How Tradesolution secures Norway’s grocery supply chain with continuous attack surface monitoring

Built using: Surface Monitoring | Application Scanning | API Scanning

Tradesolution's achievements:

By implementing Detectify, Tradesolution has:

• 115% Expansion in subdomains with no visibility gap: Seamlessly gained total oversight of an attack surface that grew from 140 to over 300 subdomains without increasing manual overhead.
• Resolved 30+ High-Impact remediations: Identified and solved critical vulnerabilities that would have otherwise waited months for a manual audit.
• Accelerates the Mean Time to Remediation (MTTR): By automating the triage-to-ticket workflow with AI to translate complex vulnerabilities into actionable developer tasks, fostering a culture of shared responsibility.
• Cost-Efficient security budget usage: Achieved high-fidelity security monitoring that fits a medium-sized budget, outperforming the value and noise-reduction of legacy cloud providers.
• Continuous security posture: Transitioned from "point-in-time" yearly reviews to a weekly cadence of discovery and remediation.

The failure of "Point-in-Time" security

As Tradesolution expands its attack surface to support the logistics and transport integrations of ASKO and Orkla Health, legacy security models become increasingly difficult to scale. Øyvind recalls that "a yearly review didn't cover everything we wanted." Moving away from annual penetration tests became necessary because yearly reviews created data gaps regarding newly exposed assets and infrastructure changes between audits. Given the increased speed of system development, Tradesolution replaced infrequent manual audits with a continuous monitoring solution to maintain visibility across its environment and reduce the high costs associated with traditional "point-in-time" assessments.

It’s not enough to just do this yearly, Øyvind explains.

Tradesolution requires a solution that scales at the speed of development to protect stakeholders such as Coop and REMA 1000, especially when "functionality and system development have sped up a lot more."

Continuous, automated asset discovery and assessment

Tradesolution utilizes Detectify to maintain a continuous defense-in-depth strategy. By leveraging Surface Monitoring, Application Scanning, and API Scanning, the team maintains 24/7 visibility into its 300+ subdomains.

To maximize operational efficiency, Tradesolution leverages the Detectify API as a core part of its security stack. The team feeds high-fidelity scan data into an internal AI engine that "sorts them in user cases. These tickets populate directly, providing developers with the exact context needed to remediate risks.

"That's very important if you want to have attention from the developers," Øyvind adds, "trying to bridge security concepts to developer concepts.

Resulting in a continuous safety net

Today, Tradesolution maintains a highly secure and transparent baseline across its entire infrastructure. By automating discovery and triage, the IT team eliminates the infeasible manual workload of tracking an ever-growing attack surface. Detectify functions as the "Continuous Safety Net" within Tradesolution’s DevSecOps ecosystem. With this continuous oversight, Detectify acts as an automated, 24/7 auditor that validates every deployment, ensuring that security awareness persists as a weekly habit. Detectify provides the accuracy required to reduce "noise," as "it’s easier for me to filter out which ones I want to do something with." The result is a more resilient supply chain that secures the data of over 2,500 Norwegian customers. "It helps solve the challenges you don't know you have," Øyvind concludes.

Detectify has been instrumental in strengthening our security posture by giving us clear visibility into vulnerabilities across our systems that we simply wouldn’t have found on our own. The support from the Detectify team has been outstanding — responsive, knowledgeable, and genuinely invested in our success. We feel significantly more confident in our security today because of Detectify.

— Øyvind, IT Manager at Tradesolution