Bullish reduces costs, increases efficiency, and enhances overall security posture with Traceable

Download Case Study
INDUSTRY
Financial Services
REGION
North America
Matt Presson
Chief Information Security Officer, Americas

Discover how Traceable automated Bullish's API security testing, reducing manual processes from weeks to hours, and how it enhanced API visibility and performance, safeguarding sensitive data and digital assets.

Executive Summary

Bullish is a regulated cryptocurrency exchange focused on serving institutional clients. As a digital asset platform, Bullish’s entire operation is built on APIs, which power all client interactions and trading activities. The security and performance of these APIs directly impacts client trust, operational integrity, and ultimately, the company’s bottom line. Any vulnerability in the API infrastructure could potentially expose sensitive data and digital assets, or disrupt trading operations, making robust API security critical. 

"API security testing before and after Traceable boils down to something very simple: manual versus automated." - Matt Presson, Chief Information Security Officer, Americas at Bullish

Bullish uses Traceable’s API security platform to proactively secure APIs and continuously manage API security posture. With Traceable, Bullish has a complete catalog of their organization’s APIs that automatically keeps up with the changes made by their development team. One of the most significant benefits Bullish has realized from implementing Traceable is the automation of API security testing. Prior to Traceable, Bullish's security team had to manually review API specifications and create test cases, a time-consuming and error-prone process. Traceable automates this by analyzing real-world traffic to generate relevant test scenarios, significantly reducing the time required for comprehensive API testing from weeks to hours. This proactive approach has dramatically improved Bullish's ability to maintain a robust security posture in their fast-paced, regulated environment.

Case Study Highlights

Company

Bullish is a regulated digital assets exchange that is making trading more rewarding and secure. The company primarily serves institutional clients and other serious traders. Bullish was built from day one with the objective of being an institutional-grade platform, and security is a critical part of that mission. 

Challenges

  • Getting visibility into internal (east-west) APIs
  • Keeping up with the rapid pace of API change and development, making it difficult to maintain testing and other security programs manually
  • API security testing was time consuming and error-prone, taking security engineers weeks to manually review API specs and create test cases

API Security with Traceable

  • Visibility and testing coverage for all APIs, including internal APis
  • Conformance analysis enables the security team to stay on top of new or modified APIs, by identifying deviations from API specs
  • Automatically configures test cases, reducing engineering time spent on testing from weeks down to hours
  • Enabled Bullish to scale API security testing across all internal and external APIs
“Partnering with Traceable was absolutely the right decision for Bullish. It gave us increased flexibility, increased observability in our systems, and really helped us streamline our processes, be more efficient, and save money.”