ThreatX Introduced Quick Start Program for API Protection

ThreatX has introduced the API Protection Quick Start Program, which is designed to aid organizations in better protecting their APIs by quickly deploying real-time protection against botnet, DDoS, and complex, multi-mode attacks.

APIs are a gold mine for attackers because they allow applications to share data and are increasingly being used to streamline communication between consumers and business partners. As a result, API adoption has outpaced security teams’ ability to protect against threats, leaving the connected systems vulnerable. While some vendor offerings claim to provide complete API security, they frequently lack bot protection and real-time blocking capabilities, leaving customers vulnerable to threats.

Billy Toomey, Vice President of Sales at ThreatX commented, “We’ve seen firsthand that security teams are struggling to understand how to protect their organization’s APIs against real-time threats, and they’re often trying to do so with scarce time, resources, and human power. We’re thrilled to launch this program, and are confident it will empower small, midsized, and enterprise customers to begin building their API security programs with the full support of ThreatX SOC.”

ThreatX Quick Start program helps businesses get started with API protection by allowing them to build their API security program without putting their resources at risk. The program provides real-time monitoring and blocking of API attacks, allowing protection without the need for additional tools or attack data that must be analyzed after the fact. The fully managed program offers customers support from ThreatX Security Operations Center (SOC), which offers 24/7 coverage and expertise.

Read more articles:

API Security Should Be Your Priority in 2022

Neosec Launched ShadowHunt For API Security

Neosec launched ShadowHunt, a managed threat hunting service staffed by experts, to supplement its platform with human oversight from active threat hunters to identify the most hidden and obfuscated API abuse. Neosec’s SaaS platform discovers all APIs, analyzes their behavior, audits risk, and eliminates threats lurking within. It brings together security and development teams to protect modern applications at scale from threats.

Neosec applies threat hunting techniques like those used in EDR and XDR to API security. ShadowHunt provides security teams with the assurance that API security experts are investigating unusual behavior on their API estate.

Giora Engel, co-founder, and chief executive officer of Neosec stated, “The increasing potential for insiders or attackers to utilize business APIs for criminal or malicious gain requires a new level of scrutiny and sophistication. The new ShadowHunt service augments our platform with an expert team to monitor API usage and hunt for fraud, abuse, or critical vulnerabilities without any drain on an organization’s existing security team.”

Organizations can manage the growing risk of manipulation, theft, and misuse of core business systems, assets, and data by combining the ShadowHunt service with the Neosec cloud-based platform. Because APIs are increasingly used to connect important business systems to customers, suppliers, and partners, the service is ideal for companies where security teams are understaffed or lack the expertise required to identify threats in business API traffic.

The Neosec platform handles API vulnerabilities by automatically and continuously identifying all APIs in use by a company, assessing their risk posture, and monitoring user behavioral anomalies that could involve data theft or other misuses. Most businesses do not have a complete API inventory, let alone an understanding of the nature of typical API usage. The ShadowHunt service can now supplement the use of the Neosec platform with a team of experts to respond quickly to findings, investigate potential threats, and recommend immediate remediation and actions.

The ShadowHunt service and the Neosec platform work together to provide a quick way to incorporate full monitoring and investigation of anomalous business API usage without interfering with existing security operations or team workload. The combination can quickly and transparently add protection against vulnerability exploits and API business abuse.

Read more articles:

API Security Should Be Your Priority in 2022

API Security Should Be Your Priority in 2022

API security represents the application of any security best practice to APIs, which are widely used in modern applications. API security encompasses API access control and privacy, as well as the detection and remediation of API-related attacks such as API reverse engineering and the exploitation of API vulnerabilities.

Whether an application focuses on consumers, or anyone else, the client-side (mobile app or web app) interacts with the server-side via Application Programming Interface (API). APIs make it simple for a developer to create a client-side app. APIs enable microservice architectures as well.

An attack on API could include bypassing the client-side application to disrupt the operation of an application for other users or to compromise private information. API security is concerned with securing this application layer and addressing what might happen if a malicious hacker interacts with the API.

According to Infosecurity Outlook, “by 2023, API abuses will be the most common attack vector resulting in data breaches for enterprise web applications. To avoid these attacks, it is best to take a continuous approach throughout the API development and delivery cycle, designing security into APIs.”

Features of API Security

API security is concerned with securing the APIs that you expose directly or indirectly. API security is less concerned with the APIs you use that are provided by third parties, though analyzing outgoing API traffic, one can get valuable insights that can be used whenever possible.

It’s also worth noting that API security as a practice involves several teams and systems. API security includes network security concepts like rate limiting and throttling, as well as data security, identity-based security, and monitoring.

Technology advancements such as cloud services, API gateways, and integration platforms enable API providers to secure APIs in novel ways. The technology stack you use to build your APIs has an impact on, how secure they are.

Larger organizations have different departments, and they can develop their own applications using their own APIs. Large organizations also end up with multiple API stacks or API silos because of mergers and acquisitions.

As we know, API security requirements can be directly mapped to the technology of a single silo when all your APIs are contained within it. In the future, these security configurations should be portable enough to be extracted and mapped to another technology.

However, in heterogeneous environments, API security rules are typically defined using API security-specific infrastructure that operates across these API silos. The connectivity between API silos and API security infrastructure can be achieved by using the sidecars, sideband agents, and APIs integrated between cloud and on-premises deployments.

API Discovery

There are numerous barriers that prevent security operatives from having full visibility into all APIs exposed by their organization. API silos reduce API visibility by providing only a subset of APIs under disconnected governance.

API discovery is a tussle between API providers and hackers who will easily exploit the APIs once discovered. API traffic metadata can be used to locate APIs before they are discovered by attackers. This information is extracted from API gateways, load balancers, or directly inline network traffic, and then fed into a specialized engine that generates a useful list of APIs that can be compared to API management layer catalogues.

OAuth and API Access Control

To limit API resources to only those users who should be able to access them. The user, as well as any applications acting on their behalf, must be identified. This is typically accomplished by requiring client-side applications to include a token in API calls to the service, which can then validate that token and retrieve user information from it. OAuth is the standard that describes how a client-side application first obtains an access token. OAuth defines numerous grant types to accommodate different flows and user experiences.

API Data Governance and Privacy Protection

API leaks occur because data flows through APIs. As a result, API security must also include inspecting the structured data flowing into and out of your APIs and enforcing rules at the data layer.

Because data in your API traffic is structured predictably, enforcing data security by inspecting API traffic is an excellent choice for this task. API data governance, in addition to [yes/no] type rules, allows you to transform the data structured into your API traffic in real-time for redaction purposes. This pattern is commonly used to redact specific fields that may contain information that a user’s privacy settings dictate should be hidden from the requesting application.

API Threat Identification

API threat detection is a logical extension of general threat protection measures. APIs, for example, are frequently protected by a firewall, which provides some basic security. APIs are sometimes protected by a web application firewall (WAF). A WAF may scan API traffic to detect signature-based threats such as SQL injections and other injection attacks. API gateways also play a role in API-specific threat detection. A gateway may impose a strict schema on the way in as well as general input sanitization. In addition to acting as a policy enforcement point, it will look for deep nesting patterns, and XML bombs, and apply rate limits.

API Analytics and Behaviour

An AI engine can build models for what normal API traffic looks like using API traffic metadata and then use this model to look for anomalous behavior. These anomalies can aid in the detection of ongoing attacks, but they can also indicate system misbehaviors and other non-malicious disruptions to your services, such as friendly fire. Such a layer can pinpoint the source of this attack or misbehavior by analyzing API traffic metadata, and this information can then be used to cease the incident in progress and fix it.

Conclusion

APIs are highly regarded targets for malicious actors and are expected to become the primary attack. APIs require a dedicated approach to security and compliance due to the critical role they play in digital transformation and the access to internal sensitive data and systems they provide.

Read more articles:

What is API Security?

ThreatX Collaborates with Distology

ThreatX enables enterprises to detect and respond to sophisticated threats to their APIs and web applications by combining AI and machine learning capabilities along with comprehensive managed services. ThreatX has announced a partnership with Distology which is a leading cloud security distributor in the United Kingdom and other European markets. ThreatX will be able to deliver its API protection platform and managed services at scale through this partnership with Distology. ThreatX will gain from Distology’s extensive outreach, knowledge, and strong relationships covering the United Kingdom, Ireland, and Benelux markets.

Dave Howell, CMO at ThreatX commented, “Distology will jumpstart ThreatX’s expansion into the U.K. and neighboring European markets. When choosing partners, Distology identifies and evaluates products that it considers to be ‘best of breed,’ and our solution meets, and exceeds, these criteria. We are thrilled to offer our solution in both new and existing markets as we continue to build upon our tremendous start to 2022.”

ThreatX’s success is strong and the partnership with Distology is evident of that, the company reported record-breaking growth in the first quarter of calendar 2022 alone, with record new business bookings and increased average revenue per customer. In addition, the company recently expanded and improved its API protection capabilities to provide customers with better protection and visibility into their API attack surface.

Billy Toomey, VP of Sales, ThreatX stated, “Distology is one of the most thoughtful and strategic security software distributors I’ve encountered. Rather than focus on transactional relationships, the Distology team builds deep, and meaningful, partnerships centered on solving customer problems, I’m excited for our partnership and believe this is truly a win-win for both companies, as Distology offers its partners the unique ability to help customers both identify and stop attacks on APIs in real-time.”

ThreatX’s API protection platform protects APIs from all threats, including DDoS attempts, bot attacks, API abuse, exploitation of known vulnerabilities, and zero-day attacks. ThreatX protects APIs for businesses in every industry around the world effectively and efficiently.

Read more articles:

API Security?

Cloud Security?

Neosec raises $20.7 Million in Series A Funding To Protect APIs Against Business Abuse And Data Theft

Neosec announced that it has emerged out of stealth mode and closed a $20.7 million Series A funding round led by True Ventures, New Era Capital Partners, TLV, and SixThirty, as well as security gurus Mark Anderson, Gary Fish, Mickey Boodaei, Rakesh Loonkar, and Shailesh Rao.

The firm is taking a different approach than today’s traditional application security products, which often rely on signature-based approaches to secure a perimeter. Instead, Neosec uses known XDR (Extended Detection and Response) security approaches, such as precise behavioural analytics, to uncover vulnerabilities and business abuse hidden within APIs.

“Today’s new applications are all API-driven, which creates a new attack surface that puts business fundamentals at risk. Traditional application security techniques are scarcely relevant in a cloud and API-first world,” said Brian Sack, principal at TLV Partners.

APIs are the foundations of digital business, and they enable to accelerate innovation and software development by allowing organisations, partners, and services to communicate seamlessly. While several security solutions promise to secure APIs today, the majority rely on traditional signatures, allowing API calls to proceed without any practical checks of their usage. These systems have no way of detecting bad conduct in APIs, so they let authenticated clients engage with them as they see fit, presuming they’re safe and allowed. 

“Today, APIs contain both money and data as well as govern key interactions within a business and to customers, partners and suppliers. Every API is a window into an organization’s business systems and potentially exposes key business logic and processes. Ignoring this blind spot is no longer an option, so the need for a new approach to API security is critical,” said Puneet Agarwal, partner at True Ventures.

Neosec learns every API user’s and client’s baseline behaviour automatically, correlating and profiling different entities such as users, customers, business processes, and partners. It allows users to see, investigate, and hunt for threats utilizing precise timelines of each user entity’s activities.

“One of the greatest challenges facing cybersecurity is the severe lack of logical visibility and behavioral assessment of APIs. Existing technologies were not created to address the incredible exposure organizations now have through their APIs. We created an entirely new approach based on data analytics to provide a complete understanding of all API interactions. It is fully automated, SaaS delivered and able to protect increasing exposure through digital business,” said Engel.

Confluera Introduces Cloud eXtended Detection and Response solution

Confluera, the leading provider of next-generation cloud detection and response, has launched Cloud eXtended Detection and Response (CxDR) solution to secure cloud-native systems from new threats. Confluera CxDR is a SaaS-based next-generation detection and response solution that is specifically designed to address the new advanced threats that exist in the cloud.‍

Threat detection, threat analytics and cloud security all are part of the company’s CxDR solution, which brings together the finest security features from the otherwise silo-ed category of solutions. Confluera’s verified signal analytics from numerous sources, such as APIs, third-party intelligence and Confluera’s patented real-time threat storyboarding capability, are all part of the tiered solution. Confluera CxDR decreases the time to detect and mitigate advanced cyberattacks from months to hours, decreasing the requirement for highly experienced cyber security professional.

“Navigating the modern threat landscape requires a modern approach to cloud security. With rapid detection and response built on cloud-native architecture, Confluera gives us confidence that we can mitigate cyberattacks before they can do any harm,” said Jack Roehrig, Chief Information Security Officer at Turnitin.

“Despite the recent innovations in the detection and response industry, organizations continue to play catch up to protect themselves against modern cloud cyberthreats. With Confluera CxDR, we are evolving cloud security beyond other solutions today, providing organizations the intelligence, accuracy and context – all in real-time – to stop threats,” said John Morgan, CEO of Confluera.

“The cybersecurity market has evolved in a very siloed manner and threat detection functions have often been pushed out to the edge of the network mimicking legacy perimeter security models. Recent detection and response categories offer enhanced capabilities but continue to evolve isolated from other solutions. This is where CxDR comes into play. By providing extended detection and response in the cloud, enterprises seeking cyber-attack mitigation will now have the ability to quickly and accurately detect modern cloud cyberattacks. Confluera is leading the charge in this market, allowing their customers to have sufficient time, and forewarning to keep attacks at bay within the cloud,” said Chris Steffen, Research Director, EMA.

Salt Security introduced Salt Labs to increase API Security awareness around the world

Salt Security, the industry’s leading API security firm, announced the launch of Salt Labs, a new public forum for sharing API vulnerability research. Salt Labs will be a resource for organizations wishing to protect infrastructure against API risk through vulnerability and threat research, as well as industry reports. It will also raise public awareness about API security threats, supporting Salt Security’s aim of providing comprehensive API security and accelerating corporate innovation by making APIs attack-proof.

Concerns about API security have become a huge obstacle to company innovation. According to the Salt Security State of API Security Report, 66 percent of companies have put off deploying a new app due to API security concerns. To address these concerns, Salt Labs will publish research and studies that businesses can utilize to strengthen their API security posture and prevent dangers to API-centric enterprises. Salt Labs will focus on offering high-impact threat research, identifying the latest API attack vectors, and giving remediation best practices to make API security programs more agile and actionable, using a strong technical understanding of API risks, security flaws, and misconfigurations.

“APIs represent an important and often overlooked threat vector that presents a range of challenges often not included in research efforts. We look forward to the dividends of the public research efforts of Salt Labs, which will increase our awareness of emerging API risks and help us harden our application environments to better protect both our employees and customers,” said Steve Ward, CISO, The Home Depot.

To date, the private sharing of API threat research findings has emphasized the need for further education about critical API security challenges and vulnerabilities, which are frequently assumed to be mitigated by traditional solutions like Web Application Firewalls (WAFs) and API gateways. Salt Labs’ goal is to improve users’ ability to spot security flaws in their own APIs, allowing them to take strong, proactive steps to harden their APIs and back-end systems. As a result, more businesses will be able to protect and maintain the integrity of sensitive consumer and business-critical data.

“With the growth of APIs and the central role they play in today’s application environments, the need for unbiased, relevant, and reliable research has prompted us to share the groundbreaking API security research that our team has been conducting for years. Salt Labs is dedicated to extending the safety of enterprises as they innovate in our increasingly digital and connected world. By now making this research public, we will increase education around API security and related attack vectors so that organizations of all types can strengthen their API security measures,” said Roey Eliyahu, co-founder and CEO, Salt Security.