Data Theorem, Inc., a leading
provider of modern application security,
introduced today the industry's first automated API discovery and security
inspection solution aimed at addressing API security threats introduced by
today's enterprise serverless and microservices applications, including Shadow
APIs. With today's launch, users can automate API discovery and security
inspection seamlessly into their DevOps practices and continuous
integration/continuous delivery (CI/CD) processes to protect any modern
application.
The industry is seeing a
rapid rise of new applications built with modern tools such as Amazon Lambda,
Google Cloud Functions and Azure Functions, which allow developers to build
applications at scale with less infrastructure complexity and lower costs.
However, these new apps often have API services such as mobile SDK access for
analysis and information retrieval that enable unintended data loss due to
outdated TLS encryption support and lack of proper authentication. These
services also allow for rogue APIs to be used without proper enterprise
security vetting, called Shadow APIs, that go undetected by today's legacy
security models.
"Data Theorem uniquely
addresses threat models related to modern apps, helping us identify issues
related to privacy and application-layer attacks and the potential loss of
sensitive data," said Rich Tener, Director of Security for Evernote. "With
Data Theorem, we have continuous security testing in place for all of our
apps in the app stores. Traditional API security checks are not enough in our
environment. The new API discovery and inspection products Data Theorem
has delivered are truly differentiated - I haven't seen anyone else in the
industry building automated API security services like this."
With today's launch, Data
Theorem has delivered two new products called API Discover and API Inspect that
do not depend on agents, proxies, or gateways that are common with legacy API
security tools. Together they address security concerns such as Shadow APIs,
Serverless Applications, and API Gateway cross-check validation by conducting
continuous security assessments on API authentication, encryption, source code,
and logging. The new API security solutions support Amazon's Lambda and API
Gateway tools to discover modern APIs and to enumerate the specification using
standards such as Swagger and Open API 3.0.
"Data Theorem continuously
scans and secures our mobile applications and respective backend services,
which gives us tremendous peace of mind that our customers are communicating
and collaborating in the most secure environment possible," said Michael
Machado, Chief Security Officer for RingCentral. "We greatly anticipate
the new Data Theorem security services for API discovery and inspection in our
DevOps environment. These new API security services are ground-breaking in the
changing developer landscape. We continuously strive to mitigate modern app
threats, and Data Theorem has been an essential security automation platform
for our mobile and API-centric applications."
Data Theorem's new solution
will ensure the operational function of users' APIs matches their respective
definitions. As an example, if an API's authentication and encryption levels do
not operationally match the declared specification, users will be alerted of
important and critical vulnerabilities caused by insufficient security
protection. The ephemeral nature of serverless applications often makes legacy
API security tools irrelevant and unusable. The new API solutions from Data
Theorem will also alert users of newly created APIs built upon serverless
frameworks and deliver continuous, automated security analysis of these newly
created APIs.
According to Mark O'Neill,
Gartner Senior Director, Analyst, et al, "Protecting web APIs with traditional
application security solutions alone is ineffective...New APIs are being added
and consumed by organizations on an ongoing basis, meaning that API security is
not a one-time exercise...Application and application security leaders
responsible for application strategies and governance should adopt a continuous
approach to API security with ongoing discovery, monitoring and securing of
APIs."
The rate of change for
developers with today's modern applications has accelerated due to automation,
agile development processes, and DevOps efficiency. However, these practices
have introduced a new wave of threats unaddressed by today's security
automation tools. Data Theorem has to date been a complementary solution for
traditional application security vendors. Now legacy API gateway tools and
container-centric security offerings can also benefit from Data Theorem's new
release.
"Data Theorem has a long and
successful history focused on Mobile Application Security and adding support
for mobile-centric APIs for the past few years," said Himanshu Dwivedi, Data
Theorem founder and CEO. "However, we saw the need for API security independent
of mobile applications that was necessary for the growth in secure modern
applications beyond mobile, such as serverless applications. Today's launch
uniquely addresses security concerns in today's modern application era."
Availability and Pricing
Data Theorem's new API Discover and API Inspect
security products are available today from
https://www.datatheorem.com/demo.
Annual pricing starts at $300 per API operation. For more information, see
https://www.datatheorem.com/products.