Inside the Briefcase

IT Briefcase Exclusive Interview: Getting the Most Out of Open Source While Managing License Compliance, Risk, and Security

IT Briefcase Exclusive Interview: Getting the Most Out of Open Source While Managing License Compliance, Risk, and Security

with Kendra Morton, Flexera
In this interview, Kendra Morton,...

Why DEM Matters More Than Ever in Financial Services

Why DEM Matters More Than Ever in Financial Services

Remember waiting in line at the bank? Banking customers...

How to Transform Your Website into a Lead Generating Machine

How to Transform Your Website into a Lead Generating Machine

Responsive customer service has become of special importance, as...

Ironclad SaaS Security for Cloud-Forward Enterprises

Ironclad SaaS Security for Cloud-Forward Enterprises

The 2015 Anthem data breach was the result of...

The Key Benefits of Using Social Media for Business

The Key Benefits of Using Social Media for Business

Worldwide, there are more than 2.6 billion social media...

API Sentinel ID’s All Published APIs, Provides Continuous API Security Visibility and Monitoring

June 17, 2020 No Comments

Featured article by Jeff Steuart, Kelley Group Two

APIs are the “connective tissue” used in every application that an average user’s likely to touch. They’re used more heavily than ever before according to Cequence Security’s Matt Keil. “Mobile and IoT devices, the adoption of containers and the move to decentralized or agile development are the driving forces behind the explosion in API usage.

That’s one reason why API-focused attacks are increasingly popular with bad actors. Another is the organization’s poor or non-existent visibility into just how many APIs they have and where and how they’re used.

As a result, automated attacks like Account Takeover, Fake account creation and scraping are routinely executed against APIs, and are often only discovered when users find their loyalty points have been stolen, or they are notified of suspicious activity.

Keil notes that APIs can also expose too much information when a request is made, or they can inadvertently grant user with elevated privileges (like an Admin), or they expose API keys that grant access. “Organizations will often discover these types of attacks the hard way – when they are breached. By analyzing the APIs as they are published to discover these errors, API Sentinel can help eliminate the risks. Organizations struggle with the lack of visibility into their API footprint in the form of inventory, usage, risk and specification conformance.”

“Organizations typically spend more time focused on active attacks and breaches than they do assessing their code and environments for vulnerabilities and security gaps which are often hiding in plain sight. In most cases, they simply lack tools that can provide that level of visibility for APIs,” said Ed Amoroso, chief executive officer of TAG Cyber.

And those are some of the problems that API Sentinel by Cequence Security is built to solve.

“API security is the fastest growing segment of the security market today, but has been largely underserved by siloed point products that only address a part of problem. The addition of API Sentinel to the Cequence Application Security Platform extends our API protection beyond automated bot attacks and API abuse to include discovery of API risks introduced by shadow publication, coding or non-conformance errors,” said Ameya Talwalkar, co-founder and chief product officer of Cequence Security. “Our end-to-end approach ensures that API security can be clearly understood and actioned across development, security, operations, and compliance teams.”

API Sentinel integrates with existing API management tools like gateways and proxies, and provides insights into the usage of each API needed to mitigate security vulnerabilities. Key capabilities:

- Continuous Risk Scoring: Assesses and assigns a numeric risk factor for each API based on strength of authentication used, presence of PII, PCI or other sensitive data, detection of unencrypted communication, and non-conformance to the OpenAPI specification.

- Runtime API Catalog and Usage Analysis: Automatically discovers all APIs, including managed and shadow APIs. Analyzes API usage and access, including geo-location, IP addresses and organizations. Provides a view into headers, parameters, and response codes with flexible time-based filtering.

- Schema Non-conformance Detection: Performs a runtime comparison of your inventoried APIs against an OpenAPI specification to uncover and flag API endpoints, headers, parameters and response codes as non-conformant. Discovered out-of-spec elements can be addressed by development, effectively mitigating security risks before they reach production.

Graph e1592430512179 API Sentinel ID’s All Published APIs, Provides Continuous API Security Visibility and Monitoring

API Sentinel discovers and analyzes all of the organization’s APIs to detect and mitigate security risks – Cequence Security.

“The Cequence team is committed to helping us enhance API security to protect our environments from potential bad actors. They helped bolster and protect our API security from all forms of risk,” said Ram Ravichadran, CTO of Narvar a customer engagement platform used by more than 600 retailers and brands.

“API Sentinel fills a critical need so that security and development can collaborate to secure and protect today’s API-driven applications,” Amoroso said.

Cequence is conducting a webinar on API Sentinel Wednesday, June 24, 2020, 11 am PDT. Registration link: https://bit.ly/3fd3dHB

To register for a free trial of API Sentinel, visit: www.cequence.ai/api-sentinel.

 

DATA and ANALYTICS , MOBILE, SECURITY, SOCIAL BUSINESS

Sorry, the comment form is closed at this time.

ADVERTISEMENT

Gartner