Financial Industry

Practical Implementation of DevSecOps Agile Security in the Financial Industry

Business Requirements

In the financial industry, the persistently high number of security vulnerabilities has led to intrusions into enterprise data centers, database information leakage, theft of user accounts and passwords, and severe threats to customers' funds. Meanwhile, in recent years, a dense cluster of laws, regulations and regulatory requirements related to cybersecurity has been introduced, with such requirements becoming increasingly numerous and stringent. As a heavily regulated sector, the financial industry involves massive volumes of sensitive business data, relies highly on informatization, and faces an extremely grim cybersecurity risk landscape. Consequently, compliance with laws and regulations has naturally become another crucial task for financial institutions.

Solution

Technical Architecture
By virtue of intelligent orchestration technology, security testing tools based on application auto-immunity technology and deep learning algorithms have been smoothly and seamlessly integrated into the in-house DevOps development process. A comprehensive end-to-end security toolchain model has been gradually established, covering Xmrrior Xmaze AI Development Security Guard, Xcheck Software Composition Analysis Platform,Xmaze lAST Security Testing Platform , and Xfuse Supply Chian Security Posture Management Platform. During the development of digital applications, the model automatically conducts code defect scanning, open-source risk governance, and vulnerability detection. Simultaneously, in actual projects, the effectiveness of secure development is measured through multiple metrics including security requirement coverage, code quality, the number of system vulnerabilities, vulnerability remediation rate, and vulnerability remediation time. This enables effective control of development-related security risks and achieves Shift-Left Security.

Achievements and Benefits

Based on existing development methods, a DevSecOps system has been gradually built relying on the agile security toolchain. Through intelligent single-probe instrumentation, the integrated one-stop toolchain has been successfully implemented. Over 95% of medium and high-risk vulnerabilities in digital applications have been fixed at the source of development, and a closed-loop management process for application risks has been established. The overall risk reduction rate has reached 60%, which prevents defective applications from being launched, drastically cuts vulnerability remediation costs, and ensures compliance with relevant regulatory requirements in the financial industry.

Honorary Recognition

The "Secure Development System Construction Project", jointly declared by Xmirror Security and China Securities Co., Ltd., has been successfully selected as an Industry Benchmark Demonstration Project under the "Ten Policies for Information Technology Application Innovation - Pilot Solutions" in the financial field for 2023 - 2024.

 You Jing, Director of the Informatization and Software Service Industry Division of the Beijing Municipal Bureau of Economy and Information Technology, officially announced the pilot solutions for industry benchmark demonstrations specified in Several Policy Measures of Beijing Municipality on Accelerating the Construction of a Highland for the Information Technology Application Innovation Industry. The "Secure Development System Construction Project" by Xmirror Security was successfully rated as an Industry Benchmark Demonstration Project under the "Ten Policies for Information Technology Application Innovation - Pilot Solutions" for 2023 - 2024. The project fully meets the requirements in terms of industrial importance, typical application scenarios, solution demonstration value, first-time recognition of the solution, product performance, and level of business support.
Scan the QR code for access
to the detailed scheme of the award - winning case.