Vantiq Achieves Pre-Production API Security with APIsec

About Vantiq

Vantiq enables customers to build next-generation applications that combine real-world data and real-time events. Vantiq’s agile development environment allows complex applications to be created in weeks with minimal coding, taking full advantage of artificial intelligence (AI), Internet of Things (IoT) and edge computing. Vantiq is the power behind a broad array of applications for smart cities, smart buildings, oil and gas, telecom, healthcare and other industries.

The Challenge  

Vantiq’s unique role as dev environment and capabilities provider, but not ultimate application owner, gives then the opportunity and the challenge of becoming stewards of application security in a way that must exist during the development cycle and independent of the network environment where their customer’s applications will run. 

PEN testing would allow Vantiq to validate the security of their own platform and offer up a model that allowed for their customers to embrace a shift-left approach with security baked in from the start. But, 

a traditional, manual PEN testing model wouldn’t scale nor deliver at the speed needed to keep pace with modern development cycles. Vantiq needed an automated, continuous PEN testing solution that could dynamically generate and run tests across hundreds or even thousands of APIs with the least amount of friction to the development team.

“We use a lot of software in the construction of our planet. We have to make sure all that sphere, all of the elements making up that software, are all up-to-date and secure. It’s a monumental task to secure our supply chain,” said Paul Butterworth, Vantiq CTO and Co-Founder. “At Vantiq we’ve fully embraced the mindset that security is a central part of building good products. A significant amount of time and care from architecture to product design, etc. goes into ensuring strong security foundations from the start.”

The Solution

Vantiq chose APIsec as their automated PEN testing solution. With APIsec, Vantiq is able to deliver on their promise of “security by design” with proactive protection of their APIs through automated, continuous API penetration testing to uncover and remediate the security vulnerabilities and logic flaws that can lead to breaches and data loss.

The Results

Smooth Onboarding = Rapid Time to Value

“Traditional, manual PEN testing solutions wouldn’t work at Vantiq because of the time required for the creation and execution of manual tests. 

APIsec was able to rapidly onboard our APIs with no agents and no code insertion, analyze our APIs and dynamically generates thousands of attack playbooks. What would have taken weeks or months for manual PEN testing was accomplished in a matter of hours.”

Proactive, Shift-Left Security

Developers are security professionals. If you try to put a tool in their path that doesn’t fit their current process, it just doesn’t work. 

APIsec’s automated PEN testing solution works for Vantiq because it fits in seamlessly with our existing development process and tools. With APIsec, we’ve got a continuous feedback loop to validate we’ve succeeded in what we set out to do, and where we haven’t, we have the ability to proactively address it before production.”

‍