About Aquanow
Aquanow is a B2B fintech company offering institutional-grade cryptocurrency trading platforms and digital asset management solutions. Their customers include financial institutions, banks, and investment firms looking to expand their presence in digital asset markets.
Dhaval Tailor, an Infrastructure Security Engineer at Aquanow, works within the DevSecOps and Engineering teams. His responsibilities span application and cloud security, CI/CD pipeline security, data protection, IT governance, and regulatory compliance.
The Challenge
Before adopting StepSecurity, Aquanow faced critical visibility gaps in their CI/CD pipelines—especially during runtime. Despite implementing multiple static analysis tools, they lacked the ability to detect anomalous behavior that only manifests during pipeline execution. This blind spot presented a substantial supply chain security risk.
The problem became more severe after migrating to a monorepo architecture, which introduced:
- Increased CI/CD complexity
- A surge in network and package dependencies
- Risk of unmasked secrets during builds
- Extended execution times
Aquanow required real-time runtime monitoring of CI/CD workflows, including visibility into:
- Network activity during job execution
- Behavior of untrusted packages or GitHub Actions
- Use of plaintext secrets or credentials at runtime
“Without StepSecurity, we had no visibility into unmasked secrets or API keys used by untrusted packages during pipeline execution.”
- Dhaval Tailor, Infrastructure Security Engineer at Aquanow
They had also tested other open-source solutions—but those lacked critical enterprise features like:
- Centralized GUI-based management
- Secure agent rollout at scale
- Real-time exception handling
- Logging and runtime observability
Why StepSecurity
Aquanow discovered StepSecurity through online research while evaluating CI/CD supply chain security solutions. After conducting PoCs with several tools, StepSecurity stood out due to its rich feature set and enterprise-readiness.
Key reasons for choosing StepSecurity:
- Centralized rollout: Easily deploy the security agent across multiple GitHub repositories.
- Governance & control: Manage policies and visibility centrally via a GUI.
- Runtime observability: Investigate which process triggered a suspicious event.
- Rapid exception handling: Instantly unblock developers via an easy-to-use exception system.
- Domain/IP control: Enforce granular allow/block rules for outbound connections.
“StepSecurity checks all of these boxes. It is fairly easy to roll out to organization wide through GUI and easy to maintain afterwards. The key thing that we were impressed with is the ability to investigate the process events to identify what process is triggering the events. Not only that, but we also liked their exceptions management capability to unblock developer in a matter of minutes when they get blocked by StepSecurity rules. I think these two capabilities distinguished them well from others.”
- Dhaval Tailor, Infrastructure Security Engineer at Aquanow
Features That Made the Difference
- Runtime Activity Monitoring: Unparalleled insight into CI/CD behavior—who called what, when, and why.
- Centralized Agent Management: Deploy the agent across all or selected repositories with minimal effort.
- GUI-Based Governance: Security teams can approve exceptions, monitor pipelines, and enforce policy—all in one place.
Impact & Results
After rolling out StepSecurity, Aquanow saw significant improvements:
- Runtime visibility: Continuous monitoring of workflows enabled detection of threats in real time.
- Incident response: Real-time alerts allowed the security team to react quickly, reducing Mean Time To Detect (MTTD) and Mean Time To Respond (MTTR).
- Protection from recent attacks: Proactively mitigated risks from real-world incidents like the Shai Hulud NPM and s1ngularity AI-driven attacks using cooldown features.
- Time savings: Security engineers no longer waste time manually investigating suspicious actions. Everything is surfaced in the StepSecurity dashboard.
“StepSecurity has become a vital part of Aquanow’s CI/CD security strategy. It provides real-time visibility into workflow execution, detects suspicious behavior, and enforces best practices—from secret management to outbound network control—making our pipelines more secure than ever before.”
- Dhaval Tailor, Infrastructure Security Engineer at Aquanow
.png)
