Improved API Security Through Unified API Protection and API Gateway Integration

February 13, 2023 | by Matt Keil

A Winning Trifecta: API Gateways, API Security and API Protection

The Cequence Unified API Protection solution integrates with a wide range of API gateways, complementing their API security features with API discovery, risk analysis and threat protection. API gateways are a key element in the quest for API security and API protection, acting as the focal point for API calls between the client and the application and providing standardized access control for applications, data, and service. In simple terms, API gateways are traffic managers that facilitate data exchange between APIs within and outside the business.

Secure Your APIs with API Gateways and API Security

Developers love APIs because of their inherent flexibility and power – each API includes all necessary commands, payload, and data to produce engaging user interactions. However, the wide-spread use and the all-inclusive nature of APIs makes them a high value target for attackers who use their developer skills to take advantage of common API security gaps that include:

  • Unknown attack surface: Most organizations are unaware of how many shadow, hidden, deprecated, zombie and 3rd-party APIs they have, leaving many unprotected.
  • New exploit opportunities: Developer errors, lack of best practices, or improper training can lead to vulnerabilities easily exploited by bad actors.
  • Breaches and disruption from automated attacks: APIs enable high speed communication often to back-end systems making them prime targets for automated attacks and business logic abuse, even when perfectly coded.

API gateways are often included in the API security conversation, however their role in protecting an organizations entire API estate is limited for several reasons. First, API gateways are often deployed across an organization, often times from multiple vendors making complete API discovery and visibility an ongoing challenge. Second, API gateway security functionality is limited to basic access control and rate limiting, falling short of the ability to uncover and protect APIs from vulnerability exploits and advanced bot attacks. Lastly, the act of mitigating an attack often requires that the API gateway signal a third-party web application firewall (WAF) or other security infrastructure component, introducing numerous challenges for security teams.

Check out our Growing List of Technology Integrations

How Cequence Unified API Protection Complements API Gateways

Much like how peanut butter and jelly, or chocolate and red wine complement each other, the Cequence Unified API Protection (UAP) solution complements the native security features found in most AP gateways with full API protection lifecycle coverage, eliminating any reliance on third-party tools such as a (WAF. The Cequence UAP integrates with leading API gateway offerings from Apigee, Kong, MuleSoft and Software AG to provide customers with both API management and API protection. Using either an inline or passive deployment mode, or a combination of both, the Cequence UAP integrates with all your API gateways, regardless of location or vendor. Complementary features include:

  • Discover Public Facing API Attack Surface: API development and deployment is often distributed across many groups, introducing the risk of APIs deployed outside of the API gateway purview. The Cequence UAP solution solves that challenge by continuously assessing your public facing APIs and resources to provide an attackers view of your organization’s attack surface, including cloud hosting services, any associated API endpoints, and servers that may be vulnerable to Log4j and LoNg4j exploits.
  • Centralized Inventory Tracking of Known and Unknown APIs: For organizations with many API gateways, the Cequence UAP solution provides centralized API visibility and inventory tracking of all the APIs that have been registered with the respective gateways. Unregistered or unknown APIs are also discovered, allowing security and development to migrate those shadow APIs to the respective API gateway to ensure security and governance policy consistency.
  • Strengthen Compliance and Data Governance Controls: Cequence extends any compliance and governance controls provided by the API gateways with proactive API risk analysis and remediation. Predefined and custom risk assessment rules help organizations teams find and remediate coding errors that introduce sensitive data handling and authentication vulnerabilities that can lead to data governance and compliance violations.
  • Detect Sophisticated API Attacks: Going beyond basic volumetric protections that most API gateways provide, Cequence UAP uses ML-based analysis based on a threat database with millions of records and behavioral fingerprinting to detect and continually track sophisticated API attacks as they retool to evade detection.
  • Flexible, Real time Mitigation Responses: Real time responses to API attacks range from basic block and rate limit to HTTP header insertion and deception, all executed in real time, per policy or per app, without reliance on integration with third-party WAFs.

Review the API gateway integration guides for Apigee, Kong, MuleSoft and Software AG to learn how the Cequence UAP complements your API gateway, much like ice cream and pie.

Schedule your personalized Unified API Protection solution demo today.

Matt Keil

Author

Matt Keil

Director of Product Marketing

Additional Resources