If API security is cloudy, then CloudVector is here to provide clarity. The company has recently launched the industry’s first API Threat Protection platform to go beyond the gateway, which enables organizations to automatically and continuously discover APIs, monitor for deviant behavior, and secure data from exfiltration to prevent data breaches.
According to Deloitte’s 2018 global CIO survey, 93 percent say their organization is adopting or considering the cloud. But as APIs become mission-critical to digital transformation, most organizations have or will struggle with gaining visibility into their API ecosystem and enforcing effective security controls. The Capital One data breach is just one recent reminder of what can go wrong.
“Think of airport security as proof that single point gateways are ineffective,” begins Ravi Khatod, co-founder and CEO, CloudVector. “The challenge of API security is like airport security because Web Application Firewalls are also single point gateways. The fact is that existing solutions are not equipped to handle the realities of modern application architectures,” says Khatod.
According to Gartner API Security: What You Need to Do to Protect Your APIs, by Mark O’Neill, Dionisio Zumerle, Jeremy D’Hoinne, August 28, 2019, “Modern application architecture trends— including mobile access, microservice design patterns and hybrid on-premises/cloud usage — complicate API security since there is rarely a single “gateway” point at which protection can be enforced.”
CloudVector is purpose-built for modern application architectures and is deployed with zero impact to inline performance, with no changes required to applications or DevOps processes. Customers have been delighted when they realize CloudVector enables them to eliminate manual API specifications.
Only CloudVector is able to automatically and continuously discover APIs, monitor for deviant behavior, and secure data from exfiltration to prevent data breaches
According to Gartner API Security: What You Need to Do to Protect Your APIs, by Mark O’Neill, Dionisio Zumerle, Jeremy D’Hoinne, August 28, 2019, “Many API breaches have one thing in common: the breached organization didn’t know about their unsecured API until it was too late. This is why the first step in API security is to discover the APIs which your organization is delivering or which it consumes from third-parties.”
CloudVector provides full-featured API Threat Protection because it enables organizations to discover, monitor, and secure APIs. Fully automated microsensor modules enable the continuous discovery of all APIs connected to enterprise assets— even shadow APIs. Deep monitoring modules use Machine Learning to apply security policy templates and real-time response modules enforcing these policies to prevent API abuse.
“CloudVector is the only solution to entirely address the OWASP API Security Top 10,” remarks Lebin Cheng, co-founder and CTO, CloudVector. “The problem with existing controls is that they don’t know what is out there, but with CloudVector, our users are easily able to discover and monitor their data flows and API transactions.”
“CloudVector uses machine learning to detect anomalies in API transactions to prevent data breaches,” adds Cheng.
“CloudVector is like casino security,” continues Khatod. “For all its glitz and glamor, when you walk into a casino, you don’t even notice its security, yet casinos are known to have some of the best security in the world. The point is to move beyond the gateway.”
“As APIs become the de facto network for modern application architectures, CloudVector will become the de facto API Threat Protection provider,” concludes Cheng.