Blind spots are much more than just things you don’t track.
Visibility is a big challenge for security professionals today, perhaps the biggest. But all too often, “lack of visibility” becomes interchangeable with “lack of monitoring technology.” Let’s say you have the best microscope ever invented. What good is it if you don’t look inside? And if you look inside, can you interpret and understand what you see?
APIs are widespread
Accordingly, the importance of API security continues to grow, as APIs facilitate value delivery in new ways and become an integral part of innovative business models and value creation for partners and customers. Four out of five enterprises already publish APIs to enable access to their data to either partners (B2B) or users (B2C).
In such a complex setting, monitoring doesn’t equal visibility. A microscope isn’t enough. You have to combine the different perspectives — the schema, the business logic, the API call flows, and actual user behaviors — so you can effectively transform data into the visibility and insights you need to drive positive change. It’s foremost about creating the framework to surface the insights, and only then about acting on those insights.
The API security backbone: From technology to collaboration
With more people working at home and as organizations increasingly embrace digital transformation, bad actors have more opportunities to prey on organizations, forcing a reassessment of risk levels of APIs.
Attackers target APIs’ unique business logic, calling for a new breed of functional API security solutions. API security has become a top priority for 91 percent of security leaders making API security a top focus over the next 24 months.
Fortunately, Imvision and Axway partnered to deliver a comprehensive solution to protect APIs from emerging functional attacks. The new solution helps enterprises proactively get ahead of the growing API challenges, enhancing their ability to deploy secure APIs through greater collaboration and visibility.
Going beyond with APIs
Going beyond automated discovery and runtime protection, it allows security leaders to collaborate across teams more effectively, redefining and enforcing security governance and controls for modern applications in the API-first era.
By creating an integrated API Security Backbone, spanning across access control, security testing, and runtime protection, enterprises are now set to protect all their APIs without falling behind development cycles or leaving exposed vulnerabilities to chance.
By providing new levels of visibility, you can improve your API security posture and better align teams:
- Automated API discovery: Imvision and Axway’s comprehensive solution conducts a data-driven discovery of APIs, endpoints, methods, consumers, and usage patterns (without documentation needed).
- Context-aware protection enables you to identify vulnerabilities. By learning the API behavior patterns using AI and machine learning, every APIs’ functionality is uncovered. This capability enables you to identify automatically anomalous user activities and breaks within the APIs’ functionality, generating a unique advantage in mitigating attacks on APIs.
- API Security testing enables you to take a proactive approach that integrates security controls early into the development cycle, simulating business logic attacks in staging.
- Continuous risk scoring enables you to prioritize remediation efforts across your entire API stack.
- Schema Analysis enables you to analyze your API definition against the Open API Specification for vulnerabilities.
Imvision and Axway enhanced integration (Or: beyond rules, hello intelligence)
Axway users can now easily leverage the full functionality of Imvision’s API Security Platform’s capabilities including increased visibility, automated API discovery, advanced detection, attack analytics, continuous risk scoring, and proactive security testing.
The joint solution leverages Axway and Imvision capabilities to provide a seamless and comprehensive security solution that enables enterprises to accelerate their digital transformation through secure APIs and scrutinized API calls.
On the one hand, Axway’s Amplify API Management Platform protects APIs against technical attacks by providing API authentication, access control, rate limiting, content validation, and message integrity checks.
On the other hand, Imvision’s platform safeguards APIs against functional attacks, including business logic, business process, user behavior, and reconnaissance.
Imvision and Axway’s comprehensive solution conducts a data-driven discovery of APIs, endpoints, consumers, and methods — without documentation needed — and automatically provides visibility and recommends protections based on the learned functionality to enable individual API protection.
Learn more about how Axway’s partner resources enable our partners to go further.
Don’t miss Imvision’s “Rethinking Application Security” executive series starting June 2nd. Axway’s Laura Heritage, Director of Product Portfolio Management — Developer Platform, is featured in Session 3, “Coming together for a robust security roadmap” on June 30th — REGISTER NOW.