Banking Leader

Skip to Primary Menu Skip to Utility Menu Skip to Main Content Skip to Footer

Get a Demo

Home / Case Studies /

Banking Leader

Download Case Study

Share this article

Industry

Financial Services

Employees

1,200

Based in

USA

The banking industry has undergone a significant transformation in recent years, driven by the adoption of application programming interfaces. This proliferation of APIs has enabled banks to leverage new opportunities, enhance customer experiences, and drive business growth.

APIs have played a crucial role in enabling seamless integration between different systems and applications within the banking ecosystem. By exposing their services and data through APIs, banks can now collaborate with third-party developers, fintech startups, and other financial institutions to create innovative solutions and expand their offerings. However, despite these clear advantages, exposing APIs doesn’t come without some risk.

API security risks can pose significant threats to the confidentiality, integrity, and availability of an application programming interface (API). These risks include unauthorized access, injection attacks, denial of service attacks, insecure data transmission, insufficient authorization and privilege escalation, lack of input validation, insecure storage of credentials, and inadequate logging and monitoring. Which is why this banking leader engaged with Noname Security.

Maintaining compliance

In the financial services industry, compliance with regulations is of utmost importance to ensure fair and transparent practices, protect consumers, and maintain the integrity of the financial system. Know Your Customer (KYC) and Anti-Money Laundering (AML) regulations require financial institutions to verify the identity of their customers, assess potential risks associated with money laundering and terrorist financing, and report suspicious activities.

Additionally, Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards established by major credit card companies to protect cardholder data. And this is just the tip of the iceberg when financial regulations are concerned. So knowing what data is traversing through their APIs was of utmost importance to the customer.

They needed to understand, manage, and mitigate risk by improving the overall visibility of its API ecosystem – with emphasis on API discovery, data classification, vulnerability and anomaly detection. They also prioritized integration with their F5 production environment.

Uncovering their API footprint

The Noname API Security Platform provided visibility into API traffic transmitted to and from the customer network as well as within it. The Noname engine analyzed the traffic and discovered all of the customer’s APIs. Real-time traffic analysis identified new APIs and changes in existing APIs, and the data was recorded and updated in the customer’s dashboard.

Because the platform does not rely on agents or sidecars, and because it integrates with the cloud infrastructure, it sees every API regardless of whether the API is registered with an API gateway. Internal and external APIs, legacy APIs (those that predate the API gateway), and shadow or rogue APIs (those not routed through a gateway) were all discovered, providing the customer with unprecedented visibility into the API attack surface.

Looking ahead

The banking leader has a set of success criteria as it relates to the scope of API security. One of the areas we’re collaborating with the customer on is around rapid triaging. Ultimately figuring out how to analyze the severity of each finding, thus enabling the SOC to rapidly evaluate, triage and respond to an alert.