About Us

API Security Should Be Your Priority in 2022

API security represents the application of any security best practice to APIs, which are widely used in modern applications. API security encompasses API access control and privacy, as well as the detection and remediation of API-related attacks such as API reverse engineering and the exploitation of API vulnerabilities.

Whether an application focuses on consumers, or anyone else, the client-side (mobile app or web app) interacts with the server-side via Application Programming Interface (API). APIs make it simple for a developer to create a client-side app. APIs enable microservice architectures as well.

An attack on API could include bypassing the client-side application to disrupt the operation of an application for other users or to compromise private information. API security is concerned with securing this application layer and addressing what might happen if a malicious hacker interacts with the API.

According to Infosecurity Outlook, “by 2023, API abuses will be the most common attack vector resulting in data breaches for enterprise web applications. To avoid these attacks, it is best to take a continuous approach throughout the API development and delivery cycle, designing security into APIs.”

Features of API Security

API security is concerned with securing the APIs that you expose directly or indirectly. API security is less concerned with the APIs you use that are provided by third parties, though analyzing outgoing API traffic, one can get valuable insights that can be used whenever possible.

It’s also worth noting that API security as a practice involves several teams and systems. API security includes network security concepts like rate limiting and throttling, as well as data security, identity-based security, and monitoring.

Technology advancements such as cloud services, API gateways, and integration platforms enable API providers to secure APIs in novel ways. The technology stack you use to build your APIs has an impact on, how secure they are.

Larger organizations have different departments, and they can develop their own applications using their own APIs. Large organizations also end up with multiple API stacks or API silos because of mergers and acquisitions.

As we know, API security requirements can be directly mapped to the technology of a single silo when all your APIs are contained within it. In the future, these security configurations should be portable enough to be extracted and mapped to another technology.

However, in heterogeneous environments, API security rules are typically defined using API security-specific infrastructure that operates across these API silos. The connectivity between API silos and API security infrastructure can be achieved by using the sidecars, sideband agents, and APIs integrated between cloud and on-premises deployments.

API Discovery

There are numerous barriers that prevent security operatives from having full visibility into all APIs exposed by their organization. API silos reduce API visibility by providing only a subset of APIs under disconnected governance.

API discovery is a tussle between API providers and hackers who will easily exploit the APIs once discovered. API traffic metadata can be used to locate APIs before they are discovered by attackers. This information is extracted from API gateways, load balancers, or directly inline network traffic, and then fed into a specialized engine that generates a useful list of APIs that can be compared to API management layer catalogues.

OAuth and API Access Control

To limit API resources to only those users who should be able to access them. The user, as well as any applications acting on their behalf, must be identified. This is typically accomplished by requiring client-side applications to include a token in API calls to the service, which can then validate that token and retrieve user information from it. OAuth is the standard that describes how a client-side application first obtains an access token. OAuth defines numerous grant types to accommodate different flows and user experiences.

API Data Governance and Privacy Protection

API leaks occur because data flows through APIs. As a result, API security must also include inspecting the structured data flowing into and out of your APIs and enforcing rules at the data layer.

Because data in your API traffic is structured predictably, enforcing data security by inspecting API traffic is an excellent choice for this task. API data governance, in addition to [yes/no] type rules, allows you to transform the data structured into your API traffic in real-time for redaction purposes. This pattern is commonly used to redact specific fields that may contain information that a user’s privacy settings dictate should be hidden from the requesting application.

API Threat Identification

API threat detection is a logical extension of general threat protection measures. APIs, for example, are frequently protected by a firewall, which provides some basic security. APIs are sometimes protected by a web application firewall (WAF). A WAF may scan API traffic to detect signature-based threats such as SQL injections and other injection attacks. API gateways also play a role in API-specific threat detection. A gateway may impose a strict schema on the way in as well as general input sanitization. In addition to acting as a policy enforcement point, it will look for deep nesting patterns, and XML bombs, and apply rate limits.

API Analytics and Behaviour

An AI engine can build models for what normal API traffic looks like using API traffic metadata and then use this model to look for anomalous behavior. These anomalies can aid in the detection of ongoing attacks, but they can also indicate system misbehaviors and other non-malicious disruptions to your services, such as friendly fire. Such a layer can pinpoint the source of this attack or misbehavior by analyzing API traffic metadata, and this information can then be used to cease the incident in progress and fix it.

Conclusion

APIs are highly regarded targets for malicious actors and are expected to become the primary attack. APIs require a dedicated approach to security and compliance due to the critical role they play in digital transformation and the access to internal sensitive data and systems they provide.

Read more articles:

What is API Security?

Stellar Cyber Universal EDR Enhances Event And Alerts Data Across EDR Solutions

Stellar Cyber published Universal EDR an open, heterogeneous Endpoint Detection and Response (EDR) system that optimizes and augments event and warning data from any single or combination of EDRs from any vendor.

Data from various EDRs is suitably analyzed using the Stellar Cyber Open XDR platform, resulting in cohesive, low-noise findings regardless of EDR source. As a result, high-fidelity detection of real-world threat activity is operationalized for quick and effective reaction.

Universal EDR protects the accessibility of the Stellar Cyber platform while integrating data from third-party EDRs or multiple EDRs as if they were incorporated directly into the platform. Companies can switch or use different EDRs at the same time, and Universal EDR will automatically calibrate the data for overall exact attack detection.

Senior Principal Analyst and ESG Fellow, Jon Oltsik said, “With this announcement, Stellar Cyber can enable enterprises and MSSPs to retain investments in and increase the value of any existing EDR tool within an XDR environment. Users can now enhance their favorite EDR tools with full integration into an XDR platform, combining their EDR data with telemetry from other security tools and obtaining greater visibility.”

Universal EDR from Stellar Cyber provides convenient EDR integration and data optimization without the need for manual integration, significantly reducing time to value. Simultaneously, Stellar Cyber enhances existing EDR security technologies, allowing SOC teams to act more swiftly on results from existing EDRs or supplementing that data with vital alert data from other essential systems.

VP of Product Management at Stellar Cyber, Sam Jones said, “Some XDR vendors can do one-way or even two-way integrations between their core platform and third-party EDR products, but that’s not really enough to ensure accurate detection and response – it requires careful study and treatment of EDR alert and event data with critical enrichment to evolve from simply alerting to truly informing. In addition, as environments change and evolve, a company may need more EDR integrations. With Universal EDR, our platform performs automated integration, customized data processing, and event correlation to deliver the best detections and faster responses regardless of which EDR product is being used.”

Founder and CTO at Stellar Cyber, Aimei Wei said, “For a company that doesn’t build an in-house EDR, we find ourselves at the leading edge of endpoint-based security research. This gives our customers full confidence that they can integrate their EDR of choice and get outstanding results through the Stellar Cyber Open XDR platform.”

Blackcloak Launches New Deception Technology To Detect Cyberattacks On Executives And High-Profile Individuals

BlackCloak, Inc., the Concierge Cybersecurity & Privacy Protection Platform for Leaders and High-Profile People, introduced exclusive deception technology to detect attackers’ blatant tactics to compromise a member’s privacy, home networks, or personal devices.

BlackCloak’s deception technique, often known as a honeypot, deceives attackers into engaging with a service by replicating a real-world home network. The prospective data that is within cybercriminals’ reach will lure them. When an attack is identified, BlackCloak’s deception technology notifies the firm’s Security Operations Center (SOC), which can investigate and act before any damage is caused.

“Our members are increasingly exposed to sophisticated cyberattacks. Hackers are diversifying their preferred attack vectors beyond corporations and supply chain partners to include executives, high-net-worth individuals and high-profile individuals, many of whom have easily exploitable vulnerabilities in their personal digital lives. Advanced deception technology increases our ability to proactively detect, mitigate, and respond to threats before they manifest. It is the perfect complement to BlackCloak’s other concierge cybersecurity and privacy services,” said Dr. Chris Pierson, BlackCloak Founder & CEO.

BlackCloak’s deception engine, which has been operational with existing clients since earlier this year, has already detected malicious activities in  home environments. The first cybersecurity and privacy firm to bring enterprise-grade honeypot technology to clients is the leader in digital executive protection.

“BlackCloak’s design and implementation of deception technology into the personal lives of corporate executives further strengthens their concierge platform. The ability to know an adversary might be lurking inside the footprint of their digital home independent of other common controls is game changing,” said Bob Ackerman, Co-Founder of DataTribe.

BlackCloak is a digital executive protection leader with an aim to secure digital life. In order to accomplish this, the company is developing a comprehensive, SaaS-based cybersecurity and privacy platform with a concierge experience. BlackCloak helps real people protect their personal and corporate reputations, finances, and information by employing technology to secure their homes, gadgets, and internet presence. BlackCloak focuses on high-profile people who have limited time and a lot to lose. BlackCloak ensures that everything they do is seamless and discreet.

Deception Technology – How it works?

Deception technology creates deceptive traps or decoys that mimic an organization’s technological assets like servers, databases, employee sessions, passwords etc. This makes it difficult for attackers to tell difference between real and fake. These decoys are capable of running in a real or virtual operating system environment.

How Deception Technology Works?

Deception technology detects perpetrators as they make their first move within an organization’s network by taking advantage of the fact that attackers have a predictable attack pattern after gaining access to a network: surveillance and exploitation. Attackers no longer have the luxury of moving freely within a network and returning to the same network several times, using the same exploits and resources each time. Instead, they’re being pushed to devote more money, time, and effort to their attack attempts, and they’re constantly worried that they’ll make a mistake. Deception in other words creates a hostile environment for attackers, one in which using malicious software or vulnerabilities on the wrong target means the attack is over since attackers are fingerprinted. Signatures and patterns of their attacks are created and circulated across the organization. Some methods used by deception technology are baiting, monitoring, fingerprinting and analyzing.

Understand Attacker’s Actions and Motivation

Every day attackers are developing new attacking strategies and tools. The usage of these new attacking technologies has forced security analyst teams of companies to extend their threat detection procedures from classic network attacks to web service applications and cloud security in order to address a wide range of attacking techniques. Understanding attackers’ strategies, on the other hand, does not prevent attacks, breaches, or harm. This information is used by deception planning security teams to increase the probability of triggering a deceptive “Trap”. This gathered information gives security teams an idea about the motive of attackers.

Deception Technology Vs Honeypots

When people hear the word “Deception Technology” common misunderstanding is ‘it’s like a honeypot’. Honeypots are a part of deception Technology. For example, Tokens are bits of information intended to be picked up by attackers accumulating information for the next movement. These are for the purpose of detection. These information pieces or elements aren’t part of the organization’s normal operations, so anyone who touches them is likely doing it maliciously.

AI-based Interactive Deception Technology

The artificial intelligence-based deception technology can help security teams to detect, monitor, learn and adapt to attackers’ techniques. The deception technology platform gathers immense information about attackers during an engagement by using high-interaction decoys based on real operating systems. This data is used to generate forensic reports and automate security response decreasing the time of response. With machine learning algorithms applied to these activities deception technology, becomes more accurate and intelligent.

Technology Integration

It’s also crucial to evaluate the effectiveness of existing security controls and technologies. Deception can easily integrate with existing security technologies or leverage their features like security reports. Deception technology can report to centralized detection solutions e.g., Security information and event management (SIEM) or Intrusion Detection System (IDS). They can also utilize the benefits of other technologies like firewalls. Deception technology is easy to deploy and can easily scale up as per the need of an organization.

Security teams of an organization must be correct 100 percent of the time, but if attackers are correct only once the cost is huge for an enterprise firm. It gives an idea of the problems security teams face. However, deception technology has changed the scenario, now to evade detection by deception technology attackers must be correct 100 percent of the time and security teams are empowered with each attack detection. The most crucial advantage an organization gets from Deception Technology is that it protects real resources and reduces the probability of security breach with the help of decoys resulting in huge cost saving.