Need cloud computing? Get started now

Securing Travel Industry API Integrations at Dan Hotels

Luxury hotel chain with properties across Israel & India relies on API Security to secure its many travel industry API integrations

API Security’s ability to combine anomaly detection with threat hunting brings all of the insights we need to reduce risk together in one place, adding significant value to our organization.

Yossi Gabay, VP of Information Systems, Dan Hotels

The challenge of securing APIs

The Dan Hotels chain has many different API-based integrations supporting its internal business intelligence system, as well as a growing collection of external APIs with travel industry partners, including major travel websites like Expedia and Booking.com, online travel agencies (OTAs), and various other vendors and smaller agents. While many of these API functions are centralized in the company’s Silverbyte property management platform, the security team found that they lacked visibility into the specific ways that partners were accessing and interacting with its systems — or any ability to govern these activities. After a scare when two of the company’s travel partners were compromised, the team decided that a more sophisticated and proactive approach to API security was needed. “When we were investigating the incident with our partners, we realized how little control we have over how our APIs are used. It was clear that less secure partners could put our systems at risk,” says Yossi Gabay, Vice President of Information Systems, Dan Hotels. This experience increased the company’s sense of urgency to implement a more sophisticated set of API security capabilities.

Success factors of secure APIs

The Dan Hotels technology team faces many competing pressures on a daily basis, spanning cybersecurity and other critical operations functions. For this reason, they were looking for a solution that would reduce API risk without overwhelming the team with noise and manual effort. It was also important for the approach to extend beyond obvious attacks to cover more nuanced forms of API abuse originating from partners.

Why Dan Hotels selected API Security

API Security’s software as a service (SaaS) model allowed Dan Hotels to get an initial implementation running in a matter of hours. “It was a very easy integration without any unnecessary friction,” Gabay notes. “We weren’t overloaded with new tasks, so there wasn’t any interference with our daily operations.” Once the system was up and running, the API Security team collaborated with the Dan Hotels team to fine-tune the data sources and configuration to meet the company’s unique objectives.

Given the company’s focus on detecting abuse, API Security’s behavioral analytics capabilities set it apart from other options in the marketplace. The API Security platform was able to map the relationships between the hotel chain’s API users and resources, providing valuable context. “Rather than focusing solely on blocking attacks, API Security was able to help us understand what was actually happening and zero in on undesirable behavior that would otherwise go unnoticed,” Gabay says.

The Dan Hotels team was also very impressed with API Security’s ability to present large amounts of information about API activity and threats. “When you don’t have information, you can’t have a conversation or fix things,” Gabay explains. “As soon as you have an understanding of what an API is supposed to do and how this compares to what is actually happening, you can involve all of the relevant parties to fix any problems.”

While Dan Hotels has in-house security expertise, they see significant value in API Security’s managed threat hunting service. “Our team’s focus is often split between cybersecurity and supporting revenue-generating activities, so being able to engage a managed service that proactively alerts us when new API risks are identified is really important to us,” Gabay says. “It gives us access to people who are on the cutting edge of these API security issues, who are also very committed and easy to work with.”

About Dan Hotels

Dan Hotels is a luxury hotel chain based in Israel. The company manages over 4,000 rooms across 18 hotel properties in Israel and India, along with a diverse collection of other hospitality offerings such as airport lounges and catering.

About Akamai

Akamai powers and protects life online. Leading companies worldwide choose Akamai to build, deliver, and secure their digital experiences — helping billions of people live, work, and play every day. With the world’s most distributed compute platform — from cloud to edge — we make it easy for customers to develop and run applications, while we keep experiences closer to users and threats farther away. Learn more about Akamai’s security, compute, and delivery solutions at akamai.com and akamai.com/blog, or follow Akamai Technologies on Twitter and LinkedIn.

Related Customer Stories

Security

City of San Juan

The City of San Juan improves and simplifies protection against malware, ransomware, and data exfiltration with cloud-based DNS firewall from Akamai.
Read more
Security

Texas School District

Large school district in Texas deploys microsegmentation from Akamai to protect east-west traffic
Read more
Security

ANA

ANA, the largest Japanese airline, deployed numerous Akamai solutions to ensure the performance, availability, and security of its digital presence.
Read more