CASE STUDY
Major European transportation company secures application portfolio with CAST Highlight
Client is a leading European public transportation company known for its extensive high-speed rail network, commuter services, and freight operations.
CAST Highlight enabled a significant reduction in security risks and the presence of obsolete software components, raising the resiliency of clients' software systems and teams' agility.
With all our partners involved in the development and maintenance of our business-critical applications, CAST Highlight plays a central role in monitoring and enhancing our open-source security.
Project Leader
114 applications
onboarded in just
two weeks and integrated
into the CI/CD
Challenge
The firm has a diverse portfolio of custom software applications that leverage open-source software (OSS) components, and they needed a better way to enhance security and control obsolescence to reduce operational risk.
Historically, the firm was managing security issues on a reactive basis which would often disrupt product roadmaps and increase the likelihood of experiencing a severe cyberattack. With a major project deadline approaching, it became imperative for the client to proactively address these issues to safeguard its critical IT infrastructure and ensure operational continuity and resilience.
They needed concrete visibility on the security and obsolescence risks across their applications.
Solution
The firm decided to deploy CAST Highlight as an open source ‘control tower’ and perform automated Software Composition Analysis (SCA). For each line of business, the most business-critical applications were automatically analyzed, allowing the client to monitor evolution and trends at the portfolio level without interrupting the development team. Issues identified by CAST Highlight such as security vulnerabilities and obsolete components are integrated into the development process for remediation. Progress and trends are monitored at the company level, providing a global view of all applications across the organization.
Each year, the client integrates additional applications into its control tower, continuously enhancing its security posture and proactively managing obsolescence.
Results
CAST Highlight was operational across 114 applications in a matter of two weeks and then integrated into the client’s CI/CD pipeline to automate insights delivery. The insights provided have been incredibly transformative for the organization.
CAST Highlight has effectively raised the organization’s awareness of OSS risks, helping them to monitor and address the health, obsolescence, and security of their applications. Their teams have aggressively adopted the CAST Highlight insights and integrated them into their standard processes.
As a result, the firm has experienced a significant reduction in security risks and the presence of obsolete software components. Consequently, their software systems have become more resilient, and their teams more agile.
