The Neosec team is delighted that we have been named as a 2022 Gartner Cool Vendor in Application Security: Protection of Cloud-Native Applications.[1]

gartner_cool_vendor_2022

Neosec is one of only three vendors included in this report. The Neosec profile is authored by Gartner Analyst Jeremy D'Hoinne. Let's dive into some insights from the report.

Why are APIs the perfect target?

Two quotes from the report[1] help explain why API’s are the perfect target:

  1. APIs are the perfect target for attackers because they form a rapidly expanding attack surface and have growing business value, but have seen slower progress in terms of defense programs and technical controls
  2. In Predicts 2022: APIs Demand Improved Security and Management[2], Gartner predicts that the explosive growth of APIs will leave most of them unmanaged and unsecure. Security teams are limited to generic web application security controls, until they add automated API discovery capabilities. Discovery is the first step toward more granular and specialized controls

Understanding why APIs are the perfect target requires explanation. Let’s take a closer look.

As per Gartner,

"Software engineering leaders are rapidly adopting APIs to improve connectivity and enable digitization, but face an increased challenge of securely managing API sprawl" also in Predicts 2022: APIs Demand Improved Security and Management (Subscription required). The report also predicts that "By 2025, less than 50% of enterprise APIs will be managed, as explosive growth in APIs surpasses the capabilities of API management tools".

Clearly, API Security is increasingly identified as a big and growing problem. The Neosec API security platform finds API vulnerabilities and threats even as the number of APIs deployed grows and the volume of API traffic increases.

Many APIs are undiscovered by security teams: This volume of shadow APIs is high. In our customer discussions we find that most do not have an accurate API inventory. The reason for this is that APIs have sometimes been rapidly deployed. The result is that some have not been evaluated for vulnerabilities so are susceptible to exploitation.

As per Gartner in the report[1]

"Who Should Care:

Any organization producing APIs that can become an “open door” to sensitive customer, employee or business data".

The openness of APIs can expose the central core of the business to the outside, allowing easy access for bad actors and means they can be exploited by business logic abuse.

If you assume that APIs are going to be abused, you must understand the baseline of acceptable usage. The problem here is that every API is unique so understanding what is normal versus abnormal behavior is difficult. This is where big data and behavioral analytics become vital.

Finally, the harsh reality is that APIs are largely undefended. Relying on other technologies like WAFs or API Gateways for security is worrying when they were never designed to provide active protection for modern APIs.

As per Gartner in the report[1]

"Who Should Care:

Application security program managers focused on virtual patches deployed on runtime controls, such as a web application firewall, as this approach has limits for emerging technologies".

With all these issues, it is easy to see why APIs are the perfect target for bad actors.

What is behavior-based anomaly detection required for API Security?

Behavior-based anomaly detection is in Neosec’s DNA: I helped invent XDR and started Neosec to apply the ideas around XDR to the API security challenge. We believe that API traffic data-centric behavioral analytics provides the fastest and most comprehensive risk detection.

API anomaly detection requires cloud scale

Everyone knows the primary benefit of SaaS: the solution is not customer managed, but, rather, delivered as a service. The Neosec SaaS implementation goes much further: we gather so much data that we leverage cloud scale to apply behavioral analytics to API traffic. Historical data enables identification of deviations from norm, and it enables human-assisted threat hunting in addition to our powerful analytics. 

Neosec fosters the DevSecOps culture

In every customer engagement, we explain to the operations team that APIs are different from their web apps, where the javascript was written by the developers. APIs are simply published and there is no control over the client end. The developers have a sense of this but perhaps not until Neosec uncovers an API abuse based on unexpected use of the API. When we alert on abuse, it enables the DevSecOps collaboration to happen within our customers. Similarly, we help uncover operational errors, such as a lack of rate-limiting configuration, which is crucial in machine-to-machine traffic, and common in North-South APIs. The ability to provide behavioral context, discover any vulnerabilities, and troubleshoot any misconfigurations enables both security professionals and developers to work closer and improve collaboration.

Behavioral analytics finds deviations from normal behavior

Understanding normal behavior is essential. This happens by evaluating every request and enriching it with additional contextual data such as geo-location. This baseline of normal behavior is continuously enhanced with each new request.

Consider this trivial example: a business partner’s traffic normally originates from a specific location over a period of weeks. Then one day the Neosec platform sees new API requests, but now from a different location. How does Neosec identify the different location? First, our data enrichment provides location. Second, the platform saves sufficient historical data to establish what is baseline normal, and our advanced analytics detect the new location. Then more behavior changes. The partner begins enumerating through each invoice that indicates the user is data scraping those invoices. This behavior is abnormal and creates an alert about data scraping and notifies that this partner’s account is compromised. 

Behavioral analytics finds context by analyzing historical data, detects changes from the baseline to understand everything that happened before, during, and after the attack. The timeline of the attack is available for review. It’s the difference between seeing a photo versus a video of a car crash. 

 API abuse is more than just discovery and identifying OWASP vulnerabilities. In advanced API threat protection, Neosec behavioral analytics detects API abuse and provides full visibility and control to see and investigate when it happened and understand the true story of the attack.

Neosec solves the main challenges of API security

Just to fill in the details about the Neosec API Security platform. We offer the following: 

  • Broad API Discovery: Neosec performs broad-based and continuous discovery. We gather API activity data. From log capture to traffic mirroring, we find all your APIs, including shadow APIs. And we don’t quit gathering because we have cloud scale. Plus, we tokenize any data you feel is sensitive before it leaves your environment.
  • Risk Posture: We cover vulnerabilities starting from the OWASP API Top 10 and well beyond into our AI.
  • Threat Detection using API Behavioral Analytics: By collecting data over time, we can establish a baseline for normal behavior, and then rapidly detect deviations from the baseline. Our analytics can identify whether deviation behavior represents API Abuse.
  • Response and Prevention: For both vulnerabilities and behavioral analysis, we have a flexible, granular response framework. We’ll forward security alerts, based on your thresholds, where you need them. We can create a JIRA for your development team. Or you can request mitigation on the supported inline devices, such as the API Gateway. You have the control to perform any required actions.
  • Threat Hunting and Investigations: The Neosec platform offers a rich user interface that enable humans to apply their experiences to the enriched and organized data, to find and investigate possible threats beyond what our powerful analytics have found.

API threat protection is finally cool!

We fear that organizations who worry about their API blindspot might not believe that API discovery, to solve their problem is enough. But the true value of advanced API threat protection is in understanding abuse and finding deviations from normal behavior. Enterprises and security professionals must look to the future and solve the looming problems, not the ones immediately in front of them today.

Neosec is only seven months from stealth, and we’re sufficiently differentiated in the market to be cool!

 

 

 

 

[1] Gartner, “Cool Vendors in Application Security: Protection of Cloud-Native Applications”, Ravisha Chugh, Joerg Fritsch, et al., April 12, 2022.

[2] Gartner, “Predicts 2022: APIs Demand Improved Security and Management”, Shameen Pillai, Jeremy D'Hoinne, et al. , Dec 6, 2021.

The GARTNER, COOL VENDORS and the GARTNER COOL VENDOR badge are trademarks and service marks of Gartner, Inc. and/or its affiliates and is used herein with permission. All rights reserved. Gartner does not endorse any vendor, product or service depicted in its research publications and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s Research & Advisory organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

FEATURED RESOURCE

Innovation Insight for API Protection by Gartner

Learn the fundamentals of API security. Made for security leaders and practitioners to increase their foundational knowledge about API security and best practices.

DOWNLOAD NOW
Neosec-Blog-Sidebar-Gartner-Innovation-Insights-2a

Gartner provides a view into the scale of API security problems. Learn More.

Newsletter