By clicking “Accept”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.
18px_cookie
e-remove

Grip Security Reduces Noise by 99%

Grip Security is a security vendor that provides businesses with visibility and control over their SaaS ecosystems. They replaced their traditional SCA tool with Endor Labs to improve their ability to build trust with customers without taxing developers. Before, they wasted time manually researching reachability, slowing down developers. Now they’re able to save time and raise confidence in their AppSec program.

Grip Security is a security vendor that provides businesses with visibility and control over their SaaS ecosystems. They replaced their traditional SCA tool with Endor Labs to improve their ability to build trust with customers without taxing developers. Before, they wasted time manually researching reachability, slowing down developers. Now they’re able to save time and raise confidence in their AppSec program.

Grip Security is a security vendor that provides businesses with visibility and control over their SaaS ecosystems. They replaced their traditional SCA tool with Endor Labs to improve their ability to build trust with customers without taxing developers. Before, they wasted time manually researching reachability, slowing down developers. Now they’re able to save time and raise confidence in their AppSec program.

Written by
A photo of Jenn Gile — Director of Product Marketing at Endor Labs.
Jenn Gile
Published on
December 11, 2024

Grip Security is a security vendor that provides businesses with visibility and control over their SaaS ecosystems. They replaced their traditional SCA tool with Endor Labs to improve their ability to build trust with customers without taxing developers. Before, they wasted time manually researching reachability, slowing down developers. Now they’re able to save time and raise confidence in their AppSec program.

Grip Security is a security vendor that provides businesses with visibility and control over their SaaS ecosystems. They replaced their traditional SCA tool with Endor Labs to improve their ability to build trust with customers without taxing developers. Before, they wasted time manually researching reachability, slowing down developers. Now they’re able to save time and raise confidence in their AppSec program.

The Challenge

Inaccurate SCA results created two problems: wasted time and developer inefficiency. Individuals had to choose between upgrading a package (and entering dependency hell) or waiting for DevOps to investigate.
- Idan Fast, co-founder and CTO @ Grip Security

Grip Security is a security vendor that provides businesses with visibility and control over their SaaS ecosystems. This helps security teams understand how company data is being used across SaaS applications, identify potential risks, and enforce the right security policies. Application security is an especially important part of their strategy because, as with other security vendors, the security of their tool is critical for building trust with customers.

The role of software composition analysis (SCA) in their AppSec program is to reduce breach risk, establish trust in their compliance posture, enable them to quickly respond to questions about vulnerability management SLAs and demonstrate how they reduce the possibility of a security incident. To balance security needs with developer productivity, they required an SCA that identifies packages with security or licensing issues and has a very low false positive rate.

Unfortunately, they realized the incumbent SCA tool wasn’t helping them meet those goals because it marked lots of findings as reachable but in fact they were unreachable in the context of their application. They frequently blocked the use of a package based on these results, but after looking into the details our DevOps team would learn there was no exposure.  

Inaccurate SCA results created two problems:

  • Wasted time: Manually evaluating findings to confirm reachability took time away from other tasks the DevOps team needed to perform

Developer inefficiency: Individuals had to choose between upgrading a package (and entering dependency hell) or waiting for DevOps to investigate, when in most cases they could have proceeded with the original package

The Solution

Difficulties with upgrading dependencies is one reason it’s important for our SCA tool to be highly accurate; upgrading dependencies is time-consuming and difficult, so we want to be surgical in what gets upgraded.
- Idan Fast, co-founder and CTO @ Grip Security

Grip Security co-founder and CTO, Idan Fast, sought an SCA tool that would introduce the least amount of effort for developers. This was an important driver because developer time and productivity is at the highest premium. In looking for a new tool, he had two main requirements:

  • Accurate prioritization: How well does the tool identify exploitable vulnerabilities, and can we easily validate the findings

User experience: How easy is it for developers to use within their regular workflows

The Impact

Endor Labs delivered on its promise to make SCA way more efficient and bubble up what actually matters much quicker.
- Idan Fast, co-founder and CTO @ Grip Security

Today, Grip Security can build trust with customers without taxing developers:

  • 99% noise reduction: Their lastscan claimed 100 times more reachable vulnerabilities than their first Endor Labs scan. Call path analysis for every finding creates confidence in the tool because it shows exactly why a finding is reachable or unreachable. Without unnecessary manual triaging, DevOps and developers focus on real threats, leading to a more efficient security process.

Compliance and security reporting: The CTO can quickly and accurately report on risk when completing compliance assessments, security questionnaires, and attesting to vulnerability management practices. He uses Endor Labs to show how they detect vulnerabilities and pairs it with Jira and GitHub to demonstrate how the remediation process is governed and executed. Grip Security can stand behind SLAs and assure customers of their security.

Book a Demo

Book a Demo

Book a Demo

Welcome to the resistance
Oops! Something went wrong while submitting the form.

Book a Demo

Book a Demo

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Book a Demo