Application development today is all about building micro services and containerizing legacy apps. With either approach, you end up with a large number of publicly and privately exposed Application Programming Interfaces, or APIs.
The term is often thrown around by people who have no earthly idea what an API is. But if you know only one thing about APIs, let it be this: APIs are potentially an incredibly porous, main-line-into-the-vein security vulnerability for your enterprise.
Big problems generate big business opportunities as technology companies realize there’s a white space to profitably fill. Thus, the emerging “API security” product category.
Noname Security outlined its product today at Security Field Day 9 (#XFD9). Watch the video presentation at GestaltIT’s website. You might also find this (blessedly two-page) white paper a useful intro to Noname’s approach to API security.
Impressive as it is, one has to wonder how #Noname — or any security company — can overcome the two big obstacles to any emerging software technology:
- How do we get app dev groups to readily adopt this category of security product?
- How do we integrate this category with the myriad of other security products that compete for app dev attention?
The answer to the first may seem simple: the CISO tells app devs they have to do it. Never worked before; won’t work here. For the second, we can simply wait for the inevitable consolidation in the security marketplace.
Fortunately, we don’t need to solve these here — and issues like these should not be a barrier to adoption of API security. My takeaway from today’s briefing is that Noname’s product is a stunner — something you should consider adding now to the security product arsenal.
I was especially impressed with its ability to work “up” from network traffic to give an approximation of what the API is doing from raw packet transfer. Also impressive: the way in which it can categorize APIs just from a public domain name.
Your business is what you expose via your APIs. Make sure you aren’t exposing your “private parts.”