API & Web App Protection for Financial Services

Take a protection-first approach to securing the APIs and applications that manage your customers’ sensitive data and financial transactions

Effectively Block Threats Targeting Financial Organizations

In late 2018, a midsize financial services organization started suffering from attacks that were persistent, relentless, and always evolving. After trying and failing to prevent attacks with a WAF, geo-blocking, automatic and manual IP blocking – the team was still struggling.

“We had to put in some Band-Aid(R) solutions that were not very effective. We were looking for a more proactive solution. We were spending a lot of weekends, late nights, and holidays managing these attacks. It seemed like these attackers would always take my Christmas Day, my New Year’s Day. I couldn’t sleep at night.”

In 2021, the financial service organization began the search for a more effective web application firewall (WAF) or Web application and API protection (WAAP) solution. The security analyst said, “We decided to test ThreatX, and right away, we saw instant results. Everybody was happy.” The results from the other vendors couldn’t match the level of protection the team saw from ThreatX, so they moved forward with ThreatX.

Read the full case study

What Our Customers Are Saying

“We look at our ThreatX dashboard and pinpoint whether attackers are just getting their feet wet, or really trying to exploit us. It’s a good visual because we can see clearly what to focus on. With other solutions, it was just an immediate block for anything that met a rule.”

Marco Escobar, Senior Director of Operations | Segpay

“Prior to ThreatX we would spend countless hours adjusting rules, and manually blocking countries and IP addresses when under attack. Now we let ThreatX take care of it and my team and I have our evenings and weekends back. The best part of working with ThreatX is the SOC that is keeping an eye on things and making recommendations and adjustments. The relationship and trust is important to our Credit Union and we have found an amazing partner in ThreatX.”

Steve Liu, Director of Information Technology | Selco Community Credit Union

“We had a site that was being targeted by a bot, attempting to log in with rotating usernames and passwords. However, this threat actor was crafting a properly formed interaction with the API. So, there was nothing malicious. It was using proper user agents and properly formed headers — nothing about it was out of the ordinary. ThreatX’s ability to recognize anomalies that indicate suspicious behavior is game-changing.”

Director of Security Architecture and Engineering | Global Marketing Company

“A behavior-based approach to security was very compelling for us. Threat interactions are monitored and ThreatX enables us to automatically identify and block potentially malicious and suspicious cyber behavior. We don’t have to specify the conditions or rules like we would in any other WAF, because the ThreatX solution continuously learns from what it observes.”

Joel Bruesch, Senior Director of Information Security | BMC Software

“It’s been easy to work with the SOC team…I feel, the team feels, like they’re an extension of our information security team. Before, I would get all these text messages, at two in the morning or three in the morning. And it was never fun. I felt like I worked 24 by 7, nonstop, not just being on call. I just felt like we were working seven days a week. So, this past Thanksgiving was actually the first holiday that I felt I could actually enjoy with my family.”

Information Security Analyst | Large Financial Services Organization
Solutions

Immediately Protect Sensitive Customer Data

Secure your layer-7 APIs and Web applications with real-time detection and blocking against complex attacks.

It’s great to build APIs and Web applications as secure as possible from the start but that’s not always an option, particularly for the legacy apps and APIs that many financial organizations have relied on for years. Defending your perimeter in depth has become table stakes but finding the right partner that secures the full spectrum of your layer 7 traffic from nearly any threat is really hard – but that’s why ThreatX exists.

We protect our customers from threats like:

  • Credential Stuffing
  • DDoS Attacks
  • OWASP Top 10 Threats
  • API Abuse
  • Botnets and Bot Armies
  • Account Takeovers
  • SQL Injection
  • Zero Day Vulnerabilities

Find out more about how ThreatX can help effectively protection Open Banking and Financial APIs by reading ThreatX’s Financial Services data sheet

Meet PCI Requirements Consistently and Efficiently

Secure all systems that manage your customers’ personal identifiable and cardholder data while reducing the burden of maintaining compliance.

ThreatX helps you meet PCI requirements, but also improves the overall security of application and cardholder data while reducing the burden of maintaining compliance.

This includes:

  • Requirement 6: Develop and Maintain Secure Systems and Software
  • Requirement 1: Install and Maintain Network Security Controls
  • Requirement 5: Protect All Systems and Networks from Malicious Software
  • Requirement 10: Log and Monitor All Access to System Components and Cardholder Data

Get the full details on PCI DSS 4.0

Detect and Block Malicious Bots

Comprehensive coverage that scales against large, volumetric botnet attacks.

ThreatX provides critical visibility on bot-based attacks by using application profiling, IP interrogation, entity fingerprinting, and risk attribution to distinguish if malicious requests are being customized from a sophisticated attacker or automated by a distributed botnet. This combination of bot detection techniques and application intensity analysis, means ThreatX can reveal a wide range of automated attacks such as ATO, credential stuffing, reputation attacks and more

Get comprehensive protection against:

  • Brute force Attempts
  • TCP Attacks
  • HTTP Flooding
  • Spoofing
  • Ping of death
  • Smurf
  • Teardrop
  • Zero-Day DDoS Attacks and more…

Check out ThreatX’s approach to DDoS Protection & Bot Management

Ditch the Headaches of Legacy WAFs

Risk-based blocking ensures confidence that threats are blocked while maintaining low false positives and legitimate users are never locked out

ThreatX goes far beyond signatures and anomaly detection with behavior-based analytics to identify and track malicious entities even as traits such as IP addresses and user agents change. This lets us track a complete picture of an entity’s attack attempts and risk so that enforcement is both highly accurate and laser-focused on what matter the most.

Benefits of this approach include:

  • Fewer false-positives
  • Fewer custom rules
  • Less time managing and mitigating rule conflicts
  • Less time spent documenting rulesets
  • Less resource requirements when FTEs change over

Learn more about our single risk engine or our attacker-centric behavioral analytics

A Unified API & Web Application Protection Platform

Secure the APIs and Web apps that manage Financial Transactions

Real-Time Detection & Blocking Against Attacks


ML & AI to Power Behavior-Based Single Risk Engine


Bot Protection & Mitigation


24X7 Managed SOC Operations & Onboarding Support


Zero-Day Protection


Visibility Into Your Entire API & Web Attack Surface