Scaling Product Security: Infoblox Case Study
Infoblox, a Santa Clara-based leader in Enterprise DDI (DNS, DHCP, and IP Address Management), faced a massive resourcing challenge as it attempted to scale its product security program. With a product security team of only 15 full-time employees supporting over 600 engineers and 150 applications, the organization was operating at a 40:1 ratio that made manual vulnerability scanning impossible. Before implementing a formal solution, applications were often deployed without security insights or were manually reviewed only after reaching production. Furthermore, Infoblox needed to maintain rigorous compliance certifications, including FedRAMP Moderate, SOC 2, and ISO 27001, without slowing down a high-speed development environment that generates thousands of containers monthly.
To address these hurdles, Infoblox implemented Anchore Enterprise to automate container image scanning and CVE management. The platform provided a low false-positive rate, which was paramount for the small security team to avoid wasting time on non-existent threats. Anchore seamlessly integrated into Infoblox's existing tech stack—including Amazon EKS, Harbor, and Jenkins—allowing for a "shift-left" approach where vulnerabilities are caught during the build process or even while developers are authoring code. This proactive posture effectively transformed security from a reactive "firefighting" effort into a collaborative, automated risk management workflow.
The results of this transition were significant, highlighted by a 75% reduction in time spent on manual vulnerability detection tasks. By enabling developers to self-serve scanning tools, Infoblox achieved a 55% reduction in hours allocated to retroactive remediation of vulnerabilities. Additionally, the automation of compliance reporting led to a 60% reduction in hours spent on compliance tasks. These efficiencies allowed the product security team to pivot away from manual labor and focus on higher-value initiatives like automating policy enforcement and long-term remediation strategies.
