DEVOPSdigest

Data Theorem introduced an automated API discovery and security inspection solution aimed at addressing API security threats introduced by today’s enterprise serverless and microservices applications, including Shadow APIs.

With this launch, users can automate API discovery and security inspection seamlessly into their DevOps practices and continuous integration/continuous delivery (CI/CD) processes to protect any modern application.

Data Theorem has delivered two new products called API Discover and API Inspect that do not depend on agents, proxies, or gateways that are common with legacy API security tools. Together they address security concerns such as Shadow APIs, Serverless Applications, and API Gateway cross-check validation by conducting continuous security assessments on API authentication, encryption, source code, and logging. The new API security solutions support Amazon’s Lambda and API Gateway tools to discover modern APIs and to enumerate the specification using standards such as Swagger and Open API 3.0.

Data Theorem’s new solution will ensure the operational function of users’ APIs matches their respective definitions. As an example, if an API’s authentication and encryption levels do not operationally match the declared specification, users will be alerted of important and critical vulnerabilities caused by insufficient security protection. The ephemeral nature of serverless applications often makes legacy API security tools irrelevant and unusable. The new API solutions from Data Theorem will also alert users of newly created APIs built upon serverless frameworks and deliver continuous, automated security analysis of these newly created APIs.

The rate of change for developers with today’s modern applications has accelerated due to automation, agile development processes, and DevOps efficiency. However, these practices have introduced a new wave of threats unaddressed by today’s security automation tools. Data Theorem has to date been a complementary solution for traditional application security vendors. Now legacy API gateway tools and container-centric security offerings can also benefit from Data Theorem’s new release.

“Data Theorem has a long and successful history focused on Mobile Application Security and adding support for mobile-centric APIs for the past few years,” said Himanshu Dwivedi, Data Theorem founder and CEO. “However, we saw the need for API security independent of mobile applications that was necessary for the growth in secure modern applications beyond mobile, such as serverless applications. Today’s launch uniquely addresses security concerns in today’s modern application era.”

Data Theorem’s new API Discover and API Inspect security products are available today.