Data Theorem debuts automated API discovery and security analysis offering for enterprise serverless and microservices applications



Data Theorem introduced on Thursday its automated API discovery and security inspection solution aimed at addressing API security threats introduced by enterprise serverless and microservices applications, including Shadow APIs.

With this launch, users can automate API discovery and security inspection seamlessly into their DevOps practices and continuous integration/continuous delivery (CI/CD) processes to protect any modern application.

This sector is seeing a rapid rise of new applications built with modern tools such as Amazon Lambda, Google Cloud Functions and Azure Functions, which allow developers to build applications at scale with less infrastructure complexity and lower costs.

However, these new apps often have API services such as mobile SDK access for analysis and information retrieval that enable unintended data loss due to outdated TLS encryption support and lack of proper authentication. These services also allow for rogue APIs to be used without proper enterprise security vetting, called Shadow APIs, which go undetected by legacy security models.

Data Theorem is a provider of application security. Its core mission is to analyze and secure any modern application anytime, anywhere. The Data Theorem Analyzer Engine continuously scans APIs and mobile applications in search of security flaws and data privacy gaps. Data Theorem products help organizations build safer applications that maximize data security and brand protection.

Data Theorem has delivered two new products called API Discover and API Inspect that do not depend on agents, proxies or gateways common with legacy API security tools. Together, they address security concerns such as Shadow APIs, serverless applications and API Gateway cross-check validation by conducting continuous security assessments on API authentication, encryption, source code, and logging.

The API security solutions support Amazon’s Lambda and API Gateway tools to discover modern APIs and to enumerate the specification using standards such as Swagger and Open API 3.0.

Data Theorem’s new solution will ensure the operational function of users’ APIs matches their respective definitions. As an example, if an API’s authentication and encryption levels do not operationally match the declared specification, users will be alerted of important and critical vulnerabilities caused by insufficient security protection.

The ephemeral nature of serverless applications often makes legacy API security tools irrelevant and unusable. The new API solutions from Data Theorem will also alert users of newly created APIs built upon serverless frameworks and deliver continuous, automated security analysis of these newly created APIs.

The rate of change for developers with modern applications has accelerated due to automation, agile development processes, and DevOps efficiency. However, these practices have introduced a new wave of threats unaddressed by today’s security automation tools.

Data Theorem has to date been a complementary solution for traditional application security vendors. Now legacy API gateway tools and container-centric security offerings can also benefit from Data Theorem’s new release.

“Data Theorem has a long and successful history focused on Mobile Application Security and adding support for mobile-centric APIs for the past few years,” said Himanshu Dwivedi, Data Theorem founder and CEO. “However, we saw the need for API security independent of mobile applications that was necessary for the growth in secure modern applications beyond mobile, such as serverless applications. Today’s launch uniquely addresses security concerns in today’s modern application era.”

“Data Theorem uniquely addresses threat models related to modern apps, helping us identify issues related to privacy and application-layer attacks and the potential loss of sensitive data,” said Rich Tener, director of security for Evernote. “With Data Theorem, we have continuous security testing in place for all of our apps in the app stores. Traditional API security checks are not enough in our environment. The new API discovery and inspection products Data Theorem has delivered are truly differentiated – I haven’t seen anyone else in the industry building automated API security services like this.”

“Data Theorem continuously scans and secures our mobile applications and respective backend services, which gives us tremendous peace of mind that our customers are communicating and collaborating in the most secure environment possible,” said Michael Machado, chief security officer for RingCentral. “We greatly anticipate the new Data Theorem security services for API discovery and inspection in our DevOps environment. These new API security services are ground-breaking in the changing developer landscape. We continuously strive to mitigate modern app threats, and Data Theorem has been an essential security automation platform for our mobile and API-centric applications.”

Data Theorem’s new API Discover and API Inspect security products are available. Annual pricing starts at $300 per API operation.

 

Leave a Reply

WWPI – Covering the best in IT since 1980