How Intruder helps Ravelin meet compliance requirements and gain customer trust
About the company
Ravelin provides sophisticated technology to help its clients prevent fraud and accept payments with confidence. The company achieves this by inspecting multiple data points, including real-time payment data, imported via an API from its client’s systems.
Ravelin was established in the UK in 2014 and since then has grown to over one hundred employees, helping brands such as Deliveroo, Just Eat, and Booking.com to manage payment fraud.
Security goal Ravelin wanted to accomplish
As a company that processes payments data, Ravelin is particularly concerned about providing a trusted service to its customers. Since vulnerability management is one of the essential components in achieving a strong security posture, Ravelin was determined to find a credible solution, to perform regular security checks across its internet-facing systems.
In order to adhere to the highest security standards, they also needed a security scanner which would help to meet ISO 27001 compliance requirements and provide continuous coverage between their regular PCI (Payment Card Industry) scans.
Effective and fast vulnerability management
Before trialling Intruder, Ravelin’s security team already had experience working with other vulnerability scanners. Intruder quickly stood out as a more efficient, time-saving solution.
“Unlike other equivalent security scanners, Intruder is simple to use and very easy to setup.”
William, Security Engineer at Ravelin
Intruder was specifically designed to prioritise high-impact flaws that increase the external attack surface, helping Ravelin to swiftly discern vulnerabilities in their perimeter systems, without the need for an extensive investigation.
“We mainly use Intruder for the scheduled external scans of all our public facing domains. These scans are great to keep an eye out on emerging vulnerabilities and catch them before it's too late.”
William, Security Engineer at Ravelin
As well as routine scans, Ravelin benefits from automatic vulnerability checks performed when new threats are disclosed. This proactive approach to vulnerability management allows the business to react immediately when alerts are received, and to quickly implement preventative measures.
Meeting client's and 3rd party security requirements
In addition to performing quarterly PCI scans through an Approved Scanning Vendor (ASV), Ravelin uses Intruder to continuously test their systems and remediate discovered weaknesses in a timely manner. Intruder uses a PCI approved vulnerability scanner for all its scans, giving Ravelin a clear understanding of its security stance at any point in time.
After each test, Ravelin receives a detailed report, which acts as a proof of security to its partners and clients as well as helps in meeting ISO 27001 compliance requirements.
When it comes to asset management, Ravelin continuously observes its IT environment from a hacker's perspective using Intruder’s network view. This feature allows the company to track which ports and services have changed, and rapidly detect any undesired alterations in their systems.
Since Ravelin are dedicated to going above-and-beyond to secure their systems, they are exploring other services in Intruder’s portfolio, such as the internal scanning agent.