Signal Sciences > Case Studies > Defending Remitly's Digital Transactions with Signal Sciences

Defending Remitly's Digital Transactions with Signal Sciences

Signal Sciences Logo
Technology Category
  • Infrastructure as a Service (IaaS) - Private Cloud
  • Infrastructure as a Service (IaaS) - Public Cloud
Applicable Industries
  • Finance & Insurance
  • National Security & Defense
Applicable Functions
  • Quality Assurance
Use Cases
  • Traffic Monitoring
  • Transportation Simulation
About The Customer
Remitly is the largest independent digital remittance company headquartered in the United States. The company enables immigrant communities to send and receive money across borders more simply and at a lower cost. Remitly transfers over $5 billion in annualized volume from its customers in the United States, United Kingdom, Canada, and Australia to loved ones throughout the world. The company operates public facing endpoints and applications for their customers as well as private endpoints that are for internal employees.
The Challenge
Remitly, the largest independent digital remittance company in the United States, was faced with the challenge of protecting its proprietary global transfer network. The company needed a technology that could satisfy PCI requirements and protect customers’ sensitive transactions through its mobile application. Remitly deals with irregular traffic patterns, which posed a significant challenge. For instance, they once observed a spike in account transfers all happening from a small network segment on the Pacific coastline of South America. The company had to determine if this traffic indicated an attack or valid requests, and do so in real time. Allowing the traffic carried the risk that the transactions were malicious, requiring Remitly to reimburse the cost of the fraudulent transfers. A traditional web application firewall (WAF) would have no way of distinguishing this traffic, leaving customers frustrated if they chose to blacklist the IP.
The Solution
Remitly implemented Signal Sciences to instrument and defend their web applications and APIs. This solution was able to block malicious traffic and allow good traffic through from the same network range or IP. For instance, the spike in activity on the Pacific coastline turned out to be requests from their customers who earn their living out at sea. Signal Sciences provided the needed visibility to help the team determine these were legitimate requests, and not an attack. Remitly also needed a WAF for PCI compliance, but they wanted to protect the entire site and not just the portion of the application that deals with credit cards. Signal Sciences Power Rules allowed them to easily add in instrumentation and defense where they needed it without the complex regex rules found in other products. Furthermore, Signal Sciences provides a flexible architecture that allows them to get running in production and tie into their proxy layers for both private and public networks with ease.
Operational Impact
  • With Signal Sciences in place, Remitly was able to effectively defend their web applications and APIs without creating false positives or blocking their customers’ traffic. The solution provided the necessary visibility to distinguish between legitimate and malicious requests, even when they came from the same network range or IP. This was particularly useful in situations where there was a spike in activity, such as the one observed on the Pacific coastline. Furthermore, Signal Sciences Power Rules allowed Remitly to easily add in instrumentation and defense where they needed it, without the need for complex regex rules. The flexible architecture of Signal Sciences also allowed Remitly to tie into their proxy layers for both private and public networks with ease, thereby protecting all their applications and endpoints.

Case Study missing?

Start adding your own!

Register with your work email and create a new case study profile for your business.

Add New Record

Related Case Studies.

Contact us

Let's talk!
* Required
* Required
* Required
* Invalid email address
By submitting this form, you agree that IoT ONE may contact you with insights and marketing messaging.
No thanks, I don't want to receive any marketing emails from IoT ONE.
Submit

Thank you for your message!
We will contact you soon.