The Cequence API Security platform v5.1 release combines the Bot Defense and API Sentinel capabilities into a single integrated release and adds new capabilities to streamline administration and enhance API vulnerability and automated bot attack mitigations.
Following are the key new features in v. 5.1:
Enhanced Role-based Access Control
Administrators can now delegate access to the Cequence dashboard, enabling users to access specific functions and roles. Such users may log in to the Cequence dashboard with access only to certain Bot Defense functions, API Sentinel functions, or a combination of both. This enables administrators to limit access to users based on their granted roles thus reducing the risk of unauthorized configuration or policy changes.
SIEM and SOAR Analytics Enhancements
Bot Detection and Mitigation events can now be exported to an Amazon S3 bucket. Administrators can use this feature to regularly export such events to an S3 bucket from where the files can be processed by third-party analytics products. This enables administrators to process event findings using their enterprise analytics products like SIEM or SOAR systems for offline analysis.
Blocking of Bad Traffic Based on Confidence Scores
Administrators can now set policies that dynamically block bad traffic based on confidence scores computed by the Cequence API Security platform. Using this feature, administrators no longer need to manually tweak policies to add, edit or remove fingerprints or IP addresses. This feature automatically profiles incoming traffic and identifies bad fingerprints based on behavioral patterns.
Faster Identification of Attacks on Hosts, And Root Causes
A new pivot has been added to the Bot Detection dashboard to pivot findings based on the Host value. This will help administrators to quickly identify the hosts that are being targeted by malicious automation or bots. New operators in the Bot Detection dashboard now allow administrators to filter the fingerprint list based on their presence or absence in certain datasets. This will allow them to be more efficient in analyzing the fingerprints of interest to get to the root cause of automated attacks faster.
Detection of Sensitive Data Exposure with Low False Positives
API Sentinel introduces new context-aware sensitive data detection using a Natural Language Processing (NLP) machine learning technique. This allows security teams to find sensitive data exposure using contextual clues (e.g., presence of keywords close to the actual detected value). This complements and extends the Regular Expression-based sensitive data detection, thereby improving the accuracy and scope of sensitive data detection out-of-the-box.
Generation of OpenAPI Specifications for Discovered APIs
In some customer deployments, enterprises end up discovering APIs using Cequence that they were unaware of, either because those APIs belonged to a legacy application that may not even have an owner anymore, or because those APIs were exposed publicly without explicit review or approvals from the security teams. This recently happened at a customer – one of the largest telcos in the US – three internal API endpoints were accidentally exposed to the public – detected by Cequence on Day 1 to avoid leakage of any sensitive information. In cases where specifications are incomplete, outdated, or non-existent, security teams may not have the full context of why such APIs were exposed publicly and their security posture.
Cequence can now automatically generate OpenAPI specifications for discovered APIs. This allows security teams to baseline discovered APIs to the runtime behavior observed by Cequence, including usage of authentication and other security schemes, headers, query parameters and body payloads. Security teams can then share the automatically generated specifications with the application owners and extend the specifications to the desired security posture expected from the APIs.
Origins of Malicious Traffic Improvements
Administrators can now export the HTTP Referrer field in data export integrations to external systems such as syslog, SIEM and SOAR. This field can provide additional context about the clients that were blocked by the Cequence API Security platform to better inform security and fraud analysts about where malicious traffic was originating from.
The Cequence API Security platform is the only solution on the market that addresses the API security problem with a prevention first approach that natively detects and mitigates billions of attacks and vulnerabilities against APIs for our F500 customers every day.