WEB SECURITY TOOLS

Indusface Enhances its Web Application & API Protection (WAAP) platform AppTrana with Industry's First Risk-Based Protection to APIs

Indusface | May 19, 2022

Indusface
Indusface, a leading application security SaaS company that continually detects security risks, provides real-time protection, and improves the performance of Websites and Applications, today announced that it is adding Risk-Based API Protection to its WAAP platform, AppTrana.

APIs are the lifeline of the digital economy with many companies adopting the API-first approach. However, the growth of APIs is also opening up new risk vectors that they are not aware of. According to Gartner, more than 90% of applications have more attack surface exposed through API than UI and by 2022, API Abuse will move from an infrequent to the most-frequent attack vector, resulting in data breaches for enterprise web applications.

Indusface is revolutionizing the API security space by building on its API Protection capabilities. The company is doing so through the most comprehensive API protection to date by extending its risk-based approach to the same.

"AppTrana's risk-based approach is unique and something that resonates with our customers. What customers are really interested in is knowing how well their application is protected based on the risk posture of their application. Building on this, we are now enhancing our API Protection capabilities by providing a risk-based approach to API security which we believe would revolutionize the market. With this, customers will be able to identify vulnerabilities found in their public APIs and quickly correlate how these are protected through API-specific policies and positive security policies applied in AppTrana providing the most comprehensive protection for APIs."

Ashish Tandon, Founder and CEO, Indusface

As with any security, you can protect only what you know and protection is as strong as the weakest link. The major challenges with APIs are discoverability and the ability to understand the context of APIs so that security can be tailored accordingly. It is to address these challenges that Indusface is enhancing its API protection in AppTrana. Collectively through a multi-step approach, customers get to discover APIs, understand risk posture and ensure comprehensive protection of APIs.

With Indusface AppTrana's Risk-based API Protection, you get:

  • To understand the risk posture of the APIs through unlimited automated API scans including manual tests for identifying business logic vulnerabilities. This enables organization to understand the weakest links of the APIs and get clear visibility around how these links are protected.
  • Visibility into API traffic patterns and discovery of shadow APIs, so that you are no longer blindsided by what you don't know
  • To protect APIs with API-specific rules written specifically to protect against OWASP Top 10 API vulnerabilities
  • Behavioral-based protection against DDoS attacks on APIs by analyzing API traffic pattern
  • Behavioral-based protection against BOT attacks
  • Positive security for APIs through analysis of swagger (OpenAPI 2.0) files and creation of automated positive security policies 
  • Accurate, real-time view of vulnerabilities blocked by API specific rules, positive security policies, custom rules, and those that need fixes in the application

About Indusface
Indusface is a leading application security SaaS company that secures critical Web, Mobile, and API applications of 3000+ global customers using its award-winning fully managed platform that integrates web application scanner, web application firewall, DDoS & BOT Mitigation, CDN, and threat intelligence engine.

Indusface has been funded by Tata Capital Growth Fund II, is the only vendor to be named Gartner Peer Insights™ Customers' Choice' in all the 7 segments for Voice of Customer WAAP (Web Application and API Protection) Report 2022, is a "Great Place to Work" certified SaaS product company, is PCI, ISO27001, SOC 2, GDPR certified, and has been the recipient of many prestigious start-up awards such as the Economic Times Top 25, NASSCOM DSCI Top Security Company, Deloitte Asia Top 100, among others.

Spotlight

How do computer hackers figure out our passwords? Learn about the techniques they use to crack the codes, and what systems protect us. “In October, malware embedded in residential internet routers and DVRs helped orchestrate a large-scale distributed denial of service (DDOS) attack on the East Coast that shut down Amazon, Netflix, Twitter and other major websites. T

Spotlight

How do computer hackers figure out our passwords? Learn about the techniques they use to crack the codes, and what systems protect us. “In October, malware embedded in residential internet routers and DVRs helped orchestrate a large-scale distributed denial of service (DDOS) attack on the East Coast that shut down Amazon, Netflix, Twitter and other major websites. T

Related News

PLATFORM SECURITY

Axonius Adds Key Integrations with AWS

Axonius | July 25, 2022

Axonius, a cybersecurity asset management provider, today announced integrations with Amazon Macie, Amazon GuardDuty, and AWS SecurityHub while extending its Amazon Inspector functionality. These new integrations will help customers to better understand and manage vulnerabilities across their Amazon Web Services (AWS) infrastructure. By connecting to both AWS first-party and ISV-third party security solutions, Axonius provides comprehensive visibility and management of assets across AWS cloud, multi-cloud, and on-premises. The latest integrations provide the following capabilities: Identify Exposed Amazon S3 Buckets: Axonius fetches findings from Amazon Macie to help customers identify exposed Amazon S3 buckets to maintain data integrity and compliance. Detecting Malicious Activity & Compromised Security Controls: By integrating with Amazon GuardDuty, Axonius helps customers detect malicious activity to protect AWS accounts, workloads, and data and help them understand which assets have compensating security controls. Helping Meet Security Best Practices: With insights from AWS SecurityHub, customers can compare against correlated data to verify whether assets that don't meet best practice standards have a compensating security control. Comprehensive View of Cloud Security Posture: Axonius delivers a complete inventory of assets from more than 450 correlated data sources giving customers a comprehensive view of their cloud security, including vulnerability data from Amazon Inspector. "As companies continue to shift workloads to the cloud, they're also increasingly leveraging cloud provider-native security service offerings. "Yet customers are still exhausted by the highly-manual, slow, and error-prone processes that negatively impact their risk mitigation, threat management, and compliance. With Axonius and AWS, customers finally have a unified view of their assets while dramatically strengthening their security posture." Mark Daggett, Vice President of Worldwide Channels and Alliances at Axonius About Axonius Axonius is the cybersecurity asset management platform that gives organizations a comprehensive asset inventory, uncovers gaps, and automatically validates and enforces policies. Deployed in minutes, the Axonius cyber asset attack surface management (CAASM) solution integrates with hundreds of data sources to give customers the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, automating response actions, and informing business-level strategy. Cited as one of the fastest growing cybersecurity startups, with accolades from CNBC, Forbes, and Fortune, Axonius covers millions of devices for customers around the world.

Read More

SOFTWARE SECURITY

Cowbell Cyber Unveils Cyber Risk Heatmap

Cowbell | May 26, 2022

Cowbell Cyber, the leading supplier of cyber insurance for small and medium-sized businesses (SMEs), announced the availability of its Cyber Risk Heatmap today. The Heatmap—the market's most data-rich and dynamic assessment of cyber risk portfolios—gives rapid insight into the distribution of covered risk across Cowbell's agencies and brokers, insurance and reinsurance partners, and underwriters' portfolios. Cowbell and its partners can now establish a balanced book of business, manage growth for profitability, and reduce the overall risk profile of each portfolio thanks to better visibility. As per a recent Cowbell study, 71% of policyholders want their cyber insurance provider to provide advice to reduce risk exposure. The difficulties of regularly monitoring cyber risk at the portfolio and individual account levels lead to risk selection blind spots. Cowbell proves its creativity by removing these shortcomings at the portfolio level for all stakeholders. As a result, the frequency and severity of reported claims are reduced. Cowbell's continually monitored risk pool currently includes 24 million SMEs, accounting for 75% of the total SME market in the United States. In a world where cyber insurance is becoming harder to obtain due to the volatile nature of cyber risks, Cowbell Cyber Heatmap allows us and our partners to quickly analyze the standing of any insurance book of business. The innovation Cowbell has brought to the cyber insurance landscape has, once again, allowed us to remain steadfast in our approach to properly assess and cover risk in the most rigorous manner." Rajeev Gupta, co-founder, and chief product officer at Cowbell Cyber. The Cowbell Variables underpin the Heatmap, a collection of risk rating factors that analyze the organization's cyber risk in real-time and then match it to the most applicable coverage for the company. Cowbell's Cyber Risk Framework provides the underlying technology, which involves security controls from multiple standards, including the NIST Cyber Security Framework, COBIT, the Payment Card Industry Data Security Standard (PCI DSS), and the most recently revised NIST Cybersecurity Supply Chain Risk Management (C-SCRM) program, augmented by Cowbell's proprietary controls. Cowbell's Cyber Risk Heatmap is free to all of Cowbell's 16,000 agency producers and is constantly updated to incorporate the most recent risk profile data to assure accuracy.

Read More

INFOSEC PROJECT MANAGEMENT

CyberCube Partners With Kroll to Launch Response Service

CyberCube | May 31, 2022

CyberCube, a supplier of cyber risk analytics, has developed CAERS, a new cyber incident response service for customers of the company's SaaS products. CyberCube will collaborate with Kroll, the premier supplier of data, technology, and insights linked to risk, governance, and growth, to offer CyberCube's customers information and assistance on important cyber aggregation events via the Cyber Aggregation Event Response Service (CAERS). Kroll will deliver frontline risk information derived from thousands of incident response cases handled each year. Following a large cyber disaster, the CAERS team will provide the most recent information to CyberCube's customers, while CyberCube's SaaS tools, including Broker Manager, Account Manager, and Portfolio Manager, will aid in the reaction to any developing cyber calamity. “With cyber events becoming increasingly common, the speed and accuracy with which organisations respond to them is critical. That’s why we’ve launched this response service, specifically tailored to CyberCube’s growing client base. The pressure on our clients during a major cyberattack can be extreme. With CAERS, our team—comprising data scientists, actuaries, engineers, economists and cyber security experts—will become an extension of our clients’ teams, providing the updates they need and sharing both our expertise and data.” Darren Thomson, CyberCube’s Head of Cyber Intelligence Services Benedetto Demonte, Chief Operating Officer for Kroll’s Cyber Risk practice, said: “We’re pleased to be contributing to CAERS because effective incident response depends on the most current and relevant threat intelligence available. In our most recent Threat Landscape Report, we saw a 356% growth in the number of attacks quarter-on-quarter where the infection vector was a zero-day or freshly announced software exploit. Ransomware groups have also been found to be leveraging newly announced vulnerabilities just days after release. It is only with access to frontline intelligence that firms can prioritize resources, mitigate the risk of a cyberattack and react appropriately if the worst happens.”

Read More