is built on trust: making regular people feel confident in sharing their personal, everyday experiences of brands, services and products.  So dscout needs to know that their applications are secure from outside threats," said Michael Feiertag, CEO of tCell. "With more than 100,000 users of its app and clients across a diverse set of industries, including highly regulated ones such as healthcare, dscout required a trusted security partner to secure its web applications in real time. tCell has been able to partner with dscout to provide that critical layer of security and defend against attacks near instantaneously."