Software Integrity

 

What are the cost savings and business benefits of the Seeker IAST tool?

cost savings and business benefits of the Seeker IAST tool
The Total Economic Impact™ Of Seeker®-Interactive Application Security Testing (IAST) by Synopsys, a December 2016 commissioned study conducted by Forrester Consulting on behalf of Synopsys, examines the potential return on investment (ROI) that enterprises may realize by deploying Seeker. The study provides readers with a framework to:

  • Evaluate the potential financial impact of Seeker on their organizations.
  • Support their Agile development approach while reducing costs.
  • Decrease the threat of a data breach.

To better understand the benefits, costs, and risks associated with Seeker implementation, Forrester interviewed an existing customer with multiple years of experience using Seeker.

What is Seeker?

Seeker is an interactive application security testing (IAST) solution from Synopsys. It enables companies to reduce the risk of application-layer attacks with an automated approach that fits into the software development life cycle (SDLC) and Agile methodology.

Before Seeker, customers relied exclusively on an external security consultant to perform manual penetration testing post-production. This often resulted in up to two weeks of work for developers and testers to remediate vulnerabilities, increasing the cost of remediation and impeding the Agile development process.

With Seeker, developers within the organization can test during development. This better supports the Agile approach while decreasing costs.

How does Seeker reduce costs?

An interview with an existing Seeker customer (along with subsequent financial analysis) found that their organization experienced:

  • A three-year risk-adjusted ROI of 246%.
  • 85% lower remediation costs.
  • 17 hours saved per issue.

Synopsys Seeker by the Numbers

What are the business benefits of Seeker?

The organization of focus within the study found that the average time required to remediate a security vulnerability was reduced from 20 hours to around 3 hours. Due to Seeker’s interactive tutorials and videos discussing how to fix errors, the time to remediate errors is lower than with previous testing methods.

While most automated testing tools have a significant false positive rate (some up to 80%), Seeker has a zero false positive rate. Every error reported by Seeker is guaranteed to be an actual vulnerability requiring remediation. This reduces the time developers spend determining if a detected error is, in fact, a true error.

 

Access the full Seeker TEI Study to learn more about the framework and methodology, analysis, and findings.