Shadow APIs
Growth of API
The rapid growth of modern applications has led to a dramatic increase in the number of APIs developers are creating. Many of these new APIs are being developed on cloud platforms, leveraging containers as part of microservice architectures. The complexity of microservice architectures requires that developers work closely with their operations team to handle resource allocation and scalability.
Cloud platforms such as Amazon Web Services, Microsoft Azure and Google Cloud Platform have introduced serverless services allowing developers to build applications at scale with less infrastructure complexity and lower costs. Developers can now publish new applications and services within minutes without thinking about resource and infrastructure allocations. These new applications often have API services that enable unintended data loss due to outdated TLS encryption support and lack of proper authentication.
Rise of Shadow API
As adoption of these new cloud serverless services grows, it allows for the creation of rogue APIs called shadow APIs that operate outside of enterprise security. The ephemeral nature of serverless based applications often makes legacy API security tools irrelevant and unusable. Traditional security approaches allow these shadow APIs to go undetected. Many security organizations are now being challenged to discover, track and secure these Shadow APIs.
Discover and Secure Shadow API
Data Theorem’s API Discover allows security and operations teams to discover shadow APIs in public cloud environments. Our cloud-based Analyzer Engine continuously scans the serverless applications to find shadow APIs. Once a shadow API is discovered, an alert is generated notifying security teams. API Discover begins tracking the uncovered shadow APIs and then engages API Inspect for analysis.
“We greatly anticipate the new Data Theorem security services for API discovery and analysis in our DevOps environment. These new API security services are ground-breaking in the changing developer landscape.”
—Michael Machado, Chief Security Officer for RingCentral
Data Theorem’s API Inspect leverages our Analyzer Engine to continuously conduct security assessments on API authentication, encryption, source code, and logging. It ensures the operational function of users’ APIs matches their respective definitions. Security team are alerted of important and critical vulnerabilities caused by insufficient security protections. API Discover and API Inspect work together to bring visibility to shadow APIs and ensure that security standards are being met.
Data Theorem is a leading provider of modern application security. Its core mission is to analyze and secure any modern application anytime, anywhere. The Data Theorem Analyzer Engine continuously analyzes APIs, Web, Mobile, and Cloud applications in search of security flaws and data privacy gaps. Data Theorem products help organizations prevent AppSec data breaches. The company has detected more than 5 billion application eavesdropping incidents and currently secures more than 25,000 modern applications for its Enterprise customers around the world. Data Theorem is headquartered in Palo Alto, Calif., with offices in New York and Paris.