Fortune 100 Insurance Provider Projected to Save $3M in Security Savings with AppSec Automation, and the 2nd-Largest ASPM Deal in History

The second-largest ASPM deal to date, valued at $4 million, comes second only to Apiiro’s record-breaking $5 million partnership with a Fortune 10 enterprise in 2024. This deal focuses on delivering millions in operational savings with application security automation. By automating thousands of developer hours, identifying sensitive data for PCI 4.0 compliance, and reallocating resources to high-value innovation, one leading Financial Services Provider is significantly enhancing their security posture with Apiiro.

Apiiro has closed the second-largest ASPM deal in the market to date with a Fortune 100 insurance provider. The deal, valued at $4 million, is second only to Apiiro’s $5 million 2024 close with a Fortune 10 Global Enterprise. Working in tandem with a longtime API security partner, Apiiro has engaged with the FinServ organization as a key partner in their security processes, highlighting their commitment to true end-to-end application security and robust application security posture management (ASPM).

This Fortune 100 company has faced many security challenges pervasive in today’s complex application development environments, such as a lack of aggregated visibility for software development lifecycle (SDLC) findings, an inability to enforce policy changes in response to security threats, and a lack of clarity around true business risk – leading to inaccurate scoring during routine security processes like Penetration Testing and Threat Modeling. Apiiro provides a unified platform to centralize, analyze, and prioritize all Security Findings from 3rd-party scanners.

Both traditional, siloed, manual application security testing processes and automated testing tools are no longer sufficient in today’s complex and agile development environments. Apiiro integrates application security, risk management, and development processes into a single platform – automating security controls validation and assurance throughout the software lifecycle from design, to development, and delivery. Apiiro’s enriched automation eliminates the need for manual self-attestation questionnaires and security reviews.

By taking a risk-based approach to security and integrating with development processes via full code-to-runtime discovery, Apiiro achieves a true “shift left” approach with this insurance provider – integrating AppSec into every phase of their software development lifecycle, from design through delivery. 

Automating Risk-Based Application Security for Financial Services

With 2,400 applications to maintain and a reliance on self-reporting and manual processes, the organization was challenged to achieve scalable and accurate security posture. In one instance, Apiiro learned that – prior to the engagement – full-time developers and engineers spent over 12,000 total hours manually triaging security findings per year. Seeing the need for a holistic, risk-based approach to security that would free up developer time and reduce costs, they partnered with Apiiro to achieve four key business objectives:

1. Prioritize & Automate Remediation Processes with Workflows to prevent risks from entering production environments and to ensure the right code owner is responsible for remediation. Apiiro answers the question: If a developer has 1 hour of time to devote to security, which risks do they fix first? 

2. Establish and maintain a continuously updated Code Repository and Application Inventory to ensure security teams have visibility to all source control managers, repositories, developers, and app components of internally built apps and those acquired through M&A activity. This includes an inventory of all APIs, Sensitive Data, Open Source Dependencies, GenAI Frameworks and more – updated automatically and continuously.  

3. Easily identify the impact and exposure of Zero Day Vulnerabilities by querying the organization’s Application Risk Graph via Apiiro Explorer.

4. Eliminating manual work and processes such as: 

• Manually triaging security findings from existing tools
• Manually building a comprehensive code repository and application component inventory – including sensitive data for PCI 4.0
• Manually identifying material code changes in scope for penetration testing
• Manually identifying the impact and exposure of zero day vulnerabilities 
• Automating portions of the Risk Rating Questionnaire that developers fill out manually before releasing to production

“Running a large-scale Application Security program demands strategic investments in people, processes, and technology. This partnership highlights the transformative impact of Apiiro ASPM in uniting these elements to drive operational efficiency while delivering substantial cost savings. By leveraging Apiiro’s unparalleled ability to contextualize business impact and enable advanced query capabilities for build-time SDLC findings, this organization recognized a level of value and innovation unmatched by any other ASPM provider in the market,” said Geoff Akie, Regional Sales Manager at Apiiro.

“The staggering outcomes and scope of this deal demonstrate the value of Apiiro as a design partner to the largest enterprises taking a risk-based approach to application security,” said John Leon, VP of Partnerships & Business Development at Apiiro. “Security leaders today don’t need another scanner or detection tool –  they need a unified, holistic platform to help them make sense of sprawling, noisy application environments. We’re proud to deliver on the promise of automated vulnerability management and risk assessment.”

Clear Business Value Across Six Use Cases

ASPM has broken new ground as a holistic approach to application security, but not all ASPMs are created equal. Many ASPM tools focus on simply aggregating data from different sources (i.e. APIs, data models, cloud infrastructure, encryption frameworks, etc…), and others aim to consolidate and replace security testing tools. Apiiro does both.

In partnering with Apiiro, a Fortune 100 insurance provider was able to get clear, quantifiable predictions for their estimated operational savings via our ASPM Business Outcome report. 
See how ASPM affects your bottom line. Get the report

For the team, the result was deep environmental intelligence about their GitLab environment, and major improvements across six primary use-cases:

• Automatic prioritization of security findings with business risk context: An estimated annual savings of $720,000 by automating 80% of the work involved in moving beyond uncontextualized CVSS scores to ingest, aggregate, and contextualize security findings – letting developers prioritize remediating risks that actually matter.
• Automatic discovery of all application inventory components: Automating code repository and application component inventory management – continuously updated on every commit – for 2,400 internally-developed applications. A total annual savings of $1.1 million.
• Automatic tracking of sensitive data: Automatic identification of sensitive data as an inventory component, according to existing and newly-added requirements of PCI 4.0 – saving engineers 2,400 hours per year and automating 90% of the work. Powered by Apiiro Deep Code Analysis (DCA).
• Utilizing a query engine to quickly identify the breadth of a zero-day library, and prioritize based on business context: Removed developers’ burden of identifying and triaging Zero-Day Vulnerabilities, using Apiiro Risk Graph Explorer – an easily searchable index of their entire environment that gives clarity on specific vulnerabilities and toxic risk combinations. An estimated $325,000 in savings by automating 90% of vulnerability prioritization, with an additional $400,000 saved on building an in-house logging infrastructure.
• Automate material code change detection for scoping penetration tests: Before implementing Apiiro, the penetration testing team relied on developers to self-report material code changes. Apiiro DCA continuously monitors and alerts on material code changes – on each commit – for over 2,400 applications, automating 90% of dev work and saving $300,000 per year.
• Automating Manual Risk Rating Questionnaire: 2,000 questionnaires can potentially be automated, getting back 1,000 hours of development time.

A Diamond Standard: The Apiiro Approach to ASPM

Apiiro is both a 100% open platform (meaning we integrate with any and all security tools) and has built-in application and software supply chain security solutions, enabling us to provide value to any organization from day one. Most other ASPMs in the market either focus on scanning and orchestrating security findings in code, or in runtime – we are both deeply rooted in both. By factoring in code and runtime context, we can be more holistic and proactive, especially in agile, constantly-shifting application environments. 

The core differentiator that sets Apiiro apart is the depth of our application knowledge, giving AppSec teams instant visibility into the unknown parts of their applications. Because we have the strongest foundational understanding of your application architecture, we can provide more robust and accurate prioritization and insights, which leads to drastically reduced triage work, remediation times, and, ultimately, a more efficient AppSec program.

If you have a clear need to build a faster, more efficient, more robust application security posture, set up a demo with our team today.