Why we chose Workato as a component of a cybersecurity product

November 23, 2021

Why CyCognito embedded Workato

CyCognito is a cybersecurity company that empowers large enterprises to visualize their attack surface, prioritize their risk with rich business context, and enable continuous and quick remediation to help them stay ahead of attackers. 

Selecting a white-glove solution to a complex challenge

At CyCognito we’re on a mission to prevent breaches by giving security teams the ability to eliminate security blind spots and weak spots on their attack surface.

To do that, we need to be able to take our insights and integrate them into our customer’s environments. But with many customers come just as many different workflows and tools. We knew we had to build this bridge between our platform and the ways our customers work, but there was a fundamental question: would building and maintaining dozens (or even hundreds) of connectors and integrations be the best use of our engineering time and resources?

We didn’t think so. Instead, we set about looking for a solution that would allow us to focus on the core value we bring and not spend our efforts on implementing integrations and automations. The challenge was to find the right partner—one that could provide one that would enable us to deliver a robust and scalable service that our customers demand and expect from us.

Why we needed software

The initial goal was to remove all data integration work from our developers. We found ourselves spending so much on streamlining connectivity that we risked either forgoing value-added projects or losing out on client opportunities.

The benefits we knew we needed 

  • Scalability, because we needed to expand quickly
  • Ease of integration with third parties
  • Flexibility and customizability to each client’s unique environment
  • Seamless embedding into our product

Criteria for evaluation 

Our decision-making matrix underwent some changes as we went along, and as we gained new insights from speaking with all the possible solution providers.  

Must-haves: 

  • Security – Considering our line of business, this was a no-brainer. We couldn’t offer our clients cybersecurity software that added a new vulnerability from a component developed by a third party. Auditable SOC 2 compliance is key, as is awareness of relevant privacy laws, but what is just as important in the cybersecurity industry is an ability to support SIEM integration.

  • Automation –  No matter how low-touch an activity becomes, there will still be the point where it requires human hands. We need the ability to take friction out of business processes and workload management at and between those touchpoints.

  • Enterprise integration – Applications are just part of the requirement. Certainly, the programming interface is critical, as is back-end application integration. But data synchronization is just as essential, and we wanted the same software suite to smooth out both the apps and the data.

  • Ease of implementation – We market our own product based on this benefit, but it can only be as easy to implement as its components are.

  • Level of support – We are not workflow automation experts, and we don’t expect our clients to be either. We needed a partner to respond with speed and expertise to our service requests.

Nice-to-haves: 

  • Ease of use – Low-code/no-code solutions are critical for any embedded software. We wanted a front end which would simplify rather than complicate our job.

  • Richness of libraries – Following on from ease of use, the less code a software package uses, the more it has to rely on tables. These need to be in place before a low-code/no-code solution can be put into production.

  • Extensibility – Cybersecurity changes at the speed of some very resourceful hackers, so new and upgraded functions are inevitable. Maintaining a low level of workflow automation effort as CyCognito’s product matures will become more important as we grow our customer base and capabilities.

  • Customizability – Just as CyCognito is different from Workato’s other clients, each one of our clients have unique needs as well.. We needed a solution that would allow us to turn the dials to optimize for any environment.

Demo & findings

What I found uniquely in Workato—was a new level of extensibility, customizability and most importantly ease of use.

Workato’s third-party connection gallery was particularly helpful. Zendesk, Teams, Splunk, Jira, Slack and many other vendors our clients were likely to interface with were already hardcoded into Workato’s core product. The gallery also includes email integrations which is an often overlooked but  an essential productivity need. That gallery was attractive to CyCognito because we had done this sort of work ourselves and knew just how much of a struggle it can be. We had to dedicate a software engineer to do nothing else but build and maintain third-party connections. That’s a very expensive resource whose talents could have been directed toward making our clients’ systems more secure. 

Out of five potential vendors, we short-listed three. Ultimately, we only chose Workato, to kick off the proof of concept phase.

The details 

We started off with the basic offering, leveraging Workato APIs and wrapping it into the CyCognito product. Through the PoC, we saw great value in the Workato user interface, so we moved on to the next level up. We continued to be impressed with the options as we discovered them. Soon we were looking at the full embedded experience, which we eventually moved forward with.

During the beta tests, we had an opportunity to land a high-profile new client, but only if we could deliver Splunk integration. We got that job without an inordinate investment of engineering resources because we had Workato embedded. We were also able to delight an existing client who needed to connect with Zendesk.

Of all the differentiators, though, I would say the drag-and-drop UI was the most compelling. Of course, other companies offer good front ends as well, but there’s often a tradeoff. With Workato’s embed experience, we didn’t have to give up flexibility or ease of implementation for a smooth user experience.

It would be disingenuous to say that cost was not a factor. While it was not necessarily the lowest bid, Workato offered the highest ROI. We calculated that, for the cost of five months of a dedicated engineer’s time, we could engage Workato for a full year, and without the hiccups and skill blindspots that relying on any one individual would entail.

Decision time

What really sealed the deal, though, was Workato’s people. Yes, I had to pitch a business case to the CEO and CyCognito’s largest financial backer. What convinced me—in addition to the functionality—was the confidence in the team that was working with us through the PoC and testing activities and the belief that they could handle our needs once they earned our business.

The team who was dedicated to our PoC not only understood our business, they were passionate about it. They wanted to play in the cybersecurity space every bit as much as we do. None of the partners we considered had as much experience in our space as we had hoped, however the Workato team expressed an eagerness to do anything they could to embrace our market and customer needs. They were not only professional and enthusiastic, but also committed to giving us all the support we needed. In summary, we expect team Workato to be our long term partners in our growth journey ahead!