One of the hottest trends in Cybersecurity is API Security, and for a good reason. Security organizations have realized APIs are indeed everywhere: on any of their cloud environments and in their datacenters. They’re used to communicate with customer interfaces such as web and mobile apps or to communicate with suppliers and business partners with server to server communication. Used for automation, used for administration — we can go as far as saying any piece of code that’s written in the last three years is either using or exposing an API.
This explosion of APIs comes with many challenges for the average security organization. More often than not, APIs are being developed rapidly (we live in a fast world) and mistakes are very common. Those mistakes can be design flaws, misconfigurations and vulnerabilities such as faulty authorization. It would be impossible to find an organization that is well aware of all the APIs in its environment, especially the ones that aren’t routed through the centric gateway, let alone the data that goes through any of the APIs and who is permitted to access the API or the data behind it.
How does that relate to Theranos? In case you lived in a cave for the past 5 years, Theranos was a “breakthrough” technology company that claimed to have devised blood tests that required only very small amounts of blood and could be performed very rapidly using small automated devices the company had developed. The only problem? The device didn’t work properly and produced inaccurate results. Turns out the tiny sample of blood is actually not enough.
In a very similar fashion, API Security solutions are boasting their “breakthrough” AI models, claiming you’ll never worry about your APIs again. The problem is, just like Theranos, those companies are relying on a very narrow window into your environment. Integrating only with your central API gateway, providing you with a very simplistic view of inventory and then bombarding you with “threats” or “attackers” that are mostly false and are not very actionable.
Sounds familiar? A complete and superior solution is now available. We at Noname Security recognized the problem as it truly is: complex and requires a very unique approach and architecture. This is why we created our platform which, though difficult to develop, is simple to use and requires no agents and no network modifications on our customers end. We provide real value and solve the real issue of API Security. Interested in learning more?
This post first appeared on the Noname Security blog at https://nonamesecurity.com/blog/looking-for-an-api-security-solution-beware-of-the-new-theranos
