CASE STUDY | Industry
Trust & Privacy Platform

OneTrust Uses Oligo to Build Customer Confidence & Save Developers Time

2016
FOUNDED
2300
EMPLOYEES
>500
DEVELOPERS
Atlanta, GA
HQ LOCATION
“Oligo is a weekend saver. When there’s a zero day, it feels like it’s always on a Friday. With Oligo, we can see right away what is actually affected and make a decision about what to do.”
Robert Kugler
Joe Sanders
Sr. Director of Product Security

OneTrust builds the platform that simplifies trust transformation across privacy, security, and ethics – so companies big and small can collaborate seamlessly and put trust at the center of their operations and culture.

The Challenge

Finding Signal in Noisy CNAPP and SCA Results

For OneTrust, a global leader in privacy, security, and data governance software with over 500 developers working worldwide, defense in depth requires multiple security tools. However, as VP of Information Security, Igor Zavulunov, enhanced OneTrust’s ability to see vulnerabilities, a new problem emerged: knowing which alerts from the new tools actually mattered.

“Many vulnerability tools, especially CNAPPs, are very noisy,” explained Joe Sanders, Sr. Director of Product Security at OneTrust. “It takes a lot of analysis time to identify the real security risk.” Igor added: “And of course, our customers hold us to the same standard. If we can see it, they can see it.” To prioritize findings that posed real risk of exploitation by attackers, OneTrust reached out to Oligo.

The Oligo Solution

The Oligo Application Defense Platform cuts through the noise of CNAPP and SCA tools by observing all application components directly in runtime—enabling unprecedented visibility into which components are loaded and executed.

“It really helped us reduce the workload that developers were taking on,” said Zavulunov. “Oligo also helped us look at where the issues were coming from on the application side, so we could actually go back and remediate the root issue.”

Results & Benefits

Within two weeks of getting started deploying the Oligo Application Defense Platform,
OneTrust found 75 percent of its dependency vulnerabilities were not executed—allowing for prioritization of the discovered vulnerabilities which were executed in runtime. “This allowed us to take a more risk-based approach and focus on fixing what is actually important,” Zavulunov said.

In addition to helping developers manage the security issues backlog, OneTrust also found that thanks to its zero-day response capabilities, the Oligo Application Defense Platform was “a weekend saver,” according to Sanders.

“When there’s a zero day, it feels like it’s always on a Friday,” he said. “With Oligo, we can see right away what is actually affected and make a decision about what to do.” Granting particular peace of mind: Oligo’s capabilities to identify whether a dependency zero-day is present and executed in any application, which is beneficial to OneTrust.

Why Oligo?

In addition to the immediate benefits the Oligo Application Defense Platform provided to OneTrust, Zavulunov is also excited about the future of the product.

“Oligo is now presenting an option to be a sort of antivirus for product security,” he said, referring to the new Application Detection & Response capabilities in the Oligo platform. “That’s not something I’ve really seen in the industry, and I would really like to leverage it, because it gives us the opportunity to block malicious package vulnerabilities even when there is no proper patch or fix available.”

Zero in on what's exploitable

Oligo helps organizations focus on true exploitability, streamlining security processes without hindering developer productivity.

Book a Demo