This article is the first in a series of five covering key API security topics and provides some answers to common questions we often get when talking to potential customers. This series will cover the following topics:
- API Discovery
- API Posture Management
- Attack Protection
- API Security Testing
- Attack Detection and Threat Hunting
API security needs are specific to individual customers and their particular market or industry, and Cequence has built a solution with that in mind – it’s highly flexible, customizable, and built to grow with your business.
This article focuses on API discovery, which is usually the first step in the API security process. Understanding what APIs are deployed, which ones are in use, where they are, and what information they’re transacting is key to ensuring their security. API discovery is a core competency of the Cequence Unified API Protection platform; it discovers internal, external, third-party, managed, unmanaged, zombie, and shadow APIs and maintains a continuously updated inventory.
The following are some common requirements that we’ve heard voiced by potential customers:
Discover & Monitor Internal API Endpoints (East-West APIs)
Cequence’s network-based discovery capability identifies internal API endpoints – North-South (connecting to external systems and third parties) and East-West (connecting internal traffic and processes), creating an API inventory that is continuously updated. In fact, Cequence discovers internal, external, and third-party APIs. For more information about Cequence’s discovery capability, please see Cequence’s API Discovery and Risk Classification.
See Into mTLS-Encrypted API Traffic without Decrypting
The extended Berkeley Packet Filter (eBPF) is a technology that enables, among other things, high-speed inspection of encrypted traffic without terminating the TLS connection. Cequence’s eBPF implementation allows for the analysis of mTLS-encrypted traffic without needing to perform any additional TLS terminations, enabling quick, low-latency, and secure integrations.
Support for SOAP APIs
Cequence supports a number of different API formats including REST, GraphQL, and SOAP. Cequence discovers Simple Object Access Protocol (SOAP) APIs and examines the XML payload of each SOAP API in the standardized SOAP format. Cequence also includes threat rules and policies for SOAP API calls. Cequence currently supports SOAP v1.1 and v1.2.
Discovery and Tracking of Third-Party APIs and Sensitive Data Use
Third-party APIs are increasingly prevalent in modern applications, and it’s important to be able to discover, inventory, and track each one. By integrating with existing infrastructure such as firewalls and gateways, or through the use of eBPF, Cequence is able to identify third-party APIs at these common egress points.
Some of the other areas of API discovery where Cequence excels:
| Discover & monitor edge API Endpoints (North-South APIs) | |
| Auto grouping of discovered APIs into service/application collections | |
| Understand queries, parameters and attributes of the API | |
| Support for REST APIs | |
| Support for GraphQL APIs | |
| Identify API changes and versions |
There are certainly other facets of API discovery, but these are some of the common topics. Check out the other articles in this series, or our eBook, “Ten Things Your API Security Solution Must Do.”
Sign up for the latest Cequence Security news
By clicking Subscribe, I agree to the use of my personal data in accordance with Cequence Security Privacy Policy. Cequence Security will not sell, trade, lease, or rent your personal data to third parties.
