How Jobvite Eliminated API Sprawl with Traceable’s API Security Platform

How Jobvite Eliminated API Sprawl with Traceable’s API Security Platform

The rise of distributed applications and microservices has created a new attack surface. One which is not fully understood by many security professionals or addressed by existing solutions in the market. In order to properly solve for API security, companies require a platform that can discover all APIs, protect and block malicious attacks, and provide granular analytics for threat hunting and forensic research.

Security Engineers, especially, continue to face the consequences of API sprawl, and have found that they must prioritize API security if they want to help reduce risk in their organizations. This means the ability to discover all APIs and understand their risk posture, as well as prevent API attacks and therefore, potentially costly data breaches.

With Traceable, you can confidently discover, test and protect your APIs, quickly deploy, and easily scale to meet the needs of your organization. 

Continue reading to learn how we helped Jobvite do exactly that.

Our customer, Jobvite, found that Traceable’s API Security platform was the only answer to securing the overwhelming number of APIs in their cloud environment. 

In this blog, we’ll summarize Jobvite’s challenge of API Sprawl, and how choosing Traceable for their API Security platform enabled them to gain insight into potential security incidents while preventing and mitigating risks and malicious attacks.

What is API Sprawl?

When people think of software architecture, they often picture layers of code. But in recent years, there’s been a shift from this model—known as the monolithic approach—toward a more modular development style. This new approach, known as microservices, has given rise to a phenomenon known as API sprawl. 

When it comes to APIs, the challenge isn’t always obvious, and the attack types are more insidious. Most organizations simply do not know their current API inventory, and this is a major problem. 

The reality – there are thousands of APIs in organizations, running on multiple clouds, and they are growing each day. And considering the complexity of APIs and given increasing API Sprawl, most organizations simply don’t have visibility into how many APIs they have, where those APIs reside, and what those APIs are doing. 

The use of APIs isn’t slowing down, either.

According to Gartner:

• 94% of organizations use or are planning to use public APIs provided by third-parties; up from 52% in 2019. 
• 90% of organizations use or are planning to use private APIs provided by partners; up from 68% in 2019. 
• 80% organizations provide or are planning to provide publicly exposed APIs; up from 46% in 2019. 
• APIs are critical to the success of organizations’ digital transformation programs. In a Gartner survey, 70% of enterprises cited APIs as important to digital transformation and API Security as their top challenge.

Jobvite’s Journey to API Security

Jobvite is leading the next wave of talent acquisition innovation with a marketing-centric approach to recruiting. Jobvite’s Evolve Talent Acquisition Suite offers more breadth and depth in functionality than any other talent acquisition technology available in the market, addressing the entire hiring lifecycle.

Jobvite has built their recruiting suite contains over 50,000 APIs.

Jobvite’s Challenges

• Severe API Sprawl, and consequently, not able to fully assess attack surface risk.
• Protecting customers’ personally identifiable information
• Need to mitigate risk by calculating the threat probability and automatically preventing successful cyber attacks
• Minimize human intervention with a full API Security Platform
• Secure more than 50,000 APIs, spanning four core workloads hosted across Amazon Web Services, Microsoft Azure, and Google Cloud.

Jobvite’s Results

• Saved over 1000 engineering hours/year.
• Reduces rework and costs by identifying security flaws early in Jobvite’s CI/CD process.
  
• Quantifies and mitigates risk by calculating the threat probability and automatically preventing successful cyber attacks.
  
• Delivers rapid return on investment with an affordable application security solution requiring minimal human intervention.

The Bottom Line

With Traceable, Jobvite has the intelligence of their entire suite, tracking thousands of APIs and understanding which to prioritize, and which vulnerabilities require attention.  Traceable’s API Security platform provides the team with much needed efficiency, allowing them to stay ahead of security threats and to ensure protection of personally identifiable information.  Seeing beyond the information provided by simple application performance monitoring, they are able to get in front of vulnerabilities and attacks, proactively blocking any suspicious activity.   The detailed insights delivered strengthen their application security while saving the company time and money. “It brings us a return on investment that’s several orders of magnitude greater than any of the other options we considered,” says Ghose.

__

About Traceable

Traceable is the industry’s leading API security platform that identifies APIs, evaluates API risk posture, stops API attacks, and provides deep analytics for threat hunting and forensic research. With visual depictions of API paths at the core of its technology, its platform applies the power of distributed tracing and machine learning models for API security across the entire software development lifecycle. Book a demo today.