The Business Impact:
About Axos
Company: Axos
Founded: 2000
Industry: Banking and Financial Services
Mission: Born digital, we challenge the status quo by liberating you from the constraints of traditional banking. With technology-driven financial services that evolve to meet your needs, we help you stay ahead in life and business.
Axos, a leader in digital banking, offers a range of services, including mortgages, account openings, credit card services, and money transfers. As they expanded, ensuring continuous API security became critical to protect their extensive application ecosystem.
The Challenge: Achieve Continuous Validation of API Security Across a Complex and Vast API Ecosystem
Axos needed to address gaps in its security checks that left it vulnerable to API exploitation. Its quarterly, externally sourced pen testing was expensive and insufficient for complete API security coverage, and the 90-day intervals between tests left potential security flaws unaddressed for too long.
Key Goals:
- Achieving continuous API security coverage.
- Real-time validation of API security to promptly address potential threats.
Axos needed to address gaps in its security checks that left it vulnerable to API exploitation. Its quarterly, externally sourced pen testing was expensive and insufficient for complete API security coverage, and the 90-day intervals between tests left potential security flaws unaddressed for too long. Axos faced significant hurdles due to the sheer volume and complexity of its API ecosystem. With hundreds of applications ranging from mortgages to account services, each application varied in complexity and data requirements.
Key Challenges:
- Managing a vast number of applications with varying complexities.
- Finding security talent capable of addressing the diverse security needs of all applications.
- Ensuring internet-facing applications were secure against external threats.
With hundreds of developers working across numerous applications, it was virtually impossible to find security experts capable of handling the security demands for all apps.
The Solution: Automated and Continuous API Testing
Axos partnered with APIsec, the industry’s only automated and continuous API testing platform. APIsec’s AI-based platform pressure-tested the entire API network, ran continuous scans throughout development, and delivered detailed reports after each test.
Key Features Leveraged:
- Advanced testing of the entire network of applications.
- Continuous validation, including on-demand and new-release testing.
- Identification of vulnerabilities with actionable intelligence for developers.
- Integrated reporting to streamline development workflows.
The Business Impact
APIsec mitigated vulnerabilities and provided Axos with the necessary security coverage without disrupting their intricate applications and development processes.
API Security Coverage:
- Number of APIs covered: 700+
- Frequency of automated tests: Continuous, with tests at every build completion
Cost Savings:
- Reduction in manual pen-testing costs: 50%
Vulnerability Detection:
- Number of vulnerabilities detected and remediated: 300+ in the first quarter
Time to Remediate:
- Average time to remediate identified vulnerabilities: Reduced by 70%
Integration Efficiency:
- Time to integrate APIsec: <1 week
Operational Efficiency:
- Reduction in security-related disruptions: 40%
- Number of actionable reports generated: 150+ per month
Developer Productivity:
- Time saved on security testing: 30% reduction in manual efforts
Compliance:
- Compliance standards maintained: SOC II, GDPR, CCPA
Incident Response Improvement:
- Reduction in mean time to detect (MTTD) and mean time to respond (MTTR): 50%
Looking Ahead: Sustaining Security Excellence
Axos is committed to maintaining and enhancing its API security practices with a focus on the following:
- Expanding Testing Coverage: Broadening the scope of API security tests to cover new functionalities and services.
- Enhancing Automation: Increasing automation in security processes to reduce manual intervention and accelerate response times.
- Ongoing Training: Investing in continuous training for development and security teams to stay updated with the latest security practices and threats.
- Collaborating with APIsec: Leveraging new features and updates from APIsec to enhance their security posture.
By prioritizing these areas, Axos aims to maintain robust API protection and ensure the highest standards of security and reliability for its customers