A customer-facing services company replaced manual security processes and static WAF controls with runtime application visibility, helping security teams prioritize real threats, improve remediation speed, and support a company-wide digital transformation.
At a glance
- Introduced runtime application self-protection (RASP) with Aikido Zen Firewall
- Extended security visibility from IDE to CI/CD to runtime
- Improved remediation speed with AI-assisted prioritization and fix recommendations
- Achieved remediation SLA targets during a large-scale digital transformation
- Enabled executive and board-level security reporting
- Reduced security noise and focused teams on the vulnerabilities that matter most
- Integrated security directly into developer workflows
Challenge
Oncourse Home Solutions operates customer-facing digital services that increasingly depend on cloud infrastructure, modern applications, and digital experiences. As the company accelerated a broader digital transformation, application complexity grew rapidly. New cloud services, integrations, and customer-facing capabilities increased both the business opportunity and the organization's threat surface.
For Chief Information Security Officer Joshy Alappat, the challenge was ensuring security could evolve at the same pace as the business.
“We were going through a digital transformation where a lot of cloud services, a lot of intricacies that we built into, and we were looking at our threat profile changing.”
The security team already had tooling in place, but much of the process remained manual.
Different tools generated findings, teams reviewed logs, and security analysts spent significant time determining which issues actually required attention. What was missing was a single view of risk and a reliable way to prioritize security efforts.
“We had tooling in place, but it was a manual process. We didn't have a single point of view and how we prioritize.”
At the same time, the organization's security architecture relied heavily on traditional web application firewalls and network controls.
While effective for many scenarios, these tools required constant tuning and rule maintenance. Understanding what was being blocked, why it was being blocked, and how changes would impact production applications often introduced operational overhead.
“The challenge with WAF is updating the rule set and figuring out what's being blocked and all that, without taking the application down.”
The team needed a solution that could provide visibility into running applications while helping developers and security teams work from the same source of truth.
Solution
As part of its modernization initiative, Oncourse evaluated multiple security platforms. One requirement quickly became clear: security needed to extend beyond traditional pre-deployment scanning. The team wanted visibility into what was actually happening inside running applications, not just what static scans could identify before release.
Aikido stood out because it combined runtime protection through Zen Firewall with broader application security capabilities across the software development lifecycle. The rollout started with Zen Firewall and gradually expanded across development and deployment workflows.
Today, security is integrated directly into IDEs, CI/CD pipelines, Jira workflows, and runtime environments.
Rather than introducing a separate security process, Aikido became part of the way software was already being built and delivered. Developer adoption played an important role in the decision. According to Joshy, engineering teams quickly embraced the platform because it provided actionable guidance instead of creating additional friction.
The combination of runtime visibility and AI-assisted prioritization also changed how the security team approached risk management. Instead of manually reviewing large volumes of alerts, teams could focus on vulnerabilities that represented meaningful risk to production systems. The platform also provided direct remediation guidance tied to the code itself, allowing developers to move from identification to resolution much faster than before.
Results
The most significant outcome has been efficiency. Rather than spending time manually investigating findings, maintaining static rules, or determining which vulnerabilities deserve attention, the security team can focus directly on the issues that matter most.
“Aikido is efficiency. It helps us prioritize what we need to protect and not spend time on things that are not material.”
Remediation speed improved dramatically.
Previously, teams would identify vulnerabilities and then spend additional time locating affected code, understanding the impact, and determining the correct fix. Today, developers receive clear remediation guidance directly alongside findings.
“Time to remediate has been a game changer.”
The platform also helped the organization consistently meet remediation SLA targets during a period of rapid change. As the company expanded its digital footprint, security commitments that once felt ambitious became achievable. Security became easier to operationalize and easier to measure. The team could track progress against transformation objectives, demonstrate coverage across applications, and communicate outcomes to executive leadership and the board.
According to Joshy, being able to deliver on those commitments became one of the biggest successes of the program.
“We promised something, we were able to deliver that. That's been huge.”
Rather than relying solely on perimeter controls and static rule sets, Oncourse now has continuous visibility across the application lifecycle, from development through production. The result is a security program that supports innovation without slowing it down.
How Oncourse uses Aikido today
Currently using
- Zen Firewall (runtime application protection)
- IDE integrations
- CI/CD security scanning
- Vulnerability prioritization and remediation guidance
- Jira workflow integrations
Planning next
- Broader application coverage across the organization
- Additional developer workflow integrations
- Enhanced executive and board-level security reporting
Final verdict
“Aikido is efficiency. It helps us prioritize what we need to protect and not spend time on things that are not material.”
