About Softcat
Founded in 1993, Softcat provides IT products and services from ten offices in the UK, an office in Ireland, and a branch in the US. The company also has business entities in the Netherlands, Hong Kong and Australia to support its growing multinational business.
Softcat’s 2,300+ employees support customers from around 10,000 organizations across a range of industries, including commercial, public sector, education and law. Softcat’s focus is on helping these customers procure the right IT products and services for their needs as efficiently as possible, with expertise across the hybrid infrastructure, cyber security and the digital workplace.
Challenges
Navigating growth and upholding customer trust in a digital landscape
Driven by growth in its customer base and new business initiatives, Softcat introduced new business-critical web applications, including its e-commerce platform, eCat, a vital customer tool to efficiently procure a wide range of technology and services that recognizes millions of pounds of revenue every year in transactions.
Softcat recognized that using traditional security to safeguard its web-based applications was no longer adequate as it needed a more mature and proactive approach to be fully equipped to defend against malicious attacks.
As Softcat faced potential risk of sensitive data exposure and compromise to its web- based applications, finding a solution that helped establish a clear framework for classifying and understanding API endpoints, along with assessing associated risks, became a priority.
“Reputation is everything to us. Our business is built on trust, and to retain it we must ensure the availability of our customer-facing services and keep customer data safe,” said Mark Overton, CISO at Softcat. “As we offer cybersecurity services, we also have a responsibility to lead by example and leverage best practices.”
Deployment
Fortified online defenses and comprehensive reporting capabilities
Softcat partnered with Imperva to deploy Cloud WAF and API Security to leverage its security efficacy against cyber threats with easy-to-use features that grow with their needs.
Imperva Cloud WAF works to stop attacks with near-zero false positives, leveraging a global SOC to strive to ensure that organizations are protected from the latest attacks minutes after they are discovered. Through automatic detection and classification of API endpoints, Imperva API Security for Cloud WAF enables comprehensive API visibility for security teams by providing full contextual data and tags and automatically helping to determine risks around sensitive data.
Softcat’s application owners have role-based access to Cloud WAF, providing them with an extra layer of visibility for troubleshooting application issues and helping to break down silos between teams. API Security’s user-friendly interface also helps to empower teams to enforce policies based on risk assessment in a timely manner.
“It’s quick and easy to onboard applications, and we were able to establish the right level of protection out-the-box,” said Tim Ibbotson, Security Engineer at Softcat. “The solution provides clear and concise reporting, and it’s straightforward to drill down into more detail to understand the nature and impact of potential security threats.”
Results
Greater ecommerce revenue protection and strengthened brand reputation
Softcat now protects around 25 online systems with Imperva Cloud WAF and API Security, including its ecommerce site, with more to be added in the future.
Utilizing Imperva Application Security helps Softcat to align with international security standards such as Cloud Security Alliance, Security Trust Assurance and Risk (CSA STAR), and The Open Worldwide Application Security Project (OWASP.) As Softcat strives to reduce the number of internet-exposed systems on its infrastructure and migrate more capabilities to SaaS and the cloud, Imperva provides the extra layer of protection it needs to help safeguard systems before, during, and after migration.
“With enhanced security for online applications, we can protect our revenues, customer data and service continuity. This is vital to retain our reputation, customer trust and a strong bottom line,” said Overton.
Softcat can also rely on Imperva’s support team for help if needed. “The Imperva support SLAs are fantastic, and they’ve always been able to answer our questions,” said Ibbotson. “We also find the service reviews really helpful – every month we receive an email with our security score, along with recommendations on how to fix specific vulnerabilities and improve the result.”
In addition to protecting online applications, the addition of Imperva API Security helps to safeguard Softcat’s public-facing APIs. As the majority of the applications built by Softcat require integration with third-party solutions, the development team uses Imperva API Security’s comprehensive API visibility to help protect against potential business logic attacks and other OWASP API Top Ten threats.
“With its low operational overhead and scalability, Imperva provides a practical and cost-effective security solution as we grow and evolve our business,” said Overton.
Fortified online defenses and comprehensive reporting capabilities
Softcat partnered with Imperva to deploy Cloud WAF and API Security to leverage its security efficacy against cyber threats with easy-to-use features that grow with their needs.
Imperva Cloud WAF works to stop attacks with near-zero false positives, leveraging a global SOC to strive to ensure that organizations are protected from the latest attacks minutes after they are discovered. Through automatic detection and classification of API endpoints, Imperva API Security for Cloud WAF enables comprehensive API visibility for security teams by providing full contextual data and tags and automatically helping to determine risks around sensitive data.
Softcat’s application owners have role-based access to Cloud WAF, providing them with an extra layer of visibility for troubleshooting application issues and helping to break down silos between teams. API Security’s user-friendly interface also helps to empower teams to enforce policies based on risk assessment in a timely manner.
“It’s quick and easy to onboard applications, and we were able to establish the right level of protection out-the-box,” said Tim Ibbotson, Security Engineer at Softcat. “The solution provides clear and concise reporting, and it’s straightforward to drill down into more detail to understand the nature and impact of potential security threats.”
Results
Greater ecommerce revenue protection and strengthened brand reputation
Softcat now protects around 25 online systems with Imperva Cloud WAF and API Security, including its ecommerce site, with more to be added in the future.
Utilizing Imperva Application Security helps Softcat to align with international security standards such as Cloud Security Alliance, Security Trust Assurance and Risk (CSA STAR), and The Open Worldwide Application Security Project (OWASP.) As Softcat strives to reduce the number of internet-exposed systems on its infrastructure and migrate more capabilities to SaaS and the cloud, Imperva provides the extra layer of protection it needs to help safeguard systems before, during, and after migration.
“With enhanced security for online applications, we can protect our revenues, customer data and service continuity. This is vital to retain our reputation, customer trust and a strong bottom line,” said Overton.
Softcat can also rely on Imperva’s support team for help if needed. “The Imperva support SLAs are fantastic, and they’ve always been able to answer our questions,” said Ibbotson. “We also find the service reviews really helpful – every month we receive an email with our security score, along with recommendations on how to fix specific vulnerabilities and improve the result.”
In addition to protecting online applications, the addition of Imperva API Security helps to safeguard Softcat’s public-facing APIs. As the majority of the applications built by Softcat require integration with third-party solutions, the development team uses Imperva API Security’s comprehensive API visibility to help protect against potential business logic attacks and other OWASP API Top Ten threats.
“With its low operational overhead and scalability, Imperva provides a practical and cost-effective security solution as we grow and evolve our business,” said Overton.