This neobank is subjected to compliance and regulatory requirements. Working in such an industry, with strict regulations and with lots of sensitive data to protect, the team looked to bake an API Security Platform into their security practices.
The security team understood the priority that API Security must take in their security infrastructure, recognizing that finding an API Security platform at the outset of their journey provided the best opportunity to create a security infrastructure that would both scale with them and be easily maintained on a fixed budget.
With these concerns top of mind, this Neobank made adoption of an API Security platform a top priority.
Traceable provides the coverage, precision, and recall for the malicious actors it finds. From my perspective, the fine grained rules allow me total control of who gets in and who doesn’t, and the ability to suspend access when necessary. This level of control makes Traceable a very easy tool to use, I have the ability to immediately react to threats.
Head of Engineering and Data Sciences
This cross border neobank enables fair access to global financial products. Understanding that the needs of a global citizen with financial footprints in more than one country are different from those of local residents, our aim is to simplify their financial world.
The team had prior experience in building home grown API protection solutions, and so when they went to launch their product, they knew they needed to solve for API Security and Protection without incurring the costs associated with building the solutions in house.
“We were just starting up, we had a small team, so it made more sense to find an API Security Platform, who specializes in monitoring and securing APIs, rather than build out solutions in-house.”
The team did not want to have to dedicate man-hours to building difficult to maintain in-house solutions. They also knew that by going with a product that didn’t deliver detailed behavioral analytics and insights, they would still have to dedicate an excess of time to unraveling what those insights actually were.
“Traceable had a ready-made platform product and we went for it. We use the insights from Traceable to fix our API system.”
The team needed to find an API Security solution that would fit in with their infrastructure. With a stack that was initially in Python on Django, they needed a solution that would increase their coverage. Without this, any tool would be a nonstarter.
“We had specific requirements and Traceable’s team was accommodating. Over time they have worked with us to help increase the coverage across this tech stack, adding support for NGINX and parts within the ingress layer itself, we now get traces right from the ingress layer.”
The Traceable platform provides value savings, allowing the Neobank to solve API Security concerns at scale without requiring an internal team to build and maintain their solutions.
According to the Head of Engineering and Data Sciences, determining that Traceable was the best platform to address their needs for total API Security protection was simple, “it’s actually built by people who understand how API observability works.”
“We got Traceable right about the time when we went live — It was not as a reaction to a problem. It was something we anticipated that we would need. We are a financial services provider and we wanted to get a solid platform, which can actually figure out anomalies and how someone is using our APIs, and that’s where Traceable came in”
With Traceable, the Neobank swiftly identified and prevented attempted data exfiltration, thanks to its comprehensive data collection and anomaly detection capabilities. By monitoring multiple APIs and user sessions, the team detected unauthorized access to sensitive data types and promptly blocked the malicious activity. Traceable also offers security suggestions and enables fine-grained access control, meeting the neobank’s expectations as a desired solution for proactive threat detection and response.
It provides me with fairly fine grained access to detect who is anomalous and then to control how to react to that.
Traceable streamlines data insights on its Dashboard, enabling easy comprehension for all users without extensive data analytics expertise. The neobank team efficiently protects their APIs without the need for logging or labor-intensive data interpretation. With Traceable’s readily available context and alerts, they successfully detected and blocked data exfiltration, saving time on additional data analysis. Unlike previous observability tools that required manual effort, Traceable delivers actionable insights directly.
The Neobank consolidated security efforts in the Traceable platform, democratizing data and security practices and significantly saving the team’s time. Traceable manages rate limiting and other security rules that would otherwise require internal development, enabling the team to focus on building a secure banking system. The partnership with Traceable facilitated API security and streamlined implementation processes.
“Traceable helped to secure our APIs, and we now implement a lot of things in Traceable.”
The Neobank benefits from Traceable’s market experience and support, learning from their experiences with other customers. The partnership is a natural fit, with the Neobank relying on the Traceable platform and support team for insights, guidance, and assistance in addressing malicious traffic. Traceable’s early warnings and validation contribute to faster issue resolution, such as with Log4J vulnerabilities, strengthening the ongoing partnership.
Traceable’s API Security platform enhances the Neobank’s Data Security stack, working in synergy with other security tools to effectively identify, mitigate, and block malicious activity. It complements the well-defined security stack, addressing the API security aspect while other tools handle infrastructure, code, dependency, and container security. This integration ensures comprehensive protection and aligns with the team’s understanding of the importance of maintaining a robust security ecosystem. Traceable’s expertise, experience, and full-scale platform make it an essential component in the overall Application Security strategy.
API Security is an important part in the Appsec wheel, and Traceable helped us to secure that with expertise, experience, and a full-scale platform.
Head of Engineering and Data Sciences
Traceable is the industry’s leading API security platform that identifies APIs, evaluates API risk posture, stops API attacks, and provides deep analytics for threat hunting and forensic research.
With visual depictions of API paths at the core of its technology, its platform applies the power of distributed tracing and machine learning models for API security across the entire development lifecycle. Visual depictions provide insight into user and API behaviors, understanding anomalies and blocking API attacks, enabling organizations to be more secure.