Seismic: Comprehensive and Continuous API Security
The Business Impact:
Less Expensive, More Effective Pen Testing
80% reduction over manual pen test costs across 500+ APIs
Vulnerability Detection Before Production
Expanded testing for business logic flaws, RBAC, ABAC, etc. immediately found flaws previously missed
Increased Dev & Sec Productivity
90% reduction in manual security testing time and 60% less security requests of dev
Tim Dzierzek
.webp){kind=small}
“APIsec provided exceptional support to us throughout the on-boarding and configuration stages. Their capabilities got us testing our APIs for a broad range of vulnerabilities in a very short period of time."
About Seismic
Company: Seismic
Founded: 2010
Industry: Sales and Marketing Enablement
Mission: Our mission is our reason for being, and it encapsulates what we’re trying to accomplish as a company. A lot of thought, debate, and consideration went into selecting these three words. We ultimately selected we because our mission isn’t just one person or a faceless organization — it’s all of us together. Ignite is a dynamic word that has a cause and effect. And growth spans personal and professional; individual, team, and business; as well as revenue.
As a leader in sales and marketing enablement, Seismic transitioned from a browser-based application to an API-driven model to meet growing customer demands. This change required enhanced security measures to protect confidential client information.
Business Challenge: Expensive, Ineffective API Security
Seismic faced several challenges as they evolved to an API-driven model:
- Managing new security risks associated with APIs.
- Traditional scanners and manual penetration tests only cover 10-20% of APIs.
- High costs of manual penetration testing, approximately $200,000 per year.
Despite frequent manual penetration tests, Seismic realized the need for a more comprehensive and cost-effective solution.
Key Challenges:
- Addressing new security risks with the API-driven approach.
- Reducing the high costs of frequent manual penetration testing.
- Achieving broader API security coverage.
The Solution: Automated and Integrated API Security
Seismic partnered with APIsec to automate and enhance their API security. APIsec's AI-driven platform provided comprehensive security testing, revealing business logic flaws and other vulnerabilities.
APIsec's Contributions:
- Initial API risk discovery scanning was completed in just 24 hours.
- Seamless deployment into the staging environment without disrupting CI/CD workflows.
- Continuous updating of attack vectors as APIs evolved.
APIsec automated the entire process, from onboarding APIs using the Swagger definition file to executing new attack vectors, and the API feature map was rebuilt with each update.
The Business Impact: A Wide Range of Vulnerabilities Revealed Rapidly, For a Fraction of the Cost
API Security Coverage:
- Number of APIs covered: 500+
- Frequency of automated tests: Continuous
Cost Savings:
- Reduction in manual pen-testing costs: 80%
- Annual savings: Approximately $160,000
Vulnerability Detection:
- Number of vulnerabilities detected and remediated: 300+ in the first three months
- Types of vulnerabilities detected: Business logic flaws, RBAC, ABAC, Application DoS attacks, injection flaws
Deployment Speed:
- Time to deploy APIsec: <1 month
- Initial API risk discovery time: 24 hours
Operational Efficiency:
- Reduction in security-related testing needed: 90%
- Number of actionable reports findings: 10+ per month
Developer Productivity:
- Time saved on security testing: 90% reduction in manual efforts
- Reduction in developer security support requests: 60%
Compliance:
- Compliance standards maintained: SOC2
Incident Response Improvement:
- Reduction in the mean time to detect (MTTD) and mean time to respond (MTTR): 50%
Customer Confidence:
- Increase in customer confidence: Measurable improvement in client feedback regarding data security
Sensitive Data Secure
“Our customers ask us what we are doing to protect their sensitive data on Seismic, and once they see what we have done with APIsec, their confidence in us grows”
— Tim Dzierzek, VP of Information Security, Seismic
Cost-Effective Security
“With APIsec continuously working in our staging environment, we eliminated the need for dynamic scanning and costly manual penetration tests. APIsec paid for itself in just three months, providing enterprise-grade API security at a fraction of the cost.”
— Tim Dzierzek, VP of Information Security, Seismic
Proactive Security Coverage
“The APIsec team is a great partner to work with on the journey of securing our APIs. They partner with us to continue to increase the coverage and security of the API.”
— Tim Dzierzek, VP of Information Security, Seismic
Looking Ahead: Sustaining Security Excellence
Seismic is committed to maintaining and enhancing its API security practices by focusing on the following:
- Expanding Testing Coverage: Broadening the scope of API security tests to cover new functionalities and services.
- Enhancing Automation: Increasing automation in security processes to reduce manual intervention and accelerate response times.
- Continuous Training: Investing in ongoing training for development and security teams to stay updated with the latest security practices and threats.
- Collaborating with APIsec: Leveraging new features and updates from APIsec to enhance their security posture.
By prioritizing these areas, Seismic aims to maintain robust protection of their APIs, ensuring the highest standards of security and reliability for their customers.
