One of the IT team’s biggest challenges is protecting application availability during new solution deployments. “Everything needs to be operational 24×7, or it will have a negative impact on our business,” noted Scandrett. “Availability is a huge component of security, and I didn’t want any new security measures to affect our revenue streams or business partnerships in any way, shape, or form. We had to make sure any systems we implemented wouldn’t cause latency or throughput issues with our APIs or the data that’s transferred between them.”
Morris and Scandrett started the search for an API protection solution by listening to peer reviews and reading industry analyst reports. They looked at the most recent Gartner Peer Insights data to identify the top API security companies.
Morris and Scandrett then created a list of the API security and bot management capabilities that were essential for their organization. “Discovery was the most important functionality for us because we had limited visibility into our internal and external APIs,” explained Scandrett. “The second criterion was the testing capabilities of the solution. Many of our APIs were developed in-house and we needed to strengthen the static and dynamic code analysis scanning to proactively identify vulnerabilities. We needed the ability to test all of our code and fix any issues before new applications were pushed out to production.”
After a thorough review of available offerings, including watching demos and attending several vendors’ presentations, Hibbett chose the Cequence Unified API Protection Platform. “Cequence was the only solution that met all of our criteria,” said Morris. “In addition to being named as an API protection technology leader in the industry analyst reports, Cequence had very positive customer reviews — not only for its API security products and capabilities, but for its high level of customer service as well.”
Another reason Hibbett chose Cequence was its out-of-the-box integrations with over 300 third-party APIs. “All of the other vendors’ solutions required some type of third- party tool to perform blocking actions for runtime protection,” Scandrett explained. “Whether a WAF or an API gateway, they all needed additional software to provide the necessary functionality. Cequence was the only vendor that was able to do everything we needed without requiring us to purchase and deploy any additional software.”
The Cequence API protection solution was also very easy to deploy, requiring no changes to Hibbett’s on-premises, cloud, or SaaS infrastructure. Cequence was deployed fully on AWS with multiple availability zones and Auto Scaling groups enabling Hibbett to scale up and down automatically as needed. Traffic flowed in through the customer CDN, into AWS Cloud, through Amazon Route 53 DNS service, and into one of several Availability Zones. Within the Availability Zones, traffic flowed through a public subnet containing application load balancers and into a private subnet with an Auto Scaling group. From there, traffic was directed by a network load balancer and into the customer environment. All of this occurred within the Cequence AWS Cloud instance, ensuring a simple and straightforward deployment. “All we had to do was make a quick public DNS change to route our traffic through Cequence,” explained Scandrett. “It was as simple as that. We didn’t have to change any of our internal coding, and we experienced no down time or latency during the installation.”
Every API that Hibbett has is now going through Cequence. “One of the biggest benefits we’ve obtained with Cequence is the ability to identify all of our APIs and detect any flaws in our code before launching a new solution,” said Morris. “We see API breaches in the news all the time now, and this was an area where we really didn’t have enough insight. The Cequence Unified API Protection Platform is enabling us to ensure our critical services are adequately protected before deployment, allowing us to continue to grow and prosper in the highly competitive retail market.”
The Cequence solution has also eliminated the need for Hibbett’s security administrators to spend a lot of time on API management. “To put a number to the actual IT time savings we’ve obtained would have been impossible prior to deploying Cequence,” admitted Scandrett. “If we had attempted to do everything manually or seek out separate tools to accomplish what Cequence provides, it would have taken a huge amount of time. And even then, our efforts would have accomplished only a small portion of the work that Cequence can do as part of its comprehensive, API protection solution.”
“Our security team works with Cequence’s threat intelligence professionals in to create custom policies for mitigation and blocking bot attacks,” said Scandrett. “That’s another reason we chose Cequence. As far as I know, none of the other API protection vendors provide a 24/7 threat monitoring service. This visibility enables us to fine-tune our security policies based on threats that could potentially harm our operations. Knowing what’s out there and gaining the ability to proactively block malicious traffic is obviously helping us mitigate risk.”
When asked if he would recommend the Cequence solution to his peers, Scandrett replied, “Absolutely. Cequence is a great fit for any organization that doesn’t want to dedicate a lot of extra IT resources to deploying API protection using a mix of third-party tools. Cequence does everything we need in just one comprehensive, integrated tool.”
“At Hibbett, IT has been able to transform from being simply a cost center, to a strategic arm of the organization that is contributing to the bottom line,” concluded Morris. “We are now creating efficiencies in the processes that we couldn’t provide without the infrastructure and the systems we have in place. The Cequence Unified API Protection Platform is one of the key technologies that is enabling our IT security team to become a much larger contributor to our company’s success.”
