Case Study

The problem

Before their Defense.com™ SaaS platform was launched, Bulletproof were primarily focused on penetration testing, vulnerability scanning and managed SIEM services, with their technology stack hosted in a private data center on their own purchased hardware. They mainly deployed virtual machines, alongside bare metal for services that had more intense performance demands, such as their Security Information and Event Monitoring platform (SIEM).

When building Defense.com™ and moving to a SaaS service model Bulletproof knew it was time to look at a more modern way to manage their infrastructure. Defense.com incorporates many different modules within its packages and each one of these has a unique requirement for how it utilizes infrastructure and needs to scale. This led to Defense.com moving to a microservices approach for each module - which required a complete re-think of its technology strategy.

With significant ongoing investment into the company to quickly scale Defense.com™ to reach their goal of becoming a world leader in cybersecurity, it was apparent that hosting on their own hardware wouldn’t allow the service to rapidly scale on-demand as customers came on board. It was clear to the team that they needed to move to the cloud, but with a provider who could offer them a modern, flexible way of hosting applications to meet five key objectives:

How Civo helped

Defense.com™ evaluated many of the hyperscale providers such as AWS, but repeatedly came across barriers to entry. The number of products and complexity was overwhelming and they needed some guidance on their future technology choices.

CEO Oliver Pinson-Roxburgh said “One of the hardest challenges was speaking to someone that understood the unique requirements that hosting Defense.com™ presented, with most hyperscale providers preferring to push their customers through consulting partners, it was just very hard to get a conversation started”

Understanding the huge range of different products and the price lists that hyperscale providers offered was also very daunting, and what we really needed was some simple advice to guide our technology choices and confirm some of our own thinking.”

At the time when Defense.com™ was looking for a hosting partner, Civo had just launched its Move to Kubernetes initiative - designed to help support companies who are looking to adopt a cloud-native approach to managing their infrastructure.

Pinson-Roxburgh added, “We came across Civo. I'd previously heard from a colleague about the good things they were doing and we were immediately drawn to the fact Civo only focused on cloud-native technologies, and more specifically Kubernetes.

From our first engagement Civo was able to offer the advice and support we needed, which allowed us to confirm our thoughts that Kubernetes was the right technology choice for us.”

In close collaboration with our tech teams and cloud native consultants, Civo carried out a proof of concept with the Defense.com™ DevOps team.

Pinson-Roxbugh explained “For the PoC we were hugely impressed when Civo set up a direct Slack Connect channel so we could directly and easily interact with their SRE team. We then worked closely with their cloud native experts, many of whom are CNCF ambassadors.This was very comforting given they are directly involved with the CNCF and steering the future of Kubernetes and other cloud native technologies.”

As a critical step of their supplier evaluation process, Defense.com™ carried out an extensive black and white box penetration test of the Civo public cloud infrastructure. Their penetration testing team, used to testing Fortune 500 companies, were very impressed with the design decisions taken to ensure tenant segregation at all levels.

Pinson Roxburgh said, “Our security teams ran very extensive tests against the Civo systems and applications to ensure there were no weaknesses. The results were excellent and it gave us great confidence in hosting customer data with Civo.”

One of Civo's core objectives is to help improve productivity for companies. It’s our belief that if we can help companies build, test and deploy applications quicker, then it will directly improve their revenue and bottom line. Civo can launch a full Kubernetes cluster in less than 90 seconds, which is far quicker than our rivals. Our team is even working hard to reduce this further, with a goal of getting this to under 30 seconds.

Defense.com had some unique requirements, such as running large numbers of vulnerability scans for their clients. Sometimes only a handful of scans might be running, but at other times thousands could be active depending on the time of day and number of systems scanned simultaneously. Civo needed to demonstrate how quickly we could scale on-demand, which was set as one of the key success measurements for the PoC.

Pinson-Roxbough added, “The proof of concept was a huge success, not only were they able to meet our 5 key objectives for security, reliability performance and scalability - they also exceeded our expectations when it came to demonstrating the ease of using their platform and how fast you can launch a fully operational Kubernetes cluster compared to rival providers.

This additional agility made them the clear choice for us, especially given the ephemeral nature of the way some of our services work.

We also love that their community are clearly security advocates and bring the latest Kubernetes security best practices to life.

With the rapid success of Defense.com™ and how fast they are growing, it’s crucial that costs don’t get out of control, and Civo’s simple and predictable billing model gives them additional peace of mind. Hyperscaler billing complexity is well documented, so Civo were able to reassure Defense.com that our model removes any nasty surprises from bills, meaning a more consistent and predictable spend.

Pinson-Roxbugh summarised: “The simplicity of Civo is a key strength of theirs, many providers we evaluated made things extremely complicated in terms of the sheer amount of products offered, the barriers to entry in getting started, and overly complex metered billing models.

We’re very happy to have found Civo and their simple approach to cloud native hosting.”

Products and tools used

Defense.com™ takes advantage of a number of different Civo products and tooling. They are also big users of some third-party automation tools.

Kubernetes

• Defense.com™ transitioned away from a single large environment hosting all applications, and instead moved to Civo Kubernetes where smaller clusters are assigned per application. This helps reduce the scope for single point of failure issues.
• Applications were deployed in a tiered structure, with top tier (most critical) applications hosted across different Civo regions for maximum resilience.
• By using the flexibility of Civo Kubernetes and its industry-leading cluster launch times, Defense.com™ developers are able to create production-like replicas super quickly, and maintain a streamlined CI/CD process to help improve developer productivity.
• Civo's rapid Kubernetes launch times enable Defense.com's vulnerability scanning engine to quickly scale on-demand, allowing thousands of scans to be run simultaneously.

Persistent Volumes

• Previously Defense.com™ developers had to handle and troubleshoot their own storage per volume. This meant they had to closely manage capacity across the entire cluster. Civo Persistent Volumes enabled the team to remove direct storage from the clusters, allowing for more usable capacity by applications. Data resiliency was also further increased with data replication handled under the hood by Civo.

Private Region

• Civo commissioned a Private Region for hosting SIEM data. This hosts a highly scalable SIEM platform based on Elasticsearch and is currently processing in excess of 80 million logs per day. It provides industry leading performance for SIEM event searches, which is one of the unique selling points of the Defense.com™ SIEM offering.
• The ZTP provisioning system designed by Civo allows Defense.com™ to launch new Private Regions worldwide as soon as CivoStack-optimised hardware lands at a data center. Within 20 minutes of hardware arriving in the data center, CivoStack is ready and operational thanks to our no-touch install process.

Compute

• Defense.com™ penetration testers use Civo's Compute service to provide them with virtual machines which are used to install the tools they need to carry out tests (e.g. KaliLinux). Having access to virtual machines is very useful for the team and for certain specialized use cases.

Teams feature

• New technical team members were onboarded with only the permissions to resources they required to access within development, staging and production accounts.

CLI

• Initial PoC was carried out using the Civo CLI, whereby the speed of creating new clusters allowed for rapid testing. Once a pattern was defined, Defense.com™ moved to using the Civo Terraform modules for reusability.
• The Civo CLI is also used by the team to manage and configure clusters from time to time.

Terraform provider

• The Civo Terraform provider allowed the team to rapidly scale from a PoC architecture to a multitude of applications. Terraform modules were heavily used to allow for repeatable and consistent deployments.
• Terraform allowed for the same environment to be deployed across multiple Civo accounts to limit engineer access control to production applications where required.

Marketplace

• The Civo Marketplace was particularly useful in helping Defense.com™ developers deploy one-click applications like Redis and MariaDB when carrying out internal development work.