ThreatX platform gives businesses a clear view of their API attack surface
APIs make life easier for developers by allowing easy access to various program functions. However, this functionality also makes them an increasingly attractive target for attack.
Web application and API Protection platform ThreatX is launching new API catalog capabilities to provide enterprises with a clear view of their API's attack surface, as well as the operational health of any APIs in production.
ThreatX's API Catalog gives enterprises visibility into legitimate, suspicious and malicious requests that hit their APIs. By analyzing and profiling actual traffic, ThreatX discovers and profiles API endpoints, providing users with enhanced visibility into legitimate, rogue and zombie APIs in production.
"API protection must be a core capability of web application firewalls," says Tom Hickman, chief product officer at ThreatX. "Enterprises increasingly demand a single solution that protects all web applications and APIs from all of today's threat vectors, even when they're all part of the same sophisticated attack. We offer our customers the ability to see which endpoints are actually receiving traffic, enabling them to combat a massive botnet attack or simply debug a failed login."
Because it's based on actual traffic, ThreatX's new API Catalog allows organizations to protect endpoints that may have slipped through the cracks of their CI/CD process. It uses application and API traffic analysis to profile, identify and block suspicious activity. This attacker-centric protection can successfully stop suspicious traffic or permanently block requests coming in from suspect entities.
"APIs have become a popular avenue of attack, both due to their criticality and to the fact that many organizations lack the visibility required to properly protect them," says Bret Settle, chief strategy officer and co-founder of ThreatX. "At ThreatX we've created an attacker-centric approach to security which allows us to be very effective in both our WAF and API Protection capabilities."
You can find out more on the company's site.