Soldo Delivers More Secure Digital Interactions and Boosts Customer Satisfaction with Dynatrace

Soldo, Europe’s leading spend management platform, offers organizations a simple, automated way to delegate, control, and track expenses for employees and departments, and helps finance teams manage budgets with real-time visibility over company-wide spending. To accomplish this Soldo requires maximum uptime and performance of its software so customers can access it from anywhere and at any time.

Its platform is built on a complex cloud-native technology stack, running in AWS and leveraging a Kubernetes-based architecture. Soldo also uses open-source code and adheres to agile and secure delivery practices to drive continuous innovation and align with strict financial services industry regulations.

Given the speed at which its dynamic cloud environment changes, and the prevalence of open-source code in its applications, Soldo needed to reduce the risk of vulnerabilities in its production environment, to keep its customers’ data and transactions secure. Achieving this was previously a challenge, as the company’s software testing practices and tools were mainly focused on pre-production. Each time its development and security teams discovered new zero-day vulnerabilities, such as Log4Shell, they had to search for them manually.

Soldo was already using Dynatrace to optimize the performance of its digital services and deliver seamless user experiences. After evaluating the runtime security solutions on the market, it identified that extending its use of Dynatrace by activating its Application Security Module would provide the best solution for its requirements, due to the efficiency of its unified platform approach. With Dynatrace Application Security, Soldo’s teams can continuously and automatically identify and prioritize software vulnerabilities across the entire software delivery lifecycle, including at runtime, to deliver more secure digital interactions.

“Soldo exists to help business owners focus on growing their organization without wasting time managing expenses and corporate spending,” said Luca Domenella, Head of Cloud Operations and DevOps at Soldo. “This requires us to earn our customers’ trust that we can offer the highest level of protection for the troves of sensitive data they entrust with us. Dynatrace gives us an uncompromising level of control over the security of our software, by continuously monitoring for application vulnerabilities in our production environments. That means we instantly know how a new vulnerability affects our digital services, so we can respond quickly to keep our customers’ data safe.”

• A full DevSecOps lifecycle: With Dynatrace Application Security, Soldo has continuous, automatic runtime vulnerability analysis and protection in real time, giving its teams the confidence that they can keep their applications vulnerability-free in production environments.
• More effective prioritization: When a new open-source library vulnerability is disclosed to the community, Dynatrace provides Soldo with a real-time, automatically prioritized view of all potentially impacted applications and data in its ecosystem. This enables its teams to easily see where the vulnerability exists, understand its risk impact and severity in the context of their environment, and tier their remediation efforts accordingly.
• Faster vulnerability resolution: Davis, the AI engine at the core of the Dynatrace platform, initiates remediation workflows to resolve vulnerabilities automatically, enabling Soldo’s teams to reduce the time it takes to respond to new zero-day vulnerabilities from days to minutes.
• Maintaining a more strategic focus: With Dynatrace identifying, prioritizing, and helping to remediate the vulnerabilities that matter automatically and in real-time, Soldo’s teams spend less time manually sifting through alert noise and triaging new threats when they emerge. As a result, they are free to focus on more strategic work, and identify new ways to improve their DevSecOps lifecycle.

“The precise answers we get from Dynatrace are invaluable and save our teams from wasting countless hours trawling through security alerts to understand our risk,” continued Domenella. “For example, when Log4Shell emerged last year, Dynatrace instantly showed us exactly where and how the vulnerability affected our platform. Those insights enabled our teams to remediate the vulnerability in just a few minutes, rather than the days or weeks it would otherwise have taken. Ultimately, Dynatrace helps ensure that nothing escapes our DevSecOps lifecycle, so we can focus on more strategic work than finding, triaging, and remediating vulnerabilities.”