The rise of microservices and serverless applications has enabled developers to build apps at scale and with less complexity at lower costs. But these new modern apps also come with a new set of issues and problems developers have to be concerned about.
Data Theorem today announced new automated API solutions aimed at addressing threats in serverless and microservices applications.
“Protecting web APIs with traditional application security solutions alone is ineffective… New APIs are being added and consumed by organizations on an ongoing basis, meaning that API security is not a one-time exercise… Application and application security leaders responsible for application strategies and governance should adopt a continuous approach to API security with ongoing discovery, monitoring and securing of APIs,” Gartner senior director Mark O’Neil wrote in the organization’s How to Build an Effective API Security Strategy report.
API Discover is a continuous automated discovery service that will focus on finding new APIs, changes to new and existing APIs and other cloud services related to APIs. API Inspect is a continuous automated security service that will focus on finding potential vulnerabilities in authentication and encryption layers.
Together, the API security solutions solutions will address security concerns such as shadow APIs, serverless apps and API Gateway cross-check validation with continuous security assessments on API authentication, encryption, source code and logging, the company explained. In addition, they support Amazon’s Lambda and API Gateway tools as well as standards like Swagger and Open API 3.0. If a user’s API authentication or encryption levels do not match the declared specification, the tools will alert users of any vulnerabilities or insufficient security protection. Other alerts will include the creation of APIs built on serverless frameworks as well as an automated security analysis of the new APIs.
“We saw the need for API security independent of mobile applications that was necessary for the growth in secure modern applications beyond mobile, such as serverless applications. Today’s launch uniquely addresses security concerns in today’s modern application era,” said Himanshu Dwivedi, founder and CEO of Data Theorem.