Why Now?

Driven by digital transformation and the API economy, businesses are increasing their reliance on APIs to transmit data across services and applications. Application Programming Interfaces (APIs) enable organizations to share data with authorized customers, partners,  developers and even other business units who leverage that valuable data in their own applications. As a component of modern business innovation and software development, APIs enable applications to exchange data and, in effect, “talk to” one another. But the risk of exposing valuable data via APIs is real: Gartner  estimates that by 2022, API abuses will be the most-frequent attack vector for enterprise web application data breaches. Clearly, API security must be part of any API development  plan.

Companies seeking to secure their applications from security risks and attacks such as business logic attacks, API data leakage, Layer 7 DDoS, and API misuse must place a greater emphasis on their API authorization, governance and security. In addition, scrutiny caused by the introduction of data privacy laws such as the GDPR in Europe and CCPA in the United States, provides an even greater burden for companies to securely inspect, authenticate and authorize the data that’s being transmitted by APIs. Recognizing these emerging threats, Gartner has created a new category bringing web application security and API security together, calling it a WAAP (Web Application and API Protection) 

OWASP Top 10 API vulnerabilities

Recently, the Open Web Application Security Project (OWASP) created the initial list of the most critical API threats. Spanning more traditional cyber attacks like SQL injection but also prioritizing Authentication and Authorization attacks like object level Authorization and Broken Authentication 

As with most things in the security world, there is no silver bullet that provides 100% security against the threats identified here. However the integration between Signal Sciences and CloudEntity provides a best in class solution combining real time layer 7 protection with data-context aware authentication, authorization and governance at the API endpoint for cloud-native and hybrid cloud applications. 

As the leading next-gen WAF and RASP solution on the market, Signal Sciences leverages its patented architecture and highly accurate detection methodology to defend against a wide array of API attacks. 

Cloudentity’s API MicroPerimeter™ solutions provides visibility, protection, and enforcement at the API level, focused exclusively on the transactional data and providing object level authorization. This affords a level of control and security not currently available in the market or provided by traditional API security solutions like an API gateway. 

How Does Signal Sciences and Cloudentity Protect You from OWASP Top 10 ?

VulnerabilityMitigation
API1 2019 — Broken object level authorization
  • Implement identity and Privacy aware object-level authorization checks using Cloudentity’s Authorization Control Plane (ACP). 
  • Utilize the secure token service built into Cloudentity’s API Microperimeter™
API2 2019 — Broken authentication
  • Authenticate API using a certified OAuth 2.0 provider through Cloudentity’s ACP
  • Authenticate applications using SPIFFE standard through Cloudentity’s ACP
API3 2019 — Excessive data exposure
  • Audit and review data responses and integrations with data classification vendors
  • Built-in service classification for PII, PCI and sensitive data processing using Cloudentity’s ACP
API4 2019 — Lack of resources and rate limiting
  • Signal Sciences monitors for resource abuse and utilizes rate limiting as an enforcement action. 
  • Cloudentity’s API MicroPerimeter allows rate limiting for token and access requests
API5 2019 — Broken function level authorization
  • The ACP provides Externalized function level Authorization enforced at the API perimeter 
  • All Entities (user, service, thing, data) in a transaction are authenticated and authorized
  • ML based insights for policy usage based on live traffic and data sensitivity
API6 2019 — Mass assignment
  • Cloudentity provides JSON schema enforcement and API schema validation at the MicroPerimeter. 
API7 2019 — Security misconfiguration
  • Signal Sciences monitors and blocks attacks against unpatched or outdated third party frameworks or libraries.
  • Cloudentity discovers and protects APIs through Authorization as code and governance. 
API8 2019 — Injection
  • Signal Sciences protects against injection style attacks including SQL, XSS, Command Execution, and others. 
API9 2019 — Improper assets management
  • Signal Sciences and Cloudentity together provide complete visibility and protection across all web, mobile, and API properties.
API10 2019 — Insufficient logging and monitoring
  • Both Signal Sciences and Cloud Entity provide robust logging and monitoring of security related API events along with seamless  integration with leading SIEMs and DevOps tools. 

Solution Overview

diagram of solution

Sign Up for a Demo

Interested in learning more? Sign up for a demo today.