Vantiq Achieves Pre-Production API Security with APIsec
The Business Impact:
Security Assurance for Platform Customers
Customers get pen test reports for every release for compliance
Cost Savings
Less than the cost of a single penetration test for continuous, complete API testing
.svg)
Increased Developer Productivity
50% reduction in developer security support requests and 35% reduction in manual efforts on security testing
Paul Butterworth
.webp){kind=small}
“We use a lot of software in the construction of our planet. We have to make sure all that sphere, all of the elements making up that software, are all up-to-date and secure. It’s a monumental task to secure our supply chain. At Vantiq we’ve fully embraced the mindset that security is a central part of building good products. A significant amount of time and care from architecture to product design, etc. goes into ensuring strong security foundations from the start.”
About Vantiq
Company: Vantiq
Founded: 2015
Industry: Software Development
Mission: At Vantiq, our mission is to revolutionize how organizations leverage their data to drive impactful, real-time intelligence for increased productivity and efficiency.
Vantiq provides an agile development environment that allows for the rapid creation of complex applications with minimal coding. Their platform powers a wide range of applications across industries such as smart cities, healthcare, telecom, and more.
Business Challenge
Vantiq's role as a development environment and capabilities provider presents unique security challenges. They needed to ensure application security during the development cycle, independent of the network environments where their customers' applications would ultimately run.
Key Challenges:
- Validating the security of their platform.
- Enabling customers to adopt a shift-left security approach.
- Scaling security testing to match modern development cycles.
- Reducing friction for development teams.
Vantiq needed an automated, continuous penetration testing (PEN testing) solution that could dynamically generate and run tests across hundreds or thousands of APIs with minimal disruption to development.
The Solution
Vantiq selected APIsec as their automated PEN testing solution to ensure "security by design." APIsec provides proactive API protection through continuous penetration testing, identifying and addressing security vulnerabilities and logic flaws before they can lead to breaches or data loss.
Features of APIsec:
- Automated, continuous PEN testing.
- Rapid onboarding of APIs without agents or code insertion.
- Dynamic generation of attack playbooks.
The Business Impact
API Security Coverage:
- Number of APIs covered: 1000+
- Frequency of automated tests: Continuous, including on-demand and new release testing
Cost Savings:
- Reduction in manual pen-testing costs: 60%
Vulnerability Detection:
- Number of vulnerabilities detected and remediated: 250+ in the first month
Deployment Speed:
- Time to integrate APIsec: <1 week
- Initial API risk discovery scanning time: 24 hours
Operational Efficiency:
- Reduction in security-related disruptions: 45%
- Number of actionable reports generated: 200+ per month
Developer Productivity:
- Time saved on security testing: 35% reduction in manual efforts
- Reduction in developer security support requests: 50%
Compliance:
- Compliance standards maintained: Industry-specific standards (e.g., GDPR, CCPA, SOC II)
Incident Response Improvement:
- Reduction in mean time to detect (MTTD) and mean time to respond (MTTR): 55%
Smooth Onboarding = Rapid Time to Value
“Traditional, manual PEN testing solutions wouldn’t work at Vantiq because of the time required for the creation and execution of manual tests. APIsec was able to rapidly onboard our APIs with no agents and no code insertion, analyze our APIs, and dynamically generate thousands of attack playbooks. What would have taken weeks or months for manual PEN testing was accomplished in a matter of hours.” ~Paul Butterworth, CTO, and Co-Founder, Vantiq
Proactive, Shift-Left Security
“Developers are not security professionals. If you try to put a tool in their path that doesn’t fit their current process, it just doesn’t work. APIsec’s automated PEN testing solution works for Vantiq because it fits in seamlessly with our existing development process and tools. With APIsec, we’ve got a continuous feedback loop to validate we’ve succeeded in what we set out to do, and where we haven’t, we have the ability to proactively address it before production.” ~Paul Butterworth, CTO, and Co-Founder, Vantiq
Looking Ahead: Sustaining Security Excellence
Vantiq is committed to continuously improving its API security practices by focusing on the following:
- Expanding Testing Coverage: Broadening the scope of API security tests to cover new functionalities and services.
- Enhancing Automation: Increasing automation in security processes to reduce manual intervention and accelerate response times.
- Continuous Training: Investing in ongoing training for development and security teams to stay updated with the latest security practices and threats.
- Collaborating with APIsec: Leveraging new features and updates from APIsec to enhance their security posture.
By prioritizing these areas, Vantiq aims to maintain robust API protection and ensure the highest standards of security and reliability for its customers.
