API Security: Separating Truth from Fiction
- LANGUAGE: English DATE: Thursday, March 14, 2019 TIME: 4:00pm CET, 11:00am EDT, 8:00am PDT
Unfortunately, the rapidly growing need to expose and consume various APIs as quickly and easily as possible has led to various compromises often made at different stages of architecting modern IT systems. Notably, for many businesses, the very notion of API security is still something completely foreign or an afterthought at best. There are quite a few common misconceptions surrounding this topic, such as the idea that existing security tools like web application firewalls or antiviruses are perfectly capable of securing APIs or that the whole issue can be avoided by simply not exposing an API to the world.
As the latest high-profile security breaches where APIs were used as the primary attack vector indicate, this cannot be further from the truth. Securing your APIs properly should always start with a strategy that incorporates both existing tools as well as specialized API security solutions that can analyze, harden, monitor and defend your APIs across their full lifecycle. And don’t forget that 3rd party APIs that your business relies upon must be protected just as carefully as your own.
Join this KuppingerCole webinar where we’ll discuss the following topics:
- The extent of API proliferation in modern businesses and the risks of not having them under control;
- Modern API standards (and lack thereof) and specific security challenges APIs are facing;
- Common misconceptions about securing APIs and how to separate truth from fiction;
- The scope of API security and the evolution of API security tools and solutions;
- Designing a comprehensive API strategy that involves every responsible party;
- Practical recommendations that you can start implementing right after this webinar.
In the first part of the webinar, Alexei Balaganski, Lead Analyst at KuppingerCole, will provide a general overview of the recent developments and security challenges for the API economy. He will talk about the importance of a proper API security strategy that combines not just tools, but people and processes across multiple business units of your company.
In the second part, Isabelle Mauny, co-founder and Chief Product Officer of 42Crunch, will present the alternative approach towards API security that spans across the whole API lifecycle and ensures continuous protection during development, deployment and production runtime of any business-critical API. She will offer practical recommendations and talk about concrete API security policies based on industry best practices.
The 42Crunch platform offers a set of integrated services that can be leveraged as part of the APIs’ DevSecOps cycle:
* API Contract Security Audit: An exhaustive security audit of the OpenAPI definition, with detailed security scoring that helps developers define and strengthen their API contracts.
* API Contract Conformance Scan: A scan of live API endpoints that discovers potential vulnerabilities and discrepancies in your API implementation against the API contract.
* API Protection: A straightforward and easy way to protect APIs and apply policies that can be deployed in our lightweight, low-latency, API-native micro firewall. API Firewall automatically enforces traffic based on your API contract and applies security policies to protect API endpoints wherever they are.
The march of the cloud is unstoppable. Eager to outsource the tedious and expensive maintenance of their IT infrastructures to a reliable 3rd party, most companies would dream of becoming cloud-native, at least in the long term. Needless to say, letting someone else run your identity management out there sounds like a great idea as well, hence the rising popularity of Identity-as-a-Service solutions that combine the latest technology achievements with the flexibility of the cloud.
Come to the place where the Digital Transformation is happening. The European Identity & Cloud Conference, held from May 14-17, 2019, offers a mixture of best practice discussions, visionary presentations, and networking opportunities with a future-oriented community. More than 800 thought leaders, leading vendors, analysts, executives, and end-users get together in Munich to be inspired by a list of world-class speakers.