42Crunch announced the integration of
42Crunch's API security audit and vulnerability testing solution with
Microsoft Defender for Cloud to provide Microsoft customers continuous
API protection from design to runtime. Cloud applications are
increasingly API-centric, with APIs at the core of data exchange.
Inherently, APIs are easy to expose, but difficult to defend and
traditional application security solutions are not optimized to protect
APIs. Increasingly high-profile attacks on APIs have resulted in data
breaches, leading to loss of sensitive data as well as reputational
harm. 42Crunch and Microsoft have announced this partnership to enable
developers to find and fix API vulnerabilities while giving security
teams centralized governance across their APIs.
With Microsoft Defender for APIs, an offering as part of Microsoft Defender for Cloud - a cloud-native application protection platform,
organizations can improve their security posture and quickly detect
active real-time threats. Together with 42Crunch, development teams will
be able to "shift left" by testing their APIs for security
vulnerabilities earlier on in the development lifecycle. By combining
insights and security findings from both solutions within the Defender
for Cloud platform, security teams will have broad visibility and
governance of the risks associated with their APIs from design to
runtime. Additionally, operations teams will be able to leverage the
native workflow capabilities of Defender for Cloud to accelerate
remediation efforts.
Key challenges according to Gartner ® are "Protecting web APIs with
general purpose application security solutions alone continues to be
ineffective. Each new API represents an additional and potentially
unique attack vector into your systems." Gartner recommends enterprises
"adopt a continuous approach to API security across the API development
and delivery cycle, designing security into APIs. Include API security
testing and the creation and application of reusable API security
policies."
Jacques Declas, CEO of 42Crunch, welcomed the announcement saying, "This
partnership between Microsoft and 42Crunch validates our common vision
of providing customers globally with a true DevSecOps solution to
protect their digital assets from an ever growing array of attacks.
"It is well recognized that an effective API security strategy must
start early in the software development lifecycle. This partnership
between 42Crunch and Microsoft will enable customers to define,
implement, and enforce API security compliance and governance across
their API estate at scale," added Declas.
"Today's announcement strengthens Microsoft's CNAPP solution, Defender
for Cloud, by expanding its capabilities to provide comprehensive API
security coverage across the entire API development lifecycle. Our
partnership with 42Crunch enhances Defender for Cloud's existing runtime
API security capabilities by bringing added visibility into potential
vulnerabilities that may be introduced through your DevOps pipeline,"
said Vlad Korsunsky, Vice President of Cloud and Enterprise Security at
Microsoft. "Together with 42Crunch, we bridge the gap of API security
from development to runtime and empower security teams to exercise
governance over their API ecosystem throughout the development
lifecycle."