Customer Story: Fintech company reduces attack surface by 10x with Traceable's API Security Platform
Traceable Customer Story: Fintech company reduces attack surface by 10x with Traceable's API Security Platform
Fintech stands as one of the primary industries facing disastrous repercussions from unsecured APIs. Being highly regulated, Fintech companies face not only the threat of malicious attacks and PR backlash, but also heavy fines.We recently sat down with one of our Fintech customers to discuss their API security journey. Providing digital investment and transaction services, this Fintech company needed to solve for its rapidly expanding attack surface. In this blog, we’ll summarize their journey with Traceable, providing highlights about how they discovered and secured tens of thousands of APIs in a distributed ecosystem, eliminating manual methods in favor of automatic API cataloging and protection.
Highlights from the Case Study:
- 20,000+ API vulnerabilities detected
- 10x reduction in attack surface risk
- Discovered and secured 10000+ unknown API endpoints
- 5x faster MTTR
Like many Fintech companies, their rapid development of APIs was causing API sprawl, a phenomenon in which a company has abundant APIs of varying types, in varying locations. This makes it nearly impossible to track and control. When companies develop APIs rapidly, ad-hoc, it can spiral out of control. Since you can’t secure what you can’t see, this company knew they needed to solve for API sprawl in a scalable way.
Before Traceable, it took a minimum of 5x longer to parse through the data available. With Traceable, it’s pretty much drag and drop to a large extent and filter down to what you’re interested in. - Fintech Company
Download the full case study here:
Loss of Control and Limited Visibility equals unknown risk
Lacking visibility into their APIs, the team had no clue what data was flowing through them, indeed they had no insights into their endpoints. They completed manual logging tasks to satisfy the need to collect data, but there was no ability to parse through the data meaningfully, and they also were unable to access data maintained by their SOC. Most insights related to threat actor activity was confined to the SOC team, leaving the product security team scrambling to protect their APIs via manual, inefficient logging which “was just making sure that our logging requirements were met.”
“Now, not only do we have this kind of API visibility in general with Traceable, but we also understand what the traffic actually looks like from a behavior standpoint. Whether that’s good behavior, bad behavior, some gray area in between, the data feels more democratized. It’s also open and therefore other teams can also use it,”
This FinTech product security team had a WAF, but it offered limited visibility and restricted their access to the logs, routing them to the SOC team. They evaluated Contrast security, but found it lacked the feature rich capabilities of a full API Security platform. They similarly rejected Signal Sciences, concluding that it was more of a WAF, which was a problem they were trying to solve, not replicate.
Summary
The team selected Traceable because it offered the API Security platform solution they needed to secure their APIs across the API lifecycle. Providing full visibility for all security teams, the data did not require parsing and analytics to understand, enabling them to prioritize more quickly and efficiently.
About Traceable
Traceable is the industry’s leading API Security company that helps organizations achieve API protection in a cloud-first, API-driven world. With an API Data Lake at the core of the platform, Traceable is the only intelligent and context-aware solution that powers complete API security – security posture management, threat protection and threat management across the entire Software Development Lifecycle – enabling organizations to minimize risk and maximize the value that APIs bring to their customers. To learn more about how API security can help your business, book a demo with a security expert.
The Inside Trace
Subscribe for expert insights on application security.