Image
+
Image
Tarsal Case Study

Upstart and Tarsal: Expanding SaaS observability 

About Upstart Network, Inc.

Upstart is the leading AI lending marketplace, connecting millions of consumers to more than 100 banks and credit unions that leverage Upstart’s AI models and cloud applications to deliver superior credit products. With Upstart AI, lenders can approve more borrowers at lower rates across races, ages, and genders, while delivering the exceptional digital-first experience customers demand.

As the company has grown in scale and prominence, it has also drawn the attention of bad actors. To help ensure the security of its software applications, it sought out a partnership with Tarsal.

The Challenge

Upstart needed a way to protect its Software as a Service applications. Specifically, it needed consistent logs from those SaaS apps to detect and effectively respond to critical incidents. Logs provide important insights into users’ actions and any suspicious activities.

The company first began by writing in-house connectors to their SaaS apps, and in the process faced some challenges with their set-up, including:

  • Building custom alerts in case of failures of the SaaS API
  • A need for automatic recovery for certain categories of failures 
  • Maintenance in case of log format change
  • Poor documentation for retrieving audit logs from some SaaS apps
  • No standardization or enrichment across the industry 

Build v. Buy: The Analysis

Upstart completed a thorough build vs. buy analysis before partnering with Tarsal.

When building a detection, Upstart’s engineering time is spent in three stages:

  1. Gaining the access to gather the logs
  2. Building a transport mechanism to collect the logs
  3. Comprehending the events in the log feed to build an effective detection

This case study focuses on the second stage for log feeds that do not have a native integration with Upstart’s log aggregation platform. This second stage is 75% of the overall engineering effort to onboard a log feed for a detection.

In their analysis, building one new connector took on average 1.5 weeks. They expected a minimum of 20 weeks to onboard the 20-30 log sources they deemed necessary, not including maintenance time. 

A major API change also required them to rework integrations. These reworks require an average of one Eng week, and are expected to be done approximately once every five years per application. At 30 applications, this would require six extra Eng weeks per year.

This brings their estimated cost to build and maintain 25 log source connectors to:

Up Front

  • 37.5 Eng weeks to create the integrations
  • 12.5 Eng weeks to tune the alerts
  • 2 Eng weeks of improving observability
  • Total: 52 Eng weeks

Maintenance

  • 5 Eng weeks a year of handling version upgrades
  • 3-4 Eng weeks a year of handling changes
  • 9 Eng weeks of maintenance

Given the high upfront cost and continuing maintenance to build this in house, the team sought a one-click, zero-maintenance solution that could accelerate this process and seamlessly integrate SaaS audit log sources into their log platform.

The Solution: Tarsal’s One-Click, Zero-Maintenance Integrations 

Upstart partnered with Tarsal to onboard their SaaS audit logs with zero overhead. Tarsal’s platform provides centralized, high-performance data ingestion and normalization, designed to integrate seamlessly with Upstart’s log platform.

Key benefits of the solution:

  1. Rapid SaaS audit log onboarding: Without Tarsal, onboarding a new log source took 1.5 weeks. With Tarsal, it takes 15 seconds.
  2. Zero-maintenance: Tarsal maintains all connectors for Upstart, including API changes, version upgrades, etc. 
  3. Collaborative connector development: Tarsal ships connectors that Upstart requests in the timeline that they need it by. 
  4. Normalization: Tarsal automatically normalizes indicators of compromise for easy correlation.

Results

After implementing Tarsal’s platform, Upstart saw immediate improvements in their security operations:

  • Enhanced Security Posture: With all of their SaaS audit logs centralized, Upstart’s team was able to identify and mitigate threats faster and with greater accuracy.
  • Increased Productivity: Tarsal allowed Upstart’s security team to focus on protecting their organization, rather than building connectors.
  • Elevated Security Operations Maturity: Tarsal accelerates Upstart’s SecOps maturity by giving them overnight visibility into their threat vectors.
  • Accelerated Log Onboarding: Tarsal helps Upstart onboard log sources with 75% less effort than building log integrations in-house, providing immediate ROI.
  • Expanded Visibility: Tarsal has delivered one new integration from Upstart’s standard priority connector backlog per month since the beginning of the contract period. During the Proof of Concept phase, Tarsal also delivered a high-priority integration in under two weeks.

Conclusion

By partnering with Tarsal, Upstart has streamlined its security operations organization, expanded visibility into threat vectors, and enhanced its ability to detect and respond to threats. With Tarsal, Upstart’s security team now enjoys greater visibility, performance, and agility as they continue to grow and innovate in the financial services industry.

“A huge part of the work in writing a new detection is in onboarding and normalizing that log source. Tarsal takes away that overhead, allowing us to focus on protecting our company, instead of wrangling API documentation. With Tarsal, we onboard logs in minutes, not months.”  —Chris Schafer, Senior Engineering Manager, SecOps

Testimonials

50% of the work in writing a new detection is in onboarding and normalizing that log source. Tarsal takes away that overhead, allowing us to focus on protecting our company, instead of wrangling API documentation. With Tarsal, we onboard logs in minutes, not months.

- Chris Schafer, Senior Engineering Manager, SecOps

Location / HQ

San Mateo, CA

Industries

Finance
Technology
More Case Studies