Enterprise API Strategy Amplify Engage

How to secure APIs: start by eliminating the unmanaged risks to your organization

How to secure APIs: start by eliminating the unmanaged risks to your organization

A lot goes into the question of how to secure APIs, from best practices to vulnerability checklists and solutions. Today, we’re proud to announce that we’ve added a valuable tool to your API security arsenal: we’re making Traceable’s contextual API security capabilities an integral part of our Amplify Platform, making Axway’s Amplify solution the one-stop solution for Business, IT, and Security.

With the combination of Amplify and Traceable, companies can establish comprehensive security and compliance programs that cover the entire lifecycle.

Read on to learn about how Traceable enables intelligent API security at an enterprise scale, how the integration works, and why this additional capability makes Amplify Engage (formerly Amplify Enterprise Marketplace) the most comprehensive solution ever to govern your APIs, irrespective where they are hosted/run and what style of APIs you are using.

Most enterprises are at risk due to unmanaged APIs

We’ve already covered the risk of shadow or zombie APIs extensively: these unmanaged, unsecured APIs represent that largest attack vector in most organizations. They’re the ones organizations do not even know about.

There is growing awareness of this problem in every organization we talk to – irrespective of their overall API maturity. Our 2024 State of Enterprise API Maturity report found that a vast majority of enterprise decision-makers don’t even know how many APIs they have.

 

Blue pie chart: 78% of enterprise decision-makers don't know how many APIs their organization has in its IT ecosystem. Source: Axway State of Enterprise API Maturity Survey, 2024

 

What’s more, 74% report that more than 20% of their organization’s APIs are unmanaged.

Dive deeper into the enterprise API maturity report here.

These unmanaged APIs go by different names (zombie APIs, shadow APIs, legacy assets…) but regardless of what you call them, they represent a significant threat, and teams are tasked with remediating these before hackers find them.

See also: Remediate Your Lost APIs [Zombie APIs, Shadow APIs, Legacy APIs]

This is where the new Traceable integration comes in. Using Amplify’s Traceable agent, companies can leverage the traffic data that Traceable captures, correlates, and analyzes for all API-related activity over time, across your entire API ecosystem. Their unique data advantage provides contextual API security.

While other API management vendors may offer integration with these capabilities, Axway has entered a partnership with Traceable. This means these enhanced security features are an integral part of Amplify Platform offering.

Reducing risk: how the Traceable agent helps to secure APIs

Traceable enriches the Amplify platform with traffic discovery, posture management, and testing & detection. Key capabilities include:

  • Continuous API Discovery (Unmanaged, internal, external, 3rd party, gen AI, and partner APIs)
  • Automatic API risk scoring (find and score shadow APIs)
  • Auto create and publish runtime API specs
  • Conformance analysis (API Linting)
  • Sensitive data flow discovery, tracing and exposure detection

Traceable can be inserted in various places to detect and analyze even encrypted traffic occurring at the various API endpoints.

The integration with Amplify allows Axway customers to more rapidly get a grip on their unmanaged APIs by matching the occurring traffic against known API endpoints in the various managed environments – connected in Amplify.

 

Traceable API security schema in Amplify platform

 

Get started with configuring the Traceable agent for Amplify here.

Start hardening your API ecosystem with Amplify today

As organizations scale their API usage, managing and securing these endpoints becomes both more critical and complex.

Amplify and Traceable are two solutions that address these needs in a complimentary way—Amplify by facilitating seamless API management and governance, and Traceable by adding a powerful layer of API security and threat detection.

These added capabilities offer increased value for our customers, even those that are still early on in their API journey.

After all, 95% of respondents in our aforementioned API maturity survey agree that a centralized API catalog would help improve their API governance.

This addition of Traceable’s capabilities is a powerful step in that direction: it helps tighten up organizations’ security posture while speeding up their business growth. Now, you can:

  • Increase time to value by mapping your runtime traffic against your managed API infrastructure and identify outliers (unmanaged APIs)
  • Prioritize APIs for remediation (based on traffic and risk assessment)
  • Continuously monitor, identify, fix, and repeat.

 

 

With Amplify Engage, organizations can enjoy the most comprehensive solution for governing their APIs, irrespective of where they are hosted/run and no matter what style of APIs they are using.

What’s more, thanks to enhanced API insights, business and IT teams have a better view into API performance and security. This combined data makes it easier to optimize business strategies and IT operations for stronger enterprise-wide alignment.

Download our flyer to take command of your APIs with Amplify Engage and Traceable

Key Takeaways

  • Axway has integrated Traceable's API security capabilities into the Amplify Platform, creating an even more comprehensive solution for managing and securing enterprise APIs.
  • Most enterprises face significant security risks from unmanaged APIs, with 74% of organizations reporting that over 20% of their APIs are unmanaged.
  • The new integration provides continuous API discovery, automatic risk scoring, and sensitive data flow detection to help organizations identify and remediate security vulnerabilities across their API ecosystem.