SBN

API Discovery – Common Topics We’re Asked About

This article is the first in a series of six covering key API security topics and provides some answers to common questions we often get when talking to potential customers. This series will cover the following topics:

  • API Discovery (this article)
  • API Posture Management
  • Attack Protection
  • API Security Testing
  • Attack Detection and Threat Hunting
  • Architecture & Deployment

API security needs are specific to individual customers and their particular market or industry, and Cequence has built a solution with that in mind – it’s highly flexible, customizable, and built to grow with your business.

This article focuses on API discovery, which is usually the first step in the API security process. Understanding what APIs are deployed, which ones are in use, where they are, and what information they’re transacting is key to ensuring their security. API discovery is a core competency of the Cequence Unified API Protection platform; it discovers internal, external, third-party, managed, unmanaged, zombie, and shadow APIs and maintains a continuously updated inventory.

The following are some common requirements that we’ve heard voiced by potential customers:

Discover & Monitor Internal API Endpoints (East-West APIs)

Cequence’s network-based discovery capability identifies internal API endpoints – North-South (connecting to external systems and third parties) and East-West (connecting internal traffic and processes), creating an API inventory that is continuously updated. In fact, Cequence discovers internal, external, and third-party APIs. For more information about Cequence’s discovery capability, please see Cequence’s API Discovery and Risk Classification.

Claroty

See Into mTLS-Encrypted API Traffic without Decrypting

The extended Berkeley Packet Filter (eBPF) is a technology that enables, among other things, high-speed inspection of encrypted traffic without terminating the TLS connection. Cequence’s eBPF implementation allows for the analysis of mTLS-encrypted traffic without needing to perform any additional TLS terminations, enabling quick, low-latency, and secure integrations.

Support for SOAP APIs

Cequence supports a number of different API formats including REST, GraphQL, and SOAP. Cequence discovers Simple Object Access Protocol (SOAP) APIs and examines the XML payload of each SOAP API in the standardized SOAP format. Cequence also includes threat rules and policies for SOAP API calls. Cequence currently supports SOAP v1.1 and v1.2.

Discovery and Tracking of Third-Party APIs and Sensitive Data Use

Third-party APIs are increasingly prevalent in modern applications, and it’s important to be able to discover, inventory, and track each one. By integrating with existing infrastructure such as firewalls and gateways, or through the use of eBPF, Cequence is able to identify third-party APIs at these common egress points.

Some of the other areas of API discovery where Cequence excels:

Discover & monitor edge API Endpoints (North-South APIs)
Auto grouping of discovered APIs into service/application collections
Understand queries, parameters and attributes of the API
Support for REST APIs
Support for GraphQL APIs
Identify API changes and versions

There are certainly other facets of API discovery, but these are some of the common topics. Check out the other articles in this series, or our eBook, “Ten Things Your API Security Solution Must Do.”

The post API Discovery – Common Topics We’re Asked About appeared first on Cequence Security.

*** This is a Security Bloggers Network syndicated blog from Cequence Security authored by Shreyans Mehta. Read the original post at: https://www.cequence.ai/blog/api-security/api-discovery-common-topics/

Application Security Check Up