Jobvite Makes Recruiting More Engaging and Secure
Software & Technology
North America
As Vice President of Engineering at Jobvite, Sudipta Ghose is responsible for the Jobvite engineering teams. Leading platform and integration strategy, he works with legal, engineering, and other stake holders to ensure data security and legal compliance.
Executive Summary
Jobvite, an Employ Inc. brand, is leading the next wave of talent acquisition innovation with a marketing-centric approach to recruiting. Jobvite’s Evolve Talent Acquisition Suite offers more breadth and depth in functionality than any other talent acquisition technology available in the market, addressing the entire hiring lifecycle.
Jobvite has built the unified Evolve Talent Acquisition Suite, containing more than 50,000 APIs. The company has strong visibility into its cloud-hosted environment, but was challenged in determining whether application misbehavior was due to a code defect or caused by a malicious outside attack. Jobvite’s engineering teams also needed a way to uncover security flaws earlier in the development cycle to reduce costly downstream rework and risk vulnerabilities getting in the production environment.
With these concerns top of mind, Jobvite made adoption of an API Security platform a top priority.
Traceable AI provides us with an understanding of which problems we need to focus on, which is extremely valuable. We don’t need to waste engineering time trying to figure out problems that don’t pose an actual threat.
Case Study Highlights
Company
Jobvite, an Employ Inc. brand, is leading the next wave of talent acquisition innovation with a marketing-centric approach to recruiting. Jobvite’s Evolve Talent Acquisition Suite offers more breadth and depth in functionality than any other talent acquisition technology available in the market, addressing the entire hiring lifecycle.
Challenge
- Severe API Sprawl, unable to fully assess attack surface risk.
- Protecting customers’ personally identifiable information
- Mitigate risk by calculating the risk score
- Minimize human intervention with a full API Security Platform
- Secure more than 50,000 APIs, spanning four core workloads hosted across Amazon Web Services, Microsoft Azure, and Google Cloud
Results
- Saves an estimated 1,000+ engineering hours/year
- Reduces rework and costs
- Quantifies and mitigates risk by calculating the threat score
Life at Jobvite Before Traceable
Application Performance Monitoring insufficient
While application performance monitoring provided visibility and could surface errors, it did not support Jobvite’s engineering teams in distinguishing whether application misbehavior was due to a code defect or caused by a malicious outside attack. To do that, Jobvite needed both observability and intelligent security at the API level.
WAF approach could not secure their APIs
Jobvite initially attempted to secure the perimeter using WAFs. However, with 50,000 APIs, the WAF approach would have been extremely labor-intensive and costly to write all the necessary rules and exceptions.
We had a security challenge that simply could not be solved on the perimeter with a WAF,” Ghose says. “We needed a different way to detect and defend against all cyber attacks, including those that could come from within.
Life After Deploying Traceable for Comprehensive API Security
After considering WAFs, but finding them too costly and labor-intensive to be effective in its complex environment, Jobvite deployed Traceable AI in its application development process. Traceable AI now provides Jobvite’s engineers with insights into potential security risks deep within the application stack to prevent and mitigate risks, while offering fine-grained permissions control to block selected threat vectors.
Since deploying Traceable AI, the Jobvite team now has intelligence from deep within the Suite and thousands of APIs to prioritize which vulnerabilities require attention. This helps the team work more efficiently to stay ahead of security threats and assure protection for private customer data.
Traceable AI provides us with an understanding of which problems we need to focus on, which is extremely valuable,” Ghose notes. “We don’t need to waste engineering time trying to figure out problems that don’t pose an actual threat.
Intelligently Preventing Successful Cyber Attacks
Traceable AI also provides Jobvite with fine-grained control over what actions are permissible inside the software. For example, if a JavaScript is serving files from a location that is not appropriate, Jobvite can just disallow that activity through Traceable AI. “If there’s a flaw in the permissions or how the application server is deployed, Traceable AI knows what’s allowed or not. The ability to have that automatically prevent inappropriate action is unique in the industry.”
Traceable AI is differentiated because it provides AI and machine learning that can identify potential attacks, enabling us to quantify and mitigate our risk immediately.
Saving Engineering Time, Strengthening Application Security
Traceable provides detailed information beyond application performance monitoring, allowing the team to focus investigations on abnormal activities and vulnerabilities at the front end. This saves time by avoiding false positives and potentially saving over 1,000 hours of engineering time in a year.
Shifting API security left to catch Security Flaws Early in the Development Cycle
Jobvite’s DevOps program and CI/CD methodology empower engineering teams to take ownership of their applications, but flaws can still slip through. Traceable in the CI/CD environment quickly identifies security flaws, saving engineers time and effort. It enhances CI/CD processes, reducing rework, time-to-market, and costs.
Traceable AI provides us with a capability that’s incredibly affordable. The information it brings to us with very little effort not only strengthens our application security, but it brings us a return on investment that’s several orders of magnitude greater than any of the other options we considered.
