Team Traceable
Traceable Customer Story: How a Fintech Company achieved Context-Aware API Security to detect and block threats
Fintech: one of the industries hardest hit by the need for API security, addressing additional API security regulations, as well as heightened risk by their increased attack surface.
One of our Fintech customers discussed with us why they sought out an API security platform: what trends were occurring industry wide, and what their experiences were that led them to that point. In this blog, we’ll summarize their journey to Traceable, highlighting how they avoided manual, in-house solutions while achieving context-aware API security.
Highlights from the Case Study:
- 770+ endpoints discovered
- ~300 events detected in one week
- Discovered and secured ~2000 API vulnerabilities
- ~2 million API calls/day
- Consistent identification of pen tests
- Context-aware security prevents attempted data exfiltration
Solving for API Security within a complex infrastructure
As the team was building out their solution, they knew they needed to solve for API Security and Protection in order to properly provide for total data security, while minimizing the costs associated with such. Aware that solving for this in-house would be costly, cumbersome, and insufficient, they looked to bake API security in by selecting a platform API security service.
One of the biggest challenges was their own infrastructure, they needed a solution that would increase their API security coverage, and selected Traceable because of the flexibility offered.
“We had specific requirements and Traceable’s team was very flexible to work with us. Over time they have worked with us to help increase the coverage across this tech stack, adding support for NGINX and parts within the ingress layer itself, we now get traces right from the ingress layer.”
Traceable API Security Platform provides context-aware security, eliminating the need for time-consuming threat-hunting and data analysis
The Head of Security at the Company opted for Traceable because it is “built by people who understand how API observability works.” With Traceable, the company has fine-grained controls and the easy ability to detect anomalies and block potential threats.
Immediately after launching Traceable, the company uncovered attempted data exfiltration. Because the Traceable platform accumulates all data, the platform can provide context-aware security. In this case, Traceable observed multiple anomalous events, determining that a threat actor had accessed sensitive data. Immediately, the threat actor was blocked and the crisis averted.
“When Traceable has detected actors who have been trying to access the system or use the system in an anomalous pattern, we are alerted and immediately able to block them. Beyond that,Traceable also gives us suggestions about how to make some of the APIs more secure, helping us to mitigate vulnerabilities from the start.”
As a new company, the Company also benefited from Traceable’s market experience. The team relies on Traceable not just for the API Security platform, but on the support team for additional guidance and insights. Traceable acts as an extension of the team, helping the startup neobank to put its best foot forward with the limitations on resources common to startups.
Rounding out their data security with Traceable has proven to be straightforward – Traceable provides the API security they need in their stack, while promoting a synergistic flow between other security tools the company uses.
You can download the entire case study here.
About Traceable
Traceable is the industry’s leading API security platform that identifies APIs, evaluates API risk posture, stops API attacks, and provides deep analytics for threat hunting and forensic research. With visual depictions of API paths at the core of its technology, its platform applies the power of distributed tracing and machine learning models for API security across the entire development lifecycle. Visual depictions provide insight into user and API behaviors to understand anomalies and block API attacks, enabling organizations to be more secure and resilient. Learn more at traceable.ai.
