Financial Services
Privately / Publicly Owned
Private
Employees
10,000+
Challenges
Solutions
This award-winning financial services organization is the largest bank in the country - holding close to one-third of the market share - and one of the largest in the Central American region. Over the past couple of years, the bank has expanded its international operations, now serving millions of private and corporate customers throughout 3 other countries in the region. The bank has been repeatedly named the most innovative bank in the country and consistently introduced new technologies and functionalities into its iOS and Android mobile banking and digital wallet applications to generate value and optimize user experience. Thanks to its strong and stable operations the bank generated a four-year average operating income of more than US$700 million in 2023 - despite adverse economic conditions.
“As our mobile banking and digital applications are the main channels for the majority of our customers’ day-to-day banking needs, we continually innovate ourselves to bring the best and most secure mobile banking experience to our customers. . We aim to not only meet but exceed the local and international regulatory compliance requirements"
– Head of Cybersecurity, Top 5 Central American bank
This Central American bank has always put security as a top priority and understood the importance of proper mobile application protection. Initially, they implemented some basic code obfuscation techniques on their Android and iOS mobile banking and digital wallet applications but soon realized that this DIY approach did not provide sufficient protection. Realizing this, they worked with a vendor who provides a cloud-based “zero coding” mobile application protection tool. Initially, they were happy with the tool as it was simple to apply and provided them with several new code obfuscation and runtime protection features to defend against tampering and reverse engineering attacks.
“While it was easy to implement and came with useful new features, the protected versions of our app often crashed. And since it was a cloud-based tool, we were not able to debug it ourselves. We had to constantly reach out to the support team to find out what went wrong and what needed to be done. To make it worse, they were slow to respond and the support quality was bad.”
— Head of Cybersecurity, Top 5 Central American bank
Unfortunately, the quality of the protection result that the wrapper-based tool provided was not consistent. The protected versions of the application often crashed, and given the vendor’s cloudbased approach the Central American bank was not able to do the debugging themselves. For each crash, they needed to open a ticket with the support team to troubleshoot the issues and figure out the solutions. However the support team was not able to provide a timely response and the bank found their support to be severely lacking. Additionally, the security team has also expanded their requirements to include mobile app security testing and monitoring, two tools that the previous vendor did not have.
“We needed a mobile application security vendor who could provide us with comprehensive mobile app security tools that are customizable and easy to use while providing robust security for our Android and iOS banking and digital wallet apps. We also want to have the confidence that we can always rely on the support team.”
— Head of Cybersecurity, Top 5 Central American bank
After conducting market research and consulting with their cybersecurity partner, Devel Group, the innovative Central American bank chose Guardsquare for its strong reputation in the industry and region and its comprehensive mobile application security product offerings. The security team found Guardsquare’s wide array of advanced code hardening and RASP features, along with the mobile application security testing platform and real-time threat monitoring dashboard to be the exact set of tools they needed to improve their overall security posture.
“After our experience with the previous vendor, our (security) team did more in-depth research to look for the best tool in the market. Guardsquare became the apparent choice after our partner, Devel Group, recommended it to us. We also found that another team within our larger organization was already in contact with the Guardsquare team, which reaffirmed our decision.”
— Head of Cybersecurity, Top 5 Central American bank
Unlike the previous vendor’s tools, DexGuard and iXGuard are compiler-based code protection tools that interweave layers of security controls straight into the Android and iOS application code, making it extremely challenging for threat actors to zero in on the protection. Guardsquare’s polymorphic approach automatically randomizes the semantics, locations, and structure of the security controls on each release, resetting the clock for the attackers. Guardsquare’s mobile application security testing product, AppSweep, helps developers quickly identify and solve security issues and dependencies in Android and iOS app code. While ThreatCast, a real-time threat monitoring dashboard, allows developers to gain insights into suspicious app users and behaviors in deployment. These insights can then be used to improve existing anti-fraud strategies as well as measure and refine your DexGuard and iXGuard protection configurations.
The leading Central American bank was able to seamlessly implement DexGuard and iXGuard, pass internal and external pentesting, and release the fully protected versions of their Android and iOS applications on time.
Thanks to the tools’ user-friendliness and high degree of customization, the development team was able to conveniently tune the intensity of the static and dynamic protection according to their use case, balancing between security, performance, and user experience. They were also very pleased with the quality and speed of aftersales and technical support Guardsquare provides.
“DexGuard and iXGuard offer the flexibility other solutions don’t offer. We were able to choose where, when, and how many checks are injected into our apps - allowing us to customize the protection configuration to our needs. The support team was very professional and helpful, whenever we needed assistance they were direct and quick to find the solution we needed. We also find the option of sanity check is very valuable to ensure that we have the configurations correctly.”
— Head of Cybersecurity, Top 5 Central American bank
The leading financial institution also integrated AppSweep throughout their development process to not only find security issues and dependencies early but also visualize the improvement of security before and after each DexGuard- and iXGuard-protected release. Using ThreatCast, they were able to maintain visibility on runtime threats their applications are facing during production in real time. Thanks to ThreatCast’s rich contextual metadata, the security team was able to figure out which parts of the code are the most frequently attacked, who the perpetrators are, and how they attempt to compromise the application’s integrity.
AppSweep’s in-depth actionable recommendations allow us to tackle vulnerabilities outside the scope of DexGuard and iXGuard. ThreatCast allows us to stay on top of all the threats our applications are facing. Overall, Guardsquare is a very involved vendor who really cares about its customers. They don’t just sell and forget.”
— Head of Cybersecurity, Top 5 Central American bank
Explore how Guardsquare can help improve your mobile app security
Request a DemoGuardsquare offers the most complete approach to mobile application security on the market. Guardsquare's software integrates seamlessly across the development cycle: from app security testing to code hardening to real-time visibility into the threat landscape, Guardsquare solutions provide enhanced mobile application security from early in the development process through publication.
More than 900 customers worldwide across all major industries rely on Guardsquare to help them identify security risks and protect their mobile applications against reverse engineering and tampering.