The New API Security Solution for Enterprise Serverless and Microservices Applications by Data Theorem
The agile development processes have contributed to the rapid software development in the industry. With continuous development and automation, these practices of accelerated development fuel new types of security vulnerabilities. The possibility of having the Shadow APIs, or APIs that do not have proper enterprise security vetting exist in the wild, could be high and unmanaged. The legacy APIs and legacy API gateway are prone to be targeted for exploitation. According to Data Theorem, they discovered that there were more than 100 million eavesdropping attempts on iOS and Android applications in 2015.
Data Theorem just announced that their new automated API solution targets at solving these threats in serverless and microservices applications. This new strategy of protecting APIs consists of two new products: API Discover and API Inspect. The API Discover is an automated discovery service that searches for any unknown APIs or the “Shadow API” within customers’ public cloud infrastructure environment. Once it is discovered, it will be highlighted and displayed on the dashboard as alerts. On the other hand, the API Inspect aims at searching for potential vulnerabilities, such as possibly exist in authentication, encryption layers of Internet-facing APIs on SSL/TLS, Open API 3.0 specification and other policies. It can also be integrated with other tracking systems, such as Bugzilla or Jira Software. Finally, Data Theorem’s new API Security Solution can be used in Microsoft Azure Functions, Amazon Lambda, and Google Cloud Functions.
The new level of security threats should not be overlooked, especially if we use the serverless type of architecture for our applications. Himanshu Dwivedi, Data Theorem founder, and CEO said. “However, we saw the need for API security independent of mobile applications that were necessary for the growth in secure modern applications beyond mobile, such as serverless applications. Today’s launch uniquely addresses security concerns in today’s modern application era.”