Blog

The API Security Gold Rush – Network Computing

By | Date posted: May 24, 2018

When it comes to securing the API aspect of networks, should security come before functionality? Jason Macy, CTO at Forum Systems explains why this is the only option

In today’s era of hyper-connectivity, securing your organisation’s systems, data and business-critical processes is harder than ever. As a result of the major IT trends of the last decade, in particular cloud, mobile and IoT, more and more people and applications are connecting to our IT assets than ever before. What’s more, the majority of these interactions are from untrusted entities outside of the organisation’s network perimeter, and almost every one of these interactions relies on an application programming interface (API) to communicate to an application or system, somewhere in the world.

Read full article in Network Computing

 

Risk is Reality: Our Take on the Recent Auth0 Vulnerability

By | Date posted: May 23, 2018

Last month, another major identity management vendor revealed a significant vulnerability. This time it was Auth0.

While conducting its own research, Cinta Infinita discovered the vulnerability in Auth0’s Legacy Lock API. The security firm noted it “was able to bypass password authentication when logging into Auth0’s Management Dashboard by forging an authentication token.”
Read more

5 myths of API security – CSO Magazine

By | Date posted: April 9, 2018

 

Our CTO Jason Macy chats with Terena Bell in her article, 5 Myths of API Security in the April edition of CSO Magazine

In light of Panera Bread’s API-related data breach, here what is — and isn’t — true about protecting application programming interfaces.

Myth #1: API security is a feature, not a technology

According to Jason Macy, chief technology officer at API security management provider Forum Systems, “Many vendors in the API product landscape talk about having features of API security.” In reality, he says, “claiming to have features that provide aspects of API security” is just like “claiming to have features that provide firewall or antivirus security.”

Read the full article

 

Forum Systems API Security Gateway Solutions Now Available on Carahsoft’s GSA Schedule

By | Date posted: April 4, 2018

API-driven vulnerabilities and hacks continue to make headlines, as seen with Coincube, Reddit/Mailgun and Roku. As a result, more people and organizations are (finally) awakening to the seriousness of the threat.

API security is critical to businesses with any type of digital presence, and the stakes are critical for the federal and public sector to protect data and applications. That’s why Forum Systems has continued to champion our unparalleled security-first pedigree and industry-first certifications with rigorous standards such as NIST FIPS 140-2 Level 2 and Common Criteria NDPP.
Read more

Money Mule(Soft): Salesforce Acquires API Integration Company for $6.5 Billion

By | Date posted: March 28, 2018

Well, it has happened again.

Another tech behemoth has made a massive acquisition to bolster its cloud presence – this time in the most expensive cloud software deal in history.

Last fall, it was Google gobbling up Apigee; this week, it’s Salesforce subsuming MuleSoft.

Alliteration aside, what’s the significance of this latest deal, both for the broader industry and for Forum Systems’ customers and partners?
Read more

Are you securing your public cloud APIs? – Digital by Default News

By | Date posted: February 18, 2018

Jason Macy, CTO of Forum Systems discusses why the rise of cloud services must go hand-in-hand with an increased focus on API security

As a direct consequence of the government’s Cloud First policy, highly sensitive information, including names, addresses, National Insurance numbers, tax details, passports, driving licenses and so on, may be stored in data centres operated by the major public cloud providers. These include the likes of Amazon Web Services and Microsoft Azure.

Continue to full article

IAM Attacks, IoT Hubs and API Security Spend, Oh My! We Present Our 2018 Predictions

By | Date posted: December 20, 2017

2017 was a devastating year in security: Equifax, Verizon, WannaCry – enough said. Even more so, the Instagram vulnerability, OneLogin breach, Circle with Disney web filter flaws, Oracle’s Identity Manager vulnerability and Wishbone hack hit close to home, reinforcing what we’ve been preaching ad nauseam: that IAM tools and APIs remain at risk.

The good news, though, is that C-suite executives are continuing to ramp up their investments in security technologies, practices, and education. According to CEB (now part of Gartner), 2017 was the seventh continuous year of budget increases for security; and looking ahead to 2018, Gartner predicts that information security spending will continue to grow, reaching a total of $93 billion.

Read more