Announcing General Availability of Cequence API Sentinel 2.0

May 5, 2021 | by Subbu Iyer

Today we are happy to announce the general availability of version 2.0 of Cequence API Sentinel. This release brings to market several exciting new capabilities requested by our customers, enabling Cequence to continuously discover, monitor and protect their APIs.

Below is a summary of the major new features in this release.

Sensitive Data Exposure Dashboard

Amongst the threats in the OWASP API Security Top 10, #3, Sensitive Data Exposure is emerging as one of the most compelling use-cases that is driving enterprise teams to monitor the compliance risks public-facing APIs introduce. Based on API Sentinel customer feedback, a new dedicated dashboard has been added to monitor sensitive data exposure. This Sensitive Data Exposure dashboard provides at-your-fingertips access to holistic information about the APIs exposing sensitive data, the types of sensitive data being exposed, the manner in which they are being exposed, and the API clients receiving such data. The dashboard can also be filtered for consumption by different teams, to allow visibility into different groups of APIs, sensitive data expressions, time periods, and other parameters.

We also added new out-of-the-box sensitive data heuristics, as well as the ability for customers to fine-tune and customize these heuristics for their API requests and responses.

Automation of API Spec Management

To automate the ingestion of API specifications from distributed teams, new APIs are now supported that can be used to automate the management of API specifications by integrating with CI/CD pipelines. This eliminates the need for manual intervention since this can be completely integrated and automated into CI/CD pipelines.

Operationalizing Remediation Using Security Risk Metrics

A rich set of metrics are now dynamically published by API Sentinel for all the risk categories that discovered APIs are being evaluated against. The published metrics are accessible in an out-of-the-box Grafana dashboard or can be consumed by external enterprise analytics systems. Real-time risk monitoring allows customers to configure prompt remediation actions, such as generating alerts via Slack, Email, PagerDuty and other supported channels to different teams, such as DevOps or app developers. This enables customers to take steps towards mitigating API security risks promptly.

Kubernetes Support to Discover Microservices APIs

Cequence can now be deployed in Kubernetes environments which enables customers to discover and monitor APIs from within their microservices environments. Cequence Data-plane containers now support integration with ingress controllers and micro API gateways, thereby enabling customers to automate the discovery and monitoring of APIs developed and exposed in microservice deployments.

Large enterprises have APIs that fall loosely into three buckets. Those that are developed and exposed in both on-premises and public cloud environments. There are APIs for existing, legacy applications exposed publicly via API gateways, load balancers and CDNs. Finally, newer applications and APIs developed and exposed from within microservices environments, hosted in service mesh deployments and exposed via ingress controllers.

Kubernetes support enables API Sentinel integration from the enterprise edge, where it can integrate directly with CDNs, to microservices deployments, including any proxy or gateway between the edge and service mesh deployments.

Other Improvements

Aggregated API Risk Groupings

The UI has been enhanced to group APIs by High, Medium and Low risk scoring. This allows a risk analyst to rapidly focus into or rapidly navigate to the specific API endpoints that are posing the security risk, and the underlying reasons.

Additional Rule Conditions for Custom Risk Categories

Custom Risk Categories now support several additional rule conditions, including request, response and HTTP Method. These help customers create targeted risk categories to detect specific conditions that should be monitored.

Besides the above, several other minor improvements are part of the new 2.0 release. We are excited to bring these new capabilities to market, allowing our customers to rapidly discover, monitor and protect their APIs.

See the latest version of Cequence API Sentinel in action in this short overview video:

Subbu Iyer

Author

Subbu Iyer

Vice President of Product Management

Additional Resources