How 888 Holdings Centralized Global Security and Accelerated Remediation at Scale

888 Holdings, one of the world’s leading online betting and gaming companies, faced the task of securing a massive, globally distributed software footprint. With thousands of repositories and engineering teams spread across multiple continents, the organization struggled with fragmented visibility and disconnected tools. By partnering with OX Security, 888 Holdings established a single source of truth for their global operations. Golan Barash, CISO at 888 Holdings, notes that OX “is changing the software supply chain security game. It gives a complete and reliable snapshot of code security before deployment”.

Managing security across diverse, decentralized teams meant dealing with a significant visibility gap where risk data was scattered across legacy scanners. For an online gaming and entertainment powerhouse, the primary goal is delivering an “uninterrupted and captivating gaming experience”, which requires managing a complex infrastructure while maintaining impeccable security standards. The company’s existing measures were inadequate for the complexities of modern AppSec, making systems inefficient against a constantly evolving threat landscape. 888 Holdings recognized they could not risk disruption to their uptime and needed a more scalable way to secure their software supply chain.

To overcome these challenges, 888 Holdings implemented OX Security’s Active ASPM platform to replace fragmented AppSec tools with a streamlined approach that provided end-to-end coverage without disruption. As Golan Barash explains, “safeguarding our applications’ integrity and security” is paramount, and “adopting avant-garde solutions like OX is key to achieving this, ensuring our applications remain secure, dependable, and free from security worries for our patrons.” This strategy provided a comprehensive PBOM (Pipeline Bill of Materials), giving the organization a verifiable way to secure applications from initial commit through to cloud and runtime.

The turning point for 888 Holdings was the platform’s ability to map risks back to the exact line of code, regardless of which global team owned it. This transformation enabled Vibe Security, a state where security and engineering operate in sync. The organization’s interaction with OX was heavily influenced by a shift in philosophy: “Guided by industry experts Neatsun Ziv and Lior Arzi, we discovered OX. Our interaction with OX was further influenced by 888’s approach to transforming dashboards from mere visibility tools to dynamic process enhancers.” This allowed the security team to identify production risks and resolve them at the point of origin before they could be exploited.

The shift to an integrated, AI-native approach delivered immediate order and measurable operational gains for 888 Holdings:

• Centralized Global Visibility: Established a single source of truth for security across all international business units, effectively closing the visibility gap.
• Accelerated Remediation Cycles: By pinpointing risks at the source, the organization drastically reduced the time spent on manual triage and cross-team investigation.
• Eliminated Operational Noise: Automated prioritization removed the burden of chasing non-exploitable vulnerabilities, allowing teams to focus on high-impact security work.
• Streamlined Developer Experience: Integration into CI/CD pipelines empowered developers to own security at the moment of creation, reducing the volume of issues reaching production.

• Centralization is Mandatory for Scale: In a global organization, fragmented tools create blind spots that legacy scanners cannot close; only a unified control plane provides a clear picture of overall risk.
• Prioritize the Source, Not the Alert: To keep pace with modern engineering, security teams must move from detection to proactive risk elimination, solving issues before they leave the developer’s desktop.
• Context Empowers Decentralized Teams: Environment-aware intelligence is the only way to align global engineering units, ensuring every developer is focused on fixing what actually matters to the business.