Two trends are happening in API security:
- Technologies and methods to achieve API security are evolving fast. An example is Google Cloud adding API security features to Apigee.
- API security is growing more visible daily with recognitions such as Neosec being named as a 2022 Gartner(r) Cool Vendor1
The two examples help explain why Neosec is now integrated with Google Cloud Apigee API Management Platform. The purpose of this article is to dive deeper into this integration and its benefits.
Neosec Advanced API Security
The Neosec API Security Platform is highly differentiated from other API security offerings with its cloud-based approach, leveraging cloud automatic scaling and compute power to gather and enrich API activity data, as well as apply machine learning to it to deliver behavioral analytics and uncover threats not seen by other solutions. Further, the platform offers both customer-friendly and managed API threat hunting service. With this in mind, consider the integration with the Apigee API Management Platform.
Neosec API Traffic Data Collection from Apigee API Management Platform
The Neosec platform leverages concepts originally created for the now common eXtended Detection and Response systems (XDR). Extended detection in the case of API security means gathering API activity data from as many of the best data sources as possible. The Apigee API Management Platform, with its API gateway functionality, offers a rich source of API activity data for the Neosec platform to perform behavioral analytics and threat hunting on.
Broad, Continuous API Traffic Collection Is Crucial
As discussed here, the only way to prevent danger from shadow and zombie APIs is to ensure both broad-based and continuous API activity data collection into a solution like the Neosec platform. This is what makes the Neosec and Apigee integration such a formidable solution. Among dozens of different integration options, Neosec integrates with both Apigee Edge and Apigee X, and continues to ensure API traffic coverage from anywhere is protected–whether from public clouds, customer private clouds, and now including Google Cloud Platform.
Neosec and Apigee Integration: A Deeper Dive
The Apigee and Neosec integration enables delivery of API activity data for analysis, without any code changes to both applications or any Apigee components taking place at the Apigee policy configuration level. A secondary benefit of this architecture is that it is ‘set and forget’. As Apigee proxies are instantiated to service more traffic, the same policies are applied. Further, as this approach leverages Apigee’s logging policies, there is only a negligible effect on proxy performance: in the low single millisecond range of additional latency.
Neosec is pleased to welcome the entire global Apigee customer base, through our integration with Apigee Edge, and, of course, support for Apigee X in Google Cloud Platform.
The diagram above shows a crucial point: the Neosec architecture can capture data from API Management platforms like Apigee and also from unmanaged APIs, or APIs managed by other vendor solutions.
Organizations using both Apigee and Neosec have verified all the integration attributes discussed above, and a leading Apigee solution architect reviewed and OK’d the integration.
Apigee user or not, if this article has been interesting, consider requesting a free trial of Neosec API security.
1. The GARTNER, COOL VENDORS and the GARTNER COOL VENDOR badge are trademarks and service marks of Gartner, Inc. and/or its affiliates and is used herein with permission. All rights reserved. Gartner does not endorse any vendor, product or service depicted in its research publications and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s Research & Advisory organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
API Security: Debunking the Myths
Learn the fundamentals of API security. Made for security leaders and practitioners to increase their foundational knowledge about API security and best practices.DOWNLOAD NOW