How Kivra secures 1,000+ monthly deployments with Detectify

Built using: Surface Monitoring

Kivra's achievements:

By implementing Detectify, Kivra has:

• Agility and DevOps principles with decentralized security ownership: Kivra shifts security responsibility from a central function, removing the traditional gatekeeper bottleneck.
• Automates asset visibility: Kivra replaces manual tracking with automated visibility into its attack surface with Surface Monitoring, providing a low-friction way to secure its rapidly evolving environment.
• Accelerates remediation loops: Kivra acts on vulnerabilities within minutes, supporting a high-frequency environment that executes thousands of deployments every month.
• Eliminates manual security overhead: Detectify automates the discovery of non-value-add vulnerabilities and risks with Surface Monitoring, allowing Kivra’s engineering talent to focus on high-value product innovation.
• Optimizes workflow integration: Kivra reaches high engagement by meeting developers where they are, in Slack, using automated threads and collaboration.

The gatekeeper bottleneck

In a high-trust, agile organization living with DevOps principles like Kivra, traditional security models create friction. When a centralized security team acts as a gatekeeper, it slows down innovation. Kivra sees security as an enabler, not a roadblock.

Whenever we try to centralize stuff, we fail. Security is one of those things that traditionally end up being a gatekeeper, someone who says no, and then people get annoyed.

— Jens, Chief Security Officer, Kivra

In the age of AI, where the exploit window shrinks to minutes, Kivra needs a way to catch vulnerabilities without manual intervention.

With AI, we must have the capability of fixing things within minutes, says Jens.

A secure application security platform for agility

Kivra chose Detectify because it seamlessly integrates into their agile and DevOps security philosophy, but also for its unique ability to catch emerging threats. By combining a crowdsourced community of ethical hackers with Alfred AI - an autonomous engine that continuously scans global intelligence to automatically build and deploy tests for newly discovered vulnerabilities- Detectify keeps them ahead of active exploits. Detectify acts as the safety net that monitors the application landscape continuously. When the platform identifies a risk, it routes the data immediately to the relevant team. This closes the loop between discovery and remediation instantly, keeping security "invisible" until it requires action. Kivra eliminates manual, non-value-add work by utilizing Detectify’s Surface Monitoring. Without Detectify, Kivra faces a significant gap in visibility that requires tedious manual work to close. Instead of hunting for assets, the team focuses on strategic product development.

If we didn't have Detectify, we would use valuable hours doing non-value-add for us as an organization. My job is to enable the teams to focus on product development, spending less time and energy worrying about security

Kivra relies on Detectify to outpace emerging threats, ensuring that its security posture evolves as fast as its codebase.

I trust that Detectify will always outpace us in identifying new threats. It gives us peace of mind knowing that Detectify will find any new issues.

— Jens, Chief Security Officer, Kivra

Interaction defines the success of Kivra's security tooling. Jens notes that central UIs and back offices often go unused because people forget to log in. Surface Monitoring is able to help visualise Kivra's attack surface in an efficient way.

Fixing vulnerabilities in minutes, not days

Success at Kivra means agility over rigidity. The goal is a tight feedback loop where the system catches vulnerabilities and routes them directly to the teams responsible for the code. This allows teams to fix issues within minutes. Rather than just counting incidents, Kivra defines success by the ability to move fast and fix things immediately.