This article is the second in a series of five covering key API security topics and provides some answers to common questions we often get when talking to potential customers. The series will cover the following topics:
- API Discovery
- API Posture Management
- Attack Protection
- API Security Testing
- Attack Detection and Threat Hunting
API security needs are specific to individual organizations and their particular market or industry, and the Cequence Unified API Protection platform was developed with that in mind – it’s highly flexible, customizable, and built to grow with your business.
This article focuses on API posture management, which encompasses API discovery, monitoring, testing, and compliance. Proper API posture management includes assessing the organization’s APIs for a broad range of risks that can lead to compliance or governance issues, data loss, and business disruption. API posture management is the primary purpose of API Sentinel, a foundational component of the Cequence Unified API Protection platform. API Sentinel performs many key API posture management functions, including:
- API discovery & inventory
- Generation of API definitions/specs
- API risk identification & classification
- Sensitive data exposure detection and prevention
- Support for common risk frameworks such as OWASP
- API security testing
The following are some common requirements that we’ve heard voiced by potential customers:
Discover And Visualize API Dependencies
Cequence includes a graphical tool that provides actionable visualization of end-to-end API flows with an attractive, easy-to-understand interface. This capability enhances security team visibility by identifying good and bad flows and their associated volumes, , enabling personnel to quickly understand and take immediate action on any malicious activity. Unlike competitive solutions, Cequence offers single click, native mitigation for malicious traffic including logging, rate limiting, and blocking.
Sensitive Data Classification into Sets (Including Customized)
Cequence protects Fortune and Global 500 organizations across multiple industries including retail, telecommunications, and financial services, and customers including 2 of the top 3 telecoms, the largest credit card and mutual fund companies, some of the largest fashion and beauty retailers, one of the world’s largest mining companies. Cequence classifies sensitive data as needed and can be customized to meet the needs of the organization beyond standard data such as U.S. Social Security Numbers (SSN) but also vertical-specific sensitive information, e.g., credit cards numbers, IMEI, and CPNI.
Discovery Of Sensitive Data Flows
Cequence offers a Sensitive Data Exposure dashboard to quickly identify and remediate APIs and endpoints using sensitive data based on predefined (e.g., credit card numbers, social security numbers, Stacktrace codes, etc.) and customizable data patterns. Context-aware sensitive data detection using a Natural Language Processing (NLP) machine learning technique complements predefined patterns and reduces false positives by identifying sensitive data exposure using contextual clues, e.g., presence of keywords close to the actual detected value.
The results are graphically displayed in the dashboard with details such as the API source or response codes leaking the data, the pattern found, and the underlying IP address details. Notifications can be sent to development teams for rapid remediation using predefined alerts for tools such as Slack, PagerDuty, or email. Read more about Sensitive Data Exposure.
Flag Shadow, Zombie, And Orphaned Endpoints
Cequence automatically discovers and identifies shadow, zombie, and orphaned endpoints. These can include unused or dormant APIs that aren’t transacting data as well as active APIs that don’t have associated specifications. Read more about our API Discovery and Risk Classification.
API Posture Change Detection and Alerting
Cequence offers continuous monitoring of the organization’s API security posture, assessing a broad range of risks that can lead to compliance or governance issues, data loss, and business disruption. As API risk posture changes, these risk events are highlighted in the UI and exportable for additional actions.
Some of the other areas of API posture management where Cequence excels:
| Discovery of sensitive data in the APIs | |
| Automated risk scoring for API Endpoints | |
| Ability to customize risk factors in API endpoints | |
| Automatically generate and download OpenAPI spec from runtime | |
| OpenAPI spec conformance analysis: runtime vs. uploaded | |
| Per API endpoint vulnerability identification | |
| Identify exposed APIs by external scanning | |
| Identify exposed credentials by external scanning | |
| Identify exposed vulnerabilities by external scanning | |
| Identify business logic abuse |
There are certainly other facets of API posture management, but these are some of the topics we hear about most frequently. Check out the other articles in this series, or our eBook, “Ten Things Your API Security Solution Must Do.”
Sign up for the latest Cequence Security news
By clicking Subscribe, I agree to the use of my personal data in accordance with Cequence Security Privacy Policy. Cequence Security will not sell, trade, lease, or rent your personal data to third parties.
