OneTrust Uses Oligo to Build Customer Confidence & Save Developers Time

Finding Signal in Noisy CNAPP and SCA Results

For OneTrust, defense-in-depth required a tool that could cut through the noise and help keep its teams focused on the security alerts that matter the most, without any compromise to OneTrust’s risk.

“Many vulnerability tools, especially CNAPPs, are very noisy. It takes a lot of analysis time to identify the real security risk,” said Joe Sanders, Sr. Director of Product Security, OneTrust

To help prioritize findings, OneTrust reached out to Oligo.

The Oligo Application Defense Platform cuts through the noise of CNAPP and SCA tools by observing all application components directly in runtime—enabling unprecedented visibility into which components are loaded and executed.

Unlike tools that prioritize results based on algorithms that make estimations of risk, the Oligo platform observes risk exposure directly, with proof of vulnerable functions or libraries being executed. This enables companies like OneTrust to drive further value by demonstrating vulnerability context for customers and offering assurance that issues are already fixed

After deploying the Oligo Application Defense Platform, OneTrust saw immediate value from the runtime visibility, allowing security and development to see which dependencies are and are not loaded or executed in production. “This allowed us to take a more risk-based approach and focus on fixing what is actually important,” Sanders said.

In addition to helping developers manage the security issues backlog, OneTrust also found that thanks to its zero-day response capabilities, the Oligo Application Defense Platform enabled them to rapidly take action. 

“With Oligo, we know almost immediately if there is something we need to address, and if so, we can take rapid and precise action,” Sanders said. Granting particular peace of mind: Oligo’s capabilities to identify whether a dependency zero-day is present and executed in any application.

An unexpected benefit of the Oligo Application Defense Platform: real time SBOM capabilities. “With Oligo’s assistance, we now deliver a more robust SBOM with each release,” said Sanders. “This enhances our transparency to customers and our ability to meet contractual obligations more effectively."