Today
at KubeCon, 42Crunch announced their collaboration with Cisco to provide the
developer community with APIClarity, a new API discovery and security tool enabling enterprises to fortify their cloud protection.
APIs
are increasingly a favorite target for hackers seeking to compromise
cloud environments with malware such as cryptojacking and ransomware.
42Crunch and Cisco are addressing these threats by advocating a
"shift-left" approach to API security and discovery that empowers
developers to code protection into the API build process.
Although
cloud environments offer enterprises many security benefits, new
vulnerabilities continue to arise that offer attackers fresh avenues
into cloud-based environments. One such attack path is the API. Every
connected mobile, modern web, or cloud-hosted application uses and
exposes APIs. These APIs enable access to data and to call application
functionality. While they are relatively easy to expose, they are
difficult to document and defend. As a result, shadow and zombie APIs
are rife, type checking is lax, API specifications are incomplete, and
authentication and authorization issues often creep up. To address these
challenges, 42Crunch collaborated with Cisco to create APIClarity, a
new open-source tool to improve the configuration and protection of
APIs.
APIClarity
In
a recent study into the Cloud Threat Landscape, IBM found that
two-thirds of cloud breaches can be attributed to misconfigured APIs.
Today,
APIClarity utilizes a Service Mesh framework to discover APIs and can
be used in association with the 42Crunch API Audit capabilities to
improve the configuration of the API specification. Knowing the API
specification is the first step in identifying API risks and APIClarity
captures all existing API traffic and constructs the OpenAPI
specification by observing the API traffic and allows users to upload
OpenAPI specifications and review, modify and approve the generated
specs. It alerts the user on differences between the approved API
specification and the one observed in runtime and detects shadow and
zombie APIs with a UI dashboard auditing and monitoring the API
findings.
Welcoming
the announcement, Vijoy Pandey, VP of Emerging Technologies and
Incubations at Cisco said, "Having a robust API security strategy is
critical for enterprises to succeed with their digital transformation
projects. Launching APIClarity represents a significant step in
providing an end-to-end API security solution for enterprise cloud
environments. We're excited about the potential for APIClarity to
empower developers to adopt a security as code approach to protecting
their APIs, and to continue working with organizations like 42Crunch who
share the same vision for enabling greater API security."
Isabelle
Mauny, field CTO and co-founder of 42Crunch, said, "Security and API
teams stand at a crossroads today. They can either try to continue to
block API threats, after they have been identified and caused potential
damage, or they can adopt a preventative stance by coding security into
their APIs at design time, ensuring protection throughout the lifecycle
of the API."
"This
initiative by 42Crunch and Cisco empowers developers with the tools to
build and automate security into their API development pipeline. It also
ensures security teams retain full control of security policy
enforcement at every stage of the API lifecycle, from design through to
run-time protection" continued Mauny.