Traceable AI Addresses Newest FFIEC Compliance Guidelines
January 12, 2023

Traceable is providing the necessary API security measures to enable FDIC-insured financial institutions to meet the latest Federal Financial Institutions Examination Council (FFIEC) cybersecurity compliance mandates.

On October 3, 2022, the FFIEC announced a significant update to meet cybersecurity mandates for financial institutions. This update explicitly calls out APIs as a separate attack surface in regulatory guidelines that represents a significant shift in compliance trajectories, and highlights the increased threats that APIs pose. The FFIEC specifically created these new guidelines prompting financial institutions to inventory APIs as part of their overall inventory of information systems and risk assessments. For example, banks utilize APIs with their digital banking services and information system access points, making the sharing of data easier, and the customer banking experience better. However, as a top attack vector, APIs, when not carefully identified and secured, can be compromised in seconds – putting businesses and their customers’ sensitive data at significant risk.

“This year will be a reckoning for financial institutions. With an average of three banking-related APIs connected to customers, now is the time to understand your APIs and act immediately to protect your data and your customers,” said Richard Bird, Chief Security Officer at Traceable. “We have been working with large financial institutions to assess their APIs, enabling them to fully understand their threat posture. Most are shocked by the results. This initial shock is certainly the trigger for them to get a comprehensive picture of the APIs they have – current and legacy as well as internal and external. Knowing this enables them to act immediately.”

APIs are now the primary attack vector for data breaches, and Traceable is working closely with the top financial institutions to enable them to take the first step in securing their APIs - as required by FFIEC. Traceable discovers and identifies all APIs - internal, external, third-party and partner APIs, with its data-rich catalog, for comprehensive and real-time visibility into clients’ entire API ecosystem and API sprawl.

With Traceable’s approach, financial institutions can immediately:

- Take Continuous API Inventory: Instantly identify and catalog all APIs in your environment including internal, external, third-party and partner APIs. API types include GraphQL, SOAP, HTTP, RESTful, XML-RPC, JSON-RPC, and gRPC, and more.

- Understand API Risk Posture: Traceable provides a security risk score to every API, which allows organizations to determine which APIs are most vulnerable to abuse by collecting data on runtime details such as sensitive data flows, API call maps, API usage behavior, user details, event details, threat activity levels, and more.

- Identify Sensitive Data Exposure: Since APIs potentially expose highly sensitive information, and transmit that data from internal APIs to third-party applications, it is imperative to know the sensitive data flow end-to-end, to understand the level of exposure.

- Benefit from Automatic Conformance Scanning and Analysis: An important part of API discovery and inventory of APIs, is knowing if development specs match the APIs that are implemented in production environments.

This can all be accomplished with Traceable’s flexible data collection and deployment options, including the option of deploying 100 percent on-premise in an air-gapped model, or SaaS, or hosted in your own AWS, GCP, and Azure cloud.

Share this

Industry News

March 30, 2023

CloudBees announced the integration of CloudBees’ continuous delivery and release orchestration solution, CloudBees CD/RO, with Argo Rollouts.

March 30, 2023

amazee.io, a Mirantis company, announced that its fully-managed application delivery platform is available in AWS Marketplace.

March 30, 2023

env0 secured an additional $18.1 million of funding to conclude its Series A investment round with a total of $35.1 million.

March 29, 2023

Planview announced a new strategic collaboration with UiPath. The integration is designed to fuse the UiPath Business Automation Platform with the Planview Value Stream Management (VSM) solution Planview® Tasktop Hub.

March 29, 2023

Noname Security announced major enhancements to its API security platform to help organizations protect their API ecosystem, secure their applications, and increase cyber resilience.

March 28, 2023

Mirantis announced the latest version of Mirantis Container Cloud -- MCC 2.23 -- that simplifies operations with the ability to monitor applications performance with a new Grafana dashboard and to make updates to Kubernetes clusters with a one-click “upgrade” button from a web interface.

March 28, 2023

Pegasystems announced updates to Pega Cloud supported by an enhanced Global Operations Center to deliver a more scalable, reliable, and secure foundation for its suite of AI-powered decisioning and workflow automation solutions.

March 28, 2023

D2iQ announced the launch of DKP Gov, a new container-management solution optimized for deployment within the government sector.

March 28, 2023

StackHawk announced the availability of StackHawk Pro and StackHawk Enterprise for trial and purchase through the Amazon Web Services (AWS) Marketplace.

March 27, 2023

Octopus Deploy announced the results KinderSystems has seen working with Octopus. Through the use of Octopus, KinderSystems automates its software deployment processes to meet the complex needs of its customers and reduce the time to deploy software.

March 27, 2023

Elastic Path announced Integrations Hub, a library of instant-on, no-code integrations that are fully managed and hosted by Elastic Path.

March 27, 2023

Yugabyte announced key updates to YugabyteDB Managed, including the launch of the YugabyteDB Managed Command Line Interface (CLI).

March 23, 2023

Ambassador Labs released Telepresence for Docker, designed to make it easy for developer teams to build, test and deliver apps at scale across Kubernetes.

March 23, 2023

Fermyon Technologies introduced Spin 1.0, a major new release of the serverless functions framework based on WebAssembly.

March 23, 2023

Torc announced the acquisition of coding performance measurement application Codealike to empower software developers with even more data that increases skills, job opportunities and enterprise value.