Benefits of Adopting Zero Trust for API Security

December 15, 2021 | 99 views

API_Security
In May 2021, The White House published an Executive Order (E.O.) on Improving the Nation’s Cybersecurity. The third section of the E.O, entitled “Modernizing Federal Government Cybersecurity,” included recommendations for Federal Civilian Executive Branch (FCEB) agencies around implementing zero trust. It noted how “the Federal Government must … advance toward Zero Trust Architecture.”

Towards that end, it specified that FCEB agency heads needed to “develop a plan to implement Zero Trust Architecture, which shall incorporate, as appropriate, the migration steps that the National Institute of Standards and Technology (NIST) within the Department of Commerce has outlined in standards and guidance” within 60 days of the E.O taking effect. It went on to note that agencies’ “migration to cloud technology shall adopt Zero Trust Architecture” as well.

In this blog, we discuss what exactly is Zero-Trust and why is it so critical today for protecting cybersecurity infrastructure against ransomware attacks and other cyber threats.

What is Zero Trust & Why is it so Relevant Now?
Just as a refresher, the National Institute of Standards and Technology (NIST) defines zero trust as “an evolving set of cybersecurity paradigms that move defenses from static, network-based perimeters to focus on users, assets, and resources.” This shift means that security teams can’t trust a connection attempt just because an asset is in a particular segment of the network.

Under a zero-trust model, infosec personnel embrace the assumption that every user, asset, and resource is compromised. They can then use that mindset to validate (and re-validate) those sources on a per-session basis, acknowledging that they could suffer a compromise in the meantime.

Zero Trust Architecture (ZTA), which incorporates zero trust principles in the process of planning an enterprise network, is particularly relevant right now given the rise of remote and hybrid work.

Under these work arrangements, employees use personal devices connected to their home networks, among other locations, to access business assets hosted in the cloud. Security teams have no traditional network perimeter to enforce. What’s more, infosec personnel can’t ensure the security of every personal device and Wi-Fi network that employees are using to do their work under these models. Hence the need for security professionals to “never trust, always verify” connection attempts.

The challenges associated with remote and hybrid work might be here to stay, as well. Gartner predicted that 51% of knowledge workers will be doing their jobs remotely by the end of the year, for instance. That’s up from 27% in 2019. The technology research and consulting company went on to say that remote employees will make up about a third of the global workforce in that same period, nearly doubling their representation of 17% just two years prior.

APIs: Understanding Their Relevance and Security Challenges
It’s safe to say that the ongoing remote/hybrid work transformation described above might not be the force it is today without Application Programming Interfaces (APIs). Then again, many organizations might not have survived the events of 2020 without APIs, either. “Because of the power of APIs, organizations were able to implement changes in weeks or months that would have otherwise taken years,” explained Business Wire.

APIs empowered organizations to quickly respond to the pandemic and make changes to the ways they did commerce and hosted business assets. The pandemic is one of several reasons that the use of APIs is on the rise – users made 855 million API requests between October 2020 and October 2021, an increase of 56% over the previous year.

That said, APIs are difficult to secure using traditional means. Indeed, 37% of respondents to a survey covered by Help Net Security in 2021 listed “securing APIs” as one of their top application security challenges. This difficulty reflects the extent to which APIs can suffer from Broken Object Level Authorization and other vulnerabilities identified by the Open Web Application Security Project (OWASP) API Top 10 list. Digital attackers can exploit those weaknesses to compromise applications and the data that they handle.

How Zero Trust Can Help with API Protection
Fortunately, security teams can also apply zero trust principles to protect their organizations’ APIs. To do so, they need to embrace a comprehensive API security strategy that consists of three elements. First, VentureBeat notes that infosec teams can leverage zero trust to scale API governance, thus ensuring that they can balance their employer’s compliance needs with the desire to bring in new API and endpoint features on an ongoing basis.

Second, security teams need to restrict network access and enforce the principle of least privilege on resources. But they need to do so in a way that doesn’t undermine the purpose of APIs. In the words of Salt Security, “connectivity must be present for APIs to function, and many API attacks still occur in trusted channels and authenticated sessions.” This reality highlights the need for automatic baselining of “normal” API traffic so that the reconnaissance activities of bad actors looking for the unique vulnerabilities of a given API stand out clearly and can be stopped.

Finally, infosec personnel can look to zero trust to broaden API security beyond just the coding process. They can seek to manage their APIs’ security in every stage of the software development lifecycle (SDLC) by denying everything by default and authenticating every resource. In upholding these two foundations of zero trust, infosec personnel can manage API security as one of their priorities and not a bolted-on consideration.

Spotlight

Tangible Security

Founded in 1998, Tangible develops and deploys cybersecurity solutions to protect our clients’ sensitive data, infrastructure, and competitive advantage. We have served our nation’s most security conscious government organizations with military grade requirements as well as corporate clients demanding more agile and affordable results.

OTHER ARTICLES
SOFTWARE SECURITY

Top 5 Tactics for Improving Cloud Security Hygiene for Businesses

Article | November 3, 2020

In the past couple of years, the world has gone through a rapid digital transformation, which has led to a deeper penetration of modern technologies such as cloud computing, artificial intelligence, data analytics, and others. As a result, smart businesses are shifting their digital resources to the cloud to benefit from features such as streamlined operations, centralized data storage, increased operational flexibility, and hassle-free data transition. As per a study conducted in 2022, nearly 94% of businesses around the world are using at least one cloud service. Every enterprise possesses large volumes of sensitive data, including financial statements, business designs, employees’ identity information, and others. As organizations worldwide migrate from on-premises working to a remote working model, more data is being stored in the cloud than ever before, making cloud security one of the most crucial aspects for businesses today. 5 Proven Tips to Strengthen Cloud Security Hygiene for Businesses With the advent of cloudification and the increasing use of cloud-based applications, the prevalence of cybercrime has increased significantly. For instance, in the wake of the COVID-19 outbreak, there has been a significant spike in cybercrime, with reports of a 600% increase in malicious emails. Furthermore, a report from the United Nations says that cybercrime will cost the world economy $10.5 trillion every year by 2025. Even though cloud networks, such as Google Cloud, Microsoft Azure, and Amazon Web Services, have their own data protection measures for securing the cloud services they provide, it does not mean that businesses utilizing these services should rely solely on their security measures and not consider adopting additional measures. So what are the tactics modern businesses should adopt to improve cloud security hygiene? Let’s see: Deploy Multi-Factor Authentication (MFA) When it comes to keeping hackers out of user accounts and protecting sensitive data and applications used to run a business online, the traditional username and password combination is often not enough. Leverage MFA to prevent hackers from accessing your cloud data and ensure only authorized personnel can log in to your cloud applications and critical data in your on- or off-premise environment. MFA is one of the most affordable yet highly effective controls to strengthen your business's cloud security. Manage Your User Access It is crucial for your business to ensure adequate permissions are in place to protect sensitive data stored on cloud platforms. Not all employees need access to certain applications and documents. To improve your cloud security and prevent unauthorized access, you need to establish access rights. This not only helps prevent unauthorized employees from accidentally editing sensitive company data but also protects your company from hackers who have stolen an employee's credentials. Monitor End User Activities Real-time analysis and monitoring of end-user activity can help you detect anomalies that depart from usual usage patterns, such as logging in from a previously unknown IP address or device. Identifying these out-of-the-ordinary events can stop hackers and allow you to rectify security before they cause mayhem. Create a Comprehensive Off-boarding Process After an employee leaves your firm, they should no longer have access to any company resources, including cloud storage, systems, data, customers, or intellectual property. Unfortunately, completing this vital security duty is sometimes put off until several days or weeks after an employee has left. Since every employee is likely to have access to a variety of cloud platforms and applications, a systemized deprovisioning procedure can assist you in ensuring that all access permissions for each departing employee are revoked and prevent information leaks. Provide Regular Anti-Phishing Training to Employees Hackers can acquire access to protected information by stealing employees' login credentials using social engineering techniques such as phishing, internet spoofing, and social media spying. As a result, cybersecurity has now become a collective responsibility, making comprehensive anti-phishing training necessary to educate your employees about these threats. As unscrupulous hackers frequently come up with new phishing scams by the day, regular anti-phishing training is essential for developing formidable cloud security. Bottom Line Cloud security hygiene no longer consists solely of strong passwords and security checks. Instead, it is a series of innovative procedures that organizations use nowadays to leverage cloud networks. With more businesses moving towards the cloud and cyberattacks on the rise, it is the responsibility of your organization to remain vigilant and protect itself from cyberattacks.

Read More
SOFTWARE SECURITY

Security by Sector: Improving Quality of Data and Decision-Making a Priority for Credit Industry

Article | June 6, 2022

The subject of how information security impacts different industry sectors is an intriguing one. For example, how does the finance industry fare in terms of information security compared to the health sector, or the entertainment business? Are there some sectors that face greater cyber-threats and risks than others? Do some do a better job of keeping data secure, and if so, how and why?A new study of credit management professionals has revealed that improving the quality of data and decision-making will be a top priority for the credit industry in the next three years. The research, from Equifax Ingnite in collaboration with Coleman Parkes, takes a deep dive into the views of credit management pros across retail, banking, finance and debt management/recovery sectors.

Read More
SOFTWARE SECURITY

3 Trends in Data Privacy Breach Laws That Will Carry Over to 2020

Article | March 17, 2022

During 2019, new privacy laws were introduced, and many current laws evolved in the United States and across the global landscape. With the General Data Protection Regulation (GDPR) in full effect, we saw expensive fines levied upon companies that fell victim to data privacy breaches. As we move into a new year, probably the biggest takeaway from 2019 is that being proactive and having a data privacy strategy in place is important to help mitigate the risk of a data privacy breach. The regulatory landscape continues to evolve as states and countries actively pass new expanded requirements for privacy and cybersecurity regulations. While laws in the U.S., like the California Consumer Privacy Act (CCPA), are getting significant attention, many other states and countries are actively amending their breach notification laws to include tighter restrictions.

Read More

Ryuk: Defending Against This Increasingly Busy Ransomware Family

Article | February 12, 2020

On December 16, 2019, the U.S. Coast Guard disclosed a security incident at a facility regulated by the Maritime Transportation Security Act (MTSA). Forensic analysis suggests that the incident might have begun when an employee clicked on a link embedded in a phishing email.This action enabled a threat actor to set Ryuk ransomware loose on the facility’s network. Ultimately, the infection spread to all IT network files, leading Ryuk to disrupt the corporate IT network and prevent critical process control monitoring systems from functioning properly. Phishing is one of the primary infection vectors for most ransomware families, but there’s an interesting twist with this particular family. As noted by Malwarebytes, a typical Ryuk attack begins when a user opens a weaponized Microsoft Office document attached to a phishing email. Opening the document causes a malicious macro to execute a PowerShell command that attempts to download the banking trojan Emotet. This has the ability to download additional malware onto an infected machine that retrieves and executes Trickbot.

Read More

Spotlight

Tangible Security

Founded in 1998, Tangible develops and deploys cybersecurity solutions to protect our clients’ sensitive data, infrastructure, and competitive advantage. We have served our nation’s most security conscious government organizations with military grade requirements as well as corporate clients demanding more agile and affordable results.

Related News

DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

Mendix and Software Improvement Group Introduced a New Cybersecurity Solution

Mendix | January 24, 2023

Mendix, a Siemens business and world leader in modern enterprise app development, and Software Improvement Group (SIG), a unique technology and advisory firm for software quality, security, and improvement, have announced the launch of Mendix Quality & Security Management (QSM), a new cybersecurity solution that provides continuous deep-dive insights into security and code quality to address risks and vulnerabilities immediately. Sigrid®, SIG's software assurance guidance platform, powers Mendix QSM. It delivers a complete perspective on the effect of security findings on business goals by combining more than 20 top-tier security scanning technologies. With Mendix QSM, the users can scan their Mendix apps, including third-party libraries, for security flaws and incorrectly configured security models, rank for compliance with major industry standards such as OWASP, ISO 5055, and PCI, and receive risk mitigation recommendations and clear guidance. Mendix QSM is based on application model static analysis. SIG experts have mapped Mendix models to the ISO 25010 maintainability model using Mendix model metadata. This enables its applications to be compared against a database of thousands of projects, including open-source initiatives. Mendix QSM also presents a five-star rating of the quality of the software. About Mendix Mendix is an industry-leading low-code application development platform for enterprises. With Mendix, you can transform a spreadsheet into an app, establish a portfolio of enterprise-wide apps, and upgrade a core system, among other things. In addition, the platform provides continuous collaboration between software developers and users, speeds up the application development lifecycle, and enables iterative deployment at scale. As a result, businesses can rapidly develop modern, adaptable applications with a tool that maintains the highest levels of security, quality, and governance. The platform has been used by over 4,000 of the world's leading enterprises. Mendix is a division of Siemens. About Software Improvement Group (SIG) Software Improvement Group (SIG) assists companies in gaining confidence in the technology they trust. Its mission is to get the software right for a healthier digital world by combining intelligent technology with human expertise. It drills into the build quality of enterprise software and architecture by monitoring, measuring, and benchmarking it against the world's largest software analysis database. As a result, organizations can use software assurance to uncover the variables driving the total cost of ownership of the software and make fact-based decisions to lower costs, reduce risk, improve time to market, and accelerate digital transformation.

Read More

DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

Immuta Announces the Release of Immuta Detect for Continuous Security Monitoring

Immuta | January 20, 2023

On January 19, 2023, Immuta, a leading data security firm, announced the launch of its latest product, Immuta Detect. Immuta Detect notifies data and security teams about unsafe data access behavior with its continuous data security monitoring capabilities, therby enabling faster and more accurate risk response and improved data security posture management across advanced and modern cloud data platforms. The product is the new vital component of Immuta's comprehensive Data Security Platform that offers security and access control, data activity monitoring and sensitive data discovery. The platform uniquely integrates with the leading cloud data platforms along with existing SIEM and Managed Detection and Response (MDR) tools. As data sources and users in modern cloud settings increase, monitoring data usage and responding to threats becomes more challenging. This is critical for safeguarding against insider threats and adhering to rules and regulations. Existing strategies to solve these problems include manual and time-consuming audits of millions of log data records housed in disparate data sources. To stay up with business demands, data and security teams need improved ways for monitoring data access, address issues precisely, and quickly adjust to shifting risk appetites. With Immuta Detect, customers can swiftly surface and prioritize data usage risks, decrease time to risk mitigation, and maintain data security by utilizing the following new features: Advanced access behavior analytics - Immuta Detect consolidates data access logs, allowing data and security teams to continuously monitor and evaluate changes in user behavior and data access entitlements by source, user activity or query, as well as get insight into changes in data classification and security configuration. Sensitive data views and indicators – The company offers a detailed analysis of each user and data activity in depth, summarizing activity across multiple criteria such as time frame, data access event categorization, sensitive data indicators, and most active data sources. Risk severity detection and scoring - It automatically scores data based on its sensitivity and security, thereby enabling data and security teams to prioritize risks and receive real-time notifications about potential security incidents. About Immuta Founded in 2015 and headquartered in Boston, MA, Immuta is a leading cloud data access control provider. It offers data engineering and operations teams a unified platform for controlling access to analytical data sets in the cloud. Additionally, it helps businesses extract value from their cloud data by securing it and giving secure access. It automates access control for any type of data on any cloud service and across any computing infrastructure. The company is now trusted for data security by Fortune 500 organizations and government agencies all around the world.

Read More

PLATFORM SECURITY,SOFTWARE SECURITY,END POINT PROTECTION

Wallarm Announces the Early Release of Its Enhanced API Security Technology

Wallarm | January 23, 2023

Wallarm, a leading end-to-end API security provider, has recently announced the early release of the Wallarm API leak management solution, an improved API security technology designed to assist organizations in identifying and remediating attacks exploiting leaked API keys and secrets while also providing ongoing protection against hacks in the event of a leak. Given the recent increase in hacks involving leaked API keys and other API secrets, Wallarm developed the API leak management solution in order to give a comprehensive solution for this issue by automatically detecting leaked API keys and secrets, implementing controls to prevent their use, and protecting against any follow-on attacks. As a result, it prohibits unwanted access to sensitive data within enterprises while also protecting their internal operations and customers from unauthorized use of that data. With the average cost of an API leak incident being $1.2 million per year, protecting API keys is a security and financial need. However, as locating and revoking API keys is both time-consuming and resource-intensive, Wallarm's proactive API leak management solution focuses on automated detection, remediation, and control using a three-pronged approach: Detect - Wallarm automatically searches public sources for leaked API secrets, which hackers can discover and exploit in under a minute. Remediate - Regardless of protocol, Wallarm immediately blocks requests that use compromised API secrets across the entire API portfolio. Control - Wallarm also continuously monitors and prevents the use of leaked API secrets. The Wallarm API leak management solution is the first of its kind in the API security space and is coupled with other Wallarm capabilities such as API threat prevention, API discovery and cloud-native WAAP. Wallarm’s API security platform provides customers with full-spectrum visibility, detection, and security for their entire web application and API portfolio, regardless of protocol or environment. This minimizes tool sprawl and costs while also increasing risk management and fostering innovation. About Wallarm Wallarm, founded in 2016, provides End-to-End API Security solutions to safeguard web applications, APIs, microservices, and serverless workloads in cloud-native environments. With its commitment to developing the cybersecurity industry, it has designed a new security platform to defend tech firms and Global 2000 enterprises throughout their journey from their legacy apps to APIs in cloud-native infrastructures. Hundreds of Security and DevOps teams use Wallarm to discover all of their web apps and API endpoints, traffic flows, and sensitive data consumption for total visibility, secure their whole API portfolio against emerging risks, and respond to incidents automatically for better risk management.

Read More

DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

Mendix and Software Improvement Group Introduced a New Cybersecurity Solution

Mendix | January 24, 2023

Mendix, a Siemens business and world leader in modern enterprise app development, and Software Improvement Group (SIG), a unique technology and advisory firm for software quality, security, and improvement, have announced the launch of Mendix Quality & Security Management (QSM), a new cybersecurity solution that provides continuous deep-dive insights into security and code quality to address risks and vulnerabilities immediately. Sigrid®, SIG's software assurance guidance platform, powers Mendix QSM. It delivers a complete perspective on the effect of security findings on business goals by combining more than 20 top-tier security scanning technologies. With Mendix QSM, the users can scan their Mendix apps, including third-party libraries, for security flaws and incorrectly configured security models, rank for compliance with major industry standards such as OWASP, ISO 5055, and PCI, and receive risk mitigation recommendations and clear guidance. Mendix QSM is based on application model static analysis. SIG experts have mapped Mendix models to the ISO 25010 maintainability model using Mendix model metadata. This enables its applications to be compared against a database of thousands of projects, including open-source initiatives. Mendix QSM also presents a five-star rating of the quality of the software. About Mendix Mendix is an industry-leading low-code application development platform for enterprises. With Mendix, you can transform a spreadsheet into an app, establish a portfolio of enterprise-wide apps, and upgrade a core system, among other things. In addition, the platform provides continuous collaboration between software developers and users, speeds up the application development lifecycle, and enables iterative deployment at scale. As a result, businesses can rapidly develop modern, adaptable applications with a tool that maintains the highest levels of security, quality, and governance. The platform has been used by over 4,000 of the world's leading enterprises. Mendix is a division of Siemens. About Software Improvement Group (SIG) Software Improvement Group (SIG) assists companies in gaining confidence in the technology they trust. Its mission is to get the software right for a healthier digital world by combining intelligent technology with human expertise. It drills into the build quality of enterprise software and architecture by monitoring, measuring, and benchmarking it against the world's largest software analysis database. As a result, organizations can use software assurance to uncover the variables driving the total cost of ownership of the software and make fact-based decisions to lower costs, reduce risk, improve time to market, and accelerate digital transformation.

Read More

DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

Immuta Announces the Release of Immuta Detect for Continuous Security Monitoring

Immuta | January 20, 2023

On January 19, 2023, Immuta, a leading data security firm, announced the launch of its latest product, Immuta Detect. Immuta Detect notifies data and security teams about unsafe data access behavior with its continuous data security monitoring capabilities, therby enabling faster and more accurate risk response and improved data security posture management across advanced and modern cloud data platforms. The product is the new vital component of Immuta's comprehensive Data Security Platform that offers security and access control, data activity monitoring and sensitive data discovery. The platform uniquely integrates with the leading cloud data platforms along with existing SIEM and Managed Detection and Response (MDR) tools. As data sources and users in modern cloud settings increase, monitoring data usage and responding to threats becomes more challenging. This is critical for safeguarding against insider threats and adhering to rules and regulations. Existing strategies to solve these problems include manual and time-consuming audits of millions of log data records housed in disparate data sources. To stay up with business demands, data and security teams need improved ways for monitoring data access, address issues precisely, and quickly adjust to shifting risk appetites. With Immuta Detect, customers can swiftly surface and prioritize data usage risks, decrease time to risk mitigation, and maintain data security by utilizing the following new features: Advanced access behavior analytics - Immuta Detect consolidates data access logs, allowing data and security teams to continuously monitor and evaluate changes in user behavior and data access entitlements by source, user activity or query, as well as get insight into changes in data classification and security configuration. Sensitive data views and indicators – The company offers a detailed analysis of each user and data activity in depth, summarizing activity across multiple criteria such as time frame, data access event categorization, sensitive data indicators, and most active data sources. Risk severity detection and scoring - It automatically scores data based on its sensitivity and security, thereby enabling data and security teams to prioritize risks and receive real-time notifications about potential security incidents. About Immuta Founded in 2015 and headquartered in Boston, MA, Immuta is a leading cloud data access control provider. It offers data engineering and operations teams a unified platform for controlling access to analytical data sets in the cloud. Additionally, it helps businesses extract value from their cloud data by securing it and giving secure access. It automates access control for any type of data on any cloud service and across any computing infrastructure. The company is now trusted for data security by Fortune 500 organizations and government agencies all around the world.

Read More

PLATFORM SECURITY,SOFTWARE SECURITY,END POINT PROTECTION

Wallarm Announces the Early Release of Its Enhanced API Security Technology

Wallarm | January 23, 2023

Wallarm, a leading end-to-end API security provider, has recently announced the early release of the Wallarm API leak management solution, an improved API security technology designed to assist organizations in identifying and remediating attacks exploiting leaked API keys and secrets while also providing ongoing protection against hacks in the event of a leak. Given the recent increase in hacks involving leaked API keys and other API secrets, Wallarm developed the API leak management solution in order to give a comprehensive solution for this issue by automatically detecting leaked API keys and secrets, implementing controls to prevent their use, and protecting against any follow-on attacks. As a result, it prohibits unwanted access to sensitive data within enterprises while also protecting their internal operations and customers from unauthorized use of that data. With the average cost of an API leak incident being $1.2 million per year, protecting API keys is a security and financial need. However, as locating and revoking API keys is both time-consuming and resource-intensive, Wallarm's proactive API leak management solution focuses on automated detection, remediation, and control using a three-pronged approach: Detect - Wallarm automatically searches public sources for leaked API secrets, which hackers can discover and exploit in under a minute. Remediate - Regardless of protocol, Wallarm immediately blocks requests that use compromised API secrets across the entire API portfolio. Control - Wallarm also continuously monitors and prevents the use of leaked API secrets. The Wallarm API leak management solution is the first of its kind in the API security space and is coupled with other Wallarm capabilities such as API threat prevention, API discovery and cloud-native WAAP. Wallarm’s API security platform provides customers with full-spectrum visibility, detection, and security for their entire web application and API portfolio, regardless of protocol or environment. This minimizes tool sprawl and costs while also increasing risk management and fostering innovation. About Wallarm Wallarm, founded in 2016, provides End-to-End API Security solutions to safeguard web applications, APIs, microservices, and serverless workloads in cloud-native environments. With its commitment to developing the cybersecurity industry, it has designed a new security platform to defend tech firms and Global 2000 enterprises throughout their journey from their legacy apps to APIs in cloud-native infrastructures. Hundreds of Security and DevOps teams use Wallarm to discover all of their web apps and API endpoints, traffic flows, and sensitive data consumption for total visibility, secure their whole API portfolio against emerging risks, and respond to incidents automatically for better risk management.

Read More

Events