DayZz logo

How Agoda uses real-time data observability to protect their application environment

The global scale of its business means Agoda has an ever-changing application environment. Every day, thousands of microservices which handle the data of millions of customers are modified and created. 
6600+ employees
Ready to get started?

Agoda (part of Booking Holdings, Inc.) operates as a digital travel platform in 26 markets worldwide, boasting 4 million hotels and homes listed.

To protect customer PII and PCI, Agoda's Security Operations and Response team needs to have precise and near real-time understanding of their infrastructure, right down to each individual asset and the corresponding data flow.

Agoda’s selection criteria:

✅  Clear data navigation
✅  Full PII/PCI discovery
✅  90%+ detection accuracy
✅  Alerts on data flow changes
✅  Custom classification
✅  Ease of deployment
✅  On-prem and private cloud
✅  Seamless integration
✅  Responsive support

We had very clear selection criteria in mind, spoke to all major DSPM players and Soveren was the one that checked all the boxes.
Guy Fridman
Directory of CyberSecurity at Agoda Booking Holding

Agoda had 3 main challenges:

  • Real-time discovery of data-handling microservices and data sources without direct involvement from application owner
  • Organizational-wide data security protocols (e.g., no sensitive data outside approved environments) and continuous monitoring of potential deviations
  • Rapid remediation of security violations with real-time alerting systems
Without Soveren, our Security Operations and Response team was fighting an uphill battle — manually looking for data risks — to secure our application environment.
Guy Fridman
Directory of CyberSecurity at Agoda Booking Holding

Full observability into the data layer for the entire application environment

Agoda set out to automate their manual review processes to achieve 100% data observability with zero blind spots, and reduce resources spent on manual security guardrails.They use Soveren to discover all their microservices and associated connections to data stores. Soveren continuously maintains a complete and automated single source of truth of their assets and the data they process with a 95% detection accuracy. Soveren integrates natively with Kubernetes in both Agoda’s on-premise and cloud environments, analyzing network traffic with zero impact on application latency or performance. This also enables Agoda to automatically enrich their service catalog with the exact data types that a service produces and consumes.

Automated data and asset discovery (image contains demo data)

Instantly uncover any data creep

Building a single pane of glass for everything sensitive data-related in the application layer was the first step. The biggest challenge for Agoda was to control the inevitable changes in the data usage of microservices in their dynamic environment. Agoda now uses Soveren’s security monitor for that. All security-approved data usage and flows per microservice are anchored in data security protocol rules. Soveren continuously checks actual behavior against these rules and immediately reports any violations that are uncovered.

Demo data in the image

Real-time alert system, seamlessly integrated

Integrating Soveren’s alert system was the final step after having full observability and continuous monitoring in place. Agoda, like all companies, needs to reduce alert fatigue. Knowing the data context helps Agoda prioritize the alerts that dramatically impact the business because they put sensitive data at risk. Agoda integrated Soveren into their existing SIEM system via the configurable webhook to optimize alert prioritization. Security teams are now aware of any data security risks before they become full-blown incidents.

Demo data in the image
The deep integration of Soveren with Kubernetes makes using the policy builder a breeze. Being able to set policies based on existing CI/CD practices saves us lots of time.
Coleton Peterson
Principal Cloud Security Architect at Agoda Booking Holding

Agoda's production environment is constantly evolving; thousands of microservices are modified or created every day, with every product release. Agoda's security team's mission is to have a clear, reliable, up-to-the-minute understanding of their infrastructure, down to every asset and the data they process.

This usually means delaying product releases to carry out manual reviews. But where manual processes and incumbent tools fall short, Soveren provides Agoda with complete, reliable, up-to-date observability across the data layer in the production environment.

Soveren achieves this by:

✅  Mapping real-time data flows, including with third-parties
✅  Detecting and classifying sensitive data and assets
✅  Monitoring security, privacy and compliance policies
✅  Alerting in real-time of changes, violations or risks

Soveren stands out with its straightforward integration and rapid delivery of precise data insights, offering a level of visibility that’s second to none.
Yaron Slutzky
Chief Security Officer at Agoda Booking Holding

Soveren seamlessly integrates with Agoda's security stack and operating workflows (in-house service catalog, Slack, Jira, Sentinel) for optimized alert prioritization and risk remediation.

Agoda case-study

How Agoda uses real-time data observability to protect their application environment.
Download PDF
Ready to get started?
Get a demo