API Protection Between Financial Institutions

API Protection Between Financial Institutions

THE SITUATION

A large insurance company was introducing a new application platform where their digital insurance products were to be white-labeled to partner bank websites. APIs were the integration solution of choice. Trust, monitoring, and security were all high on all related parties’ agenda. RedShield was invited to perform a proof-of-concept.

 

OUR SOLUTION

RedShield was provided remote access to a test and dev environment. However, pen test data was not provided, but regardless the RedShield implementation of a variety of security controls was to be measured and evaluated.

The RedShield proof of concept proved that malicious traffic in all target categories was blocked as expected and performance of the site, as observed from 10 countries, was similar with and without RedShield in place. In addition, RedShield conducted a trial business process integration workshop to discuss and agree on the nonfunctional elements of the service and agree on service interlock. The entire process was completed in under a week and reports delivered.

To date risk acceptance has been way overused in our projects, with RedShield we don’t have to. They move really fast and their test centric approach gives real confidence the issue is actually resolved.

 

THE RESULT

The Insurance company was impressed with both the process and the result. RedShield proved easy integration into a multiple company environments and addressing both functional and nonfunctional concerns was possible.

The rigor of RedShield reporting, staff experience, reputation and process maturity demonstrated gave management the confidence in RedShield. The deployment went well and the APIs were protected. Further pen tests revealed issues, some of which RedShield has addressed with custom shields and others have been either remediated in code or functionally disabled at the customer’s choosing. RedShield experts continue to monitor the tools and systems 24/7, audit the application defenses weekly, respond to any customer queries and application updates, and provide monthly commented analyst reports.

February 24, 2020