Authored by Ali Wasti, Managing Director, Shawn Ranjbaran, Principal, and Jeff Chang, Analyst, Hewlett Packard Pathfinder
To read about Pathfinder's recent investment in Cequence Security, click here.
Application programming interfaces, or APIs, provide an integration pathway between computer programs connected by the Internet and have become the digital highways of modern applications. Already widespread and used across industries, APIs will continue to proliferate through the adoption of digital transformation and microservices architecture, which relies on APIs to communicate and provide services such as an Uber request or Amazon fulfillment.
APIs frequently handle the movement of sensitive data and have increasingly become one of the most common targets by malicious actors who exploit vulnerabilities such as broken object level authorization, broken user authentication, and excessive data exposure, which currently rank as the top three API security threats, respectively¹. Bots, software programs that automate human tasks, pose a significant threat to API security, as they can scale to capitalize on vulnerable APIs by gaining access to valuable data or compromising systems entirely (e.g., bots that auto-create numerous bank accounts to conduct untraceable, illicit transactions). Highlighting the significance of API security, Gartner predicts that this year, API abuses will become the most prevalent attack vector for enterprises² ³.
Hewlett Packard Pathfinder believes that due to the prevalence and complexity of APIs within the modern enterprise, companies have become dependent on secure API communication for critical business functions. As a result, API security will remain a critical component of an organization’s cybersecurity strategy, yet existing solutions struggle to identify and prevent sophisticated API attacks. For example, Web Application Firewalls were designed to protect traditional web applications, rather than the unique architecture of APIs, and lack the necessary context and granular visibility into API traffic to be effective. Tools that help reduce errors in the development process are also not enough given that even error-free APIs can still be vulnerable. Even specific API security tools, such as API Gateways, lack fundamental capabilities around discovery and detection that leave enterprises unguarded.
Cequence Security, an API and Application Security company, addresses modern API security challenges in real-time by combining API threat protection and bot management capabilities in a comprehensive, end-to-end solution. These capabilities span the entire API lifecycle by identifying all public facing and internal APIs, providing a full API inventory, utilizing machine learning (ML) to detect & block attacks in real-time, and applying shift-left best practices to prevent attacks. Cequence can be deployed wherever APIs and applications are, whether in on-premise, cloud, or hybrid environments. Once in place, users can tag applications and endpoint-specific traffic to secure them against vulnerabilities and attacks. Additionally, by leveraging the largest API threat database and its ML-powered traffic analysis, Cequence creates a behavioral fingerprint of every attack, which it uses to continually track attackers as they modify their actions to evade detection. Finally to complete the cycle, as ML models are continually enhanced based on the latest threats they are pushed back to customers as updates. Collectively, its end-to-end approach combined with its ML-powered API traffic analysis enable Cequence to provide bot detection & mitigation, uniquely positioning it in the market.
Founded by cybersecurity veterans Ameya Talwalkar (CEO) and Shreyans Mehta (CTO), Cequence Security is on a mission to “protect today’s hyper-connected enterprises”. The pair previously worked together at Symantec, where they led the development of advanced products in detection and prevention. Today they lead a company that safeguards 6 billion APIs daily, comprising of approximately 2 billion user accounts, and $9T in business value across customers including American Express, Vanguard, and Ulta Beauty and many more.
Hewlett Packard Pathfinder is excited to partner with Ameya, Shreyans, and the rest of the Cequence team as they continue to innovate in the API and Application Security markets. We are not alone in our enthusiasm as Gartner has recently recognized Cequence, and no other vendor, in both the “API Threat Protection” and “Bot Management” segments in multiple Hype Cycles. Pathfinder views a potential partnership between Cequence and HPE as accelerating delivery of a more secure HPE GreenLake Cloud Platform (GLCP) by leveraging the robust and proven security solutions Cequence offers. We look forward to continue exploring joint go-to-market opportunities with Cequence to help customers strengthen their security posture. At a time when APIs are among the most targeted attack vectors, we believe Cequence is a critical player in protecting enterprises that are building and running modern applications we all rely on and are thrilled to be their partner.
¹https://apisecurity.io/encyclopedia/content/owasp/owasp-api-security-top-10.htm
²https://www2.deloitte.com/us/en/insights/focus/tech-trends/2022/future-of-cybersecurity-and-ai.html
If you like this article consider subscribing to our bi-monthly newsletter to get information about our portfolio, solutions, and insights delivered to your inbox.