fbpx
  • 770+ Endpoints discovered
  • ~300 Events detected/week
  • ~2000 API vulnerabilities discovered/secured

Executive Summary

This neobank is subjected to compliance and regulatory requirements. Working in such an industry, with strict regulations and with lots of sensitive data to protect, the team looked to bake an API Security Platform into their security practices.

The security team understood the priority that API Security must take in their security infrastructure, recognizing that finding an API Security platform at the outset of their journey provided the best opportunity to create a security infrastructure that would both scale with them and be easily maintained on a fixed budget.

With these concerns top of mind, this Neobank made adoption of an API Security platform a top priority.

Traceable provides the coverage, precision, and recall for the malicious actors it finds. From my perspective, the fine grained rules allow me total control of who gets in and who doesn’t, and the ability to suspend access when necessary. This level of control makes Traceable a very easy tool to use, I have the ability to immediately react to threats.

Head of Engineering and Data Sciences

Neobank

About , Head of Engineering and Data Sciences, Neobank

Company

This cross border neobank enables fair access to global financial products. Understanding that the needs of a global citizen with financial footprints in more than one country are different from those of local residents, our aim is to simplify their financial world.

Challenge
  • Identify a platform solution that will provide API security, baked into their processes from the start
  • Eliminate the need to build manual, in-house solutions
  • Fits within their infrastructure
Results
  • 770+ endpoints discovered
  • ~300 events detected in one week
  • ~2000 API vulnerabilities discovered/secured
  • ~2 million calls/day
  • Consistent identification of pen tests

The Challenge: Life Before Traceable

Baking-in an API Security platform

The team had prior experience in building home grown API protection solutions, and so when they went to launch their product, they knew they needed to solve for API Security and Protection without incurring the costs associated with building the solutions in house.

“We were just starting up, we had a small team, so it made more sense to find an API Security Platform, who specializes in monitoring and securing APIs, rather than build out solutions in-house.”

Avoiding manual, in-house solutions

The team did not want to have to dedicate man-hours to building difficult to maintain in-house solutions. They also knew that by going with a product that didn’t deliver detailed behavioral analytics and insights, they would still have to dedicate an excess of time to unraveling what those insights actually were.

“Traceable had a ready-made platform product and we went for it. We use the insights from Traceable to fix our API system.”

Finding something that fits the infrastructure

The team needed to find an API Security solution that would fit in with their infrastructure. With a stack that was initially in Python on Django, they needed a solution that would increase their coverage. Without this, any tool would be a nonstarter.

“We had specific requirements and Traceable’s team was accommodating. Over time they have worked with us to help increase the coverage across this tech stack, adding support for NGINX and parts within the ingress layer itself, we now get traces right from the ingress layer.”

The New Normal: Life After Deploying the Traceable platform

The Traceable platform provides value savings, allowing the Neobank to solve API Security concerns at scale without requiring an internal team to build and maintain their solutions.

According to the Head of Engineering and Data Sciences, determining that Traceable was the best platform to address their needs for total API Security protection was simple, “it’s actually built by people who understand how API observability works.”

“We got Traceable right about the time when we went live — It was not as a reaction to a problem. It was something we anticipated that we would need. We are a financial services provider and we wanted to get a solid platform, which can actually figure out anomalies and how someone is using our APIs, and that’s where Traceable came in”

Nuanced access controls and anomaly detection

With Traceable, the Neobank swiftly identified and prevented attempted data exfiltration, thanks to its comprehensive data collection and anomaly detection capabilities. By monitoring multiple APIs and user sessions, the team detected unauthorized access to sensitive data types and promptly blocked the malicious activity. Traceable also offers security suggestions and enables fine-grained access control, meeting the neobank’s expectations as a desired solution for proactive threat detection and response.

It provides me with fairly fine grained access to detect who is anomalous and then to control how to react to that.

Immediate, actionable insights with Traceable’s context-aware security approach

Traceable streamlines data insights on its Dashboard, enabling easy comprehension for all users without extensive data analytics expertise. The neobank team efficiently protects their APIs without the need for logging or labor-intensive data interpretation. With Traceable’s readily available context and alerts, they successfully detected and blocked data exfiltration, saving time on additional data analysis. Unlike previous observability tools that required manual effort, Traceable delivers actionable insights directly.

Consolidated security efforts equals time savings

The Neobank consolidated security efforts in the Traceable platform, democratizing data and security practices and significantly saving the team’s time. Traceable manages rate limiting and other security rules that would otherwise require internal development, enabling the team to focus on building a secure banking system. The partnership with Traceable facilitated API security and streamlined implementation processes.

“Traceable helped to secure our APIs, and we now implement a lot of things in Traceable.”

Traceable’s Market Experience and support a huge bonus

The Neobank benefits from Traceable’s market experience and support, learning from their experiences with other customers. The partnership is a natural fit, with the Neobank relying on the Traceable platform and support team for insights, guidance, and assistance in addressing malicious traffic. Traceable’s early warnings and validation contribute to faster issue resolution, such as with Log4J vulnerabilities, strengthening the ongoing partnership.

API Security Platform rounds out Data Security

Traceable’s API Security platform enhances the Neobank’s Data Security stack, working in synergy with other security tools to effectively identify, mitigate, and block malicious activity. It complements the well-defined security stack, addressing the API security aspect while other tools handle infrastructure, code, dependency, and container security. This integration ensures comprehensive protection and aligns with the team’s understanding of the importance of maintaining a robust security ecosystem. Traceable’s expertise, experience, and full-scale platform make it an essential component in the overall Application Security strategy.

 

 

 

API Security is an important part in the Appsec wheel, and Traceable helped us to secure that with expertise, experience, and a full-scale platform.

Head of Engineering and Data Sciences

Neobank

About us

Traceable is the industry’s leading API Security company that helps organizations achieve API protection in a cloud-first, API-driven world. With an API Data Lake at the core of the platform, Traceable is the only intelligent and context-aware solution that powers complete API security – security posture management, threat protection and threat management across the entire Software Development Lifecycle – enabling organizations to minimize risk and maximize the value that APIs bring to their customers. To learn more about how API security can help your business, book a demo with a security expert.

Book a Demo