Customer Success: Coursera
1
NOT EVERYONE IS HERE TO LEARN. Despite Coursera’s noble intentions, hackers are always looking to make a name for themselves or steal the personally identifiable information (PII) of the learners. PII is a valuable asset not only to the individual it belongs to but also to an adversarial hacker who can sell the information for financial gain. A breach of this nature poses a threat to the integrity of Coursera’s open, collaborative platform, its users, university partners, and, ultimately, to its brand. AUTOMATION IS NOT ENOUGH. Knowing that the trust and safety of their community is key to their success, Coursera has been fiercely proactive about security. One of their first steps was to purchase an automated scanning solution from a leading vendor. Coursera began to look for alternatives when it realized automation couldn’t replicate the kind of creative cyber attacks the site was exposed to. Worse, automated tools could not handle Coursera’s sophisticated learning platform based on an advanced AJAX architecture. These shortcomings quickly frustrated the team. “We ran what we understood was a ‘best in class’ automated scanning product for a full year and found nothing helpful. Scanners simply cannot keep up with changing web technologies and hacking techniques,” said Coursera Information Security Officer Brennan Saeta. This data was noise that distracted the team from its focus on securing Coursera’s applications and infrastructure. THERE IS A BETTER WAY. Coursera knew exactly what they needed: a continuous assessment delivering actionable results without the noise. “How do we make our site safe? Documenting procedures for how we think it’s safe doesn’t count,” asked Brennan Saeta. Fred Rosenzweig, Coursera’ Head of Operations added, “We want to be protected from hackers COURSERA CASE STUDY See more at www.synack.com Continuous Learning Meets Continuous Security Case Study with Coursera Coursera partners with top institutions worldwide to offer courses online for anyone to take for free. Coursera’s mission is big and noble: to bring the world educational content that many wouldn’t otherwise get. In the two years since Coursera’s inception, more than 8M students have accessed content from over 100 different learning institutions. Meteoric growth like that attracts attention, and not all of it is friendly. and we felt...the best way would be to have people actually attack our site and try to break in. We push code very regularly and need a solution that can keep up.” Coursera was looking for what Brennan called, “Real Security”—a practical solution that delivers consistent value add results protecting their customers and brand. That’s when they heard about Synack. KNOWLEDGE IS POWER Synack provided Coursera access to some of the best security researchers in the world in a controlled, trusted environment. Onboarding was easy. Only hours after the launch, the Synack Red Team was logging vulnerabilities discovered in Coursera’s web applications. Coursera found value in discovering vulnerabilities before they were publicly disclosed or worse, noting that, “Synack found a diverse array of high value vulnerabilities above and beyond our expectations.” Because of Synack’s continuous assessment approach and the depth and diversity of the vulnerabilities found, Coursera felt they had a comprehensive review of their environment. “What we are doing with Synack is more representative of what hackers would do, and what really could happen to us from a security perspective. We’ll always be worried about security, but we sleep a lot better at night knowing the Synack Red Team is on top of things.” said Brennan. THE RESULT “Simply put, a lot of quality finds, including a handful of critical issues that we fixed within an hour, and that an automated scan would never have found.” said Brennan. Coursera is now expanding the scope of their engagement with Synack, and looks forward to receiving even more Crowd Security Intelligence™. “The quality and severity of the vulnerabilities found by Synack are vastly superior to the automated solutions we’ve used. I would highly recommend Synack.”
-
Upload
synack -
Category
Technology
-
view
422 -
download
2
Transcript of Customer Success: Coursera
NOT EVERYONE IS HERE TO LEARN.
Despite Coursera’s noble intentions, hackers are always looking to make a name for themselves or steal the personally identifiable information (PII) of the learners. PII is a valuable asset not only to the individual it belongs to but also to an adversarial hacker who can sell the information for financial gain. A breach of this nature poses a threat to the integrity of Coursera’s open, collaborative platform, its users, university partners, and, ultimately, to its brand.
AUTOMATION IS NOT ENOUGH.
Knowing that the trust and safety of their community is key to their success, Coursera has been fiercely proactive about security. One of their first steps was to purchase an automated scanning solution from a leading vendor. Coursera began to look for alternatives when it realized automation couldn’t replicate the kind of creative cyber attacks the site was exposed to. Worse, automated tools could not handle Coursera’s sophisticated learning platform based on an advanced AJAX architecture. These shortcomings quickly frustrated the team. “We ran what we understood was a ‘best in class’ automated scanning product for a full year and found nothing helpful. Scanners simply cannot keep up with changing web technologies and hacking techniques,” said Coursera Information Security Officer Brennan Saeta. This data was noise that distracted the team from its focus on securing Coursera’s applications and infrastructure.
THERE IS A BETTER WAY.
Coursera knew exactly what they needed: a continuous assessment delivering actionable results without the noise. “How do we make our site safe? Documenting procedures for how we think it’s safe doesn’t count,” asked Brennan Saeta. Fred Rosenzweig, Coursera’ Head of Operations added, “We want to be protected from hackers
COURSERA CASE STUDY See more at www.synack.com
Continuous Learning Meets Continuous SecurityCase Study with Coursera
Coursera partners with top institutions worldwide to offer courses online for anyone to take for free. Coursera’s mission is big and noble: to bring the world educational content that many wouldn’t otherwise get. In the two years since Coursera’s inception, more than 8M students have accessed content from over 100 different learning institutions. Meteoric growth like that attracts attention, and not all of it is friendly.
and we felt...the best way would be to have people actually attack our site and try to break in. We push code very regularly and need a solution that can keep up.” Coursera was looking for what Brennan called, “Real Security”—a practical solution that delivers consistent value add results protecting their customers and brand. That’s when they heard about Synack.
KNOWLEDGE IS POWER
Synack provided Coursera access to some of the best security researchers in the world in a controlled, trusted environment. Onboarding was easy. Only hours after the launch, the Synack Red Team was logging vulnerabilities discovered in Coursera’s web applications. Coursera found value in discovering vulnerabilities before they were publicly disclosed or worse, noting that, “Synack found a diverse array of high value vulnerabilities above and beyond our expectations.” Because of Synack’s continuous assessment approach and the depth and diversity of the vulnerabilities found, Coursera felt they had a comprehensive review of their environment. “What we are doing with Synack is more representative of what hackers would do, and what really could happen to us from a security perspective. We’ll always be worried about security, but we sleep a lot better at night knowing the Synack Red Team is on top of things.” said Brennan.
THE RESULT
“Simply put, a lot of quality finds, including a handful of critical issues that we fixed within an hour, and that an automated scan would never have found.” said Brennan. Coursera is now expanding the scope of their engagement with Synack, and looks forward to receiving even more Crowd Security Intelligence™. “The quality and severity of the vulnerabilities found by Synack are vastly superior to the automated solutions we’ve used. I would highly recommend Synack.”
