Banco Galicia Enhances Digital Security and Efficiency with Veracode

Background/Challenge

Banco Galicia, the largest private bank in Argentina, embarked on a digital transformation journey in 2018. As they progressed, it became evident that standard tools were insufficient for protecting applications. The need for a robust Application Security (AppSec) solution became critical, especially with the onset of the pandemic, which necessitated that customers be able to perform all transactions online without visiting branches. This shift made Application Security a paramount component of the bank’s risk management strategy.

Solution

In response to these challenges, Banco Galicia evaluated several AppSec vendors, including all Leaders in Gartner’s Magic Quadrant, Application Security Testing (AST), but ultimately chose Veracode due to its versatility and ease of integration into their existing CI/CD pipelines.

“Veracode’s platform allowed us to begin scanning both static and dynamic code within a month, integrating seamlessly with minimal configuration.” Sebastian Wilke, Banco Galicia’s Cybersecurity Manager, noted. “The cloud-based nature of Veracode’s offering was particularly beneficial, enabling Banco Galicia to implement the tool with just one API call and without the need for additional infrastructure installations.”

After achieving stability with the platform and the comprehensive adoption of static scanning in pipelines, we decided to move forward with the detection of vulnerabilities in third-party libraries using Veracode’s SCA solution. This tool allowed us to define blocking policies and procedures regarding vulnerabilities that we inherited from third-party vendors and that we were not aware of.

In this way, by unifying restrictive policies for our own and third-party code, we achieve much secure application integrations.

Results

The implementation of Veracode transformed Banco Galicia’s ability to scale digital security while managing risk efficiently. Now applications are being delivered more securely and with reduced risk for customers.

Wilke shares, “Before Veracode Fix, developers often struggled with fixing vulnerabilities, but now developers receive precise guidance, reducing the time and effort needed to secure applications. There’s significant cost savings by reducing the resources previously spent on fixing vulnerabilities. The overall impact is a more secure, efficient, and cost-effective development process, enhancing both customer trust and operational efficiency.”