SSO and OKTA PEP – Case Study by AssetMark

By | Date posted: April 27, 2020

AssetMark’s versatile eWealthManager advisor and investor platform is a one-stop portal that combines both client management and account administration functions. Secure single sign-on (SSO), seamless federation with technology partners, and secure multi-factor authentication (MFA) are all critical aspects of the portal to ensure high customer satisfaction while enforcing modern security requirements.  A significant challenge for AssetMark was centralizing various internal and cloud-based identity and access control technologies with an on-premise, high performant, cyber-secure Policy Enforcement Point (PEP).  To complicate matters, the eWealthManager portal services multiple types of users whose experience accessing, and then within, the portal may vary greatly depending on who they are.

To meet these challenges, AssetMark deployed Forum Sentry as an in-line gateway/cyber-secure PEP to provide dynamic data security for the bi-directional traffic (data coming in and data going out).   Forum Sentry combines data security with identity policy enforcement to provide a seamless user experience and agentless PEP to unify SSO across multiple identity repositories and SaaS providers such as OKTA.  

By adopting Forum Sentry as its portal gateway and cyber-secure policy enforcement point, AssetMark has been able to achieve high customer satisfaction while delivering a fast, modern, and secure SSO experience for their varying user groups.

Read the full case study here


Aite Group – Rise of API Security Gateways

By | Date posted: March 31, 2020

Rise of the New API Security Gateway Market

“Out of all the ASGs, Forum was the most remarkable solution we reviewed”

The rise in API data breaches means traditional API gateways with security as a feature and legacy web application firewalls have offered enough empirical data that these technologies are no longer sufficient to protect organizations and their data.

This report proposes a new product category of API security gateways (ASGs) designed to secure organizational externally facing and internally facing APIs in order to highlight the failure of using API gateway solutions to secure APIs. It also emphasizes a need to decouple ASGs from the API gateways product category and explains why attempting to secure APIs against cyberattacks with API gateways and web application firewalls is ineffectual.

Download the Aite Group Report on API Security Gateways to learn why Aite Group recognizes Forum Systems as a leader in API Security and Zero Trust.

KuppingerCole 2020 Leadership Compass

By | Date posted: February 7, 2020

KuppingerCole 2020 Leadership Compass – API Management and Security

Forum Systems named Overall Leader, Product Leader, and Innovation Leader in KuppingerCole 2020 API Management and Security Leadership for it’s flagship product Forum Sentry.

“Forum Systems, which had the distinction of being the product Leader in our previous, more security-focused Leadership Compass, is still being recognized for its continued ‘security first’ approach in their product design, as well as ongoing innovations in areas like DevOps and API analytics.” — Alexei Balaganski, KuppingerCole.

Download the KuppingerCole 2020 API Management and Security Leadership Compass to learn why the leading German analyst firm has named Forum Systems a leader in API Management and Security.


HostingAdvice – API Security By Design

By | Date posted: October 3, 2019

“…Application programming interfaces (APIs) — or sets of instructions that allow apps to interact with one another — are popular because they reduce coding time, serve as a consistent baseline for many apps, and help spur innovation.

But, as with many things in life, they have a downside: More and more, we see APIs targeted as some of the most vulnerable points of modern infrastructure. In August 2017, for example, reporters revealed that hackers had exploited an unauthenticated API on the Panera Bread website to leak the personal data of 37 million customers.

The problem, according to Jason Macy, CTO of Forum Systems, is that lightweight API gateways and software-based identity enforcement points aren’t purpose-built to protect API endpoints or the technology serving integration points.

Read full article on


APIs: Risks, Potential and Security Solutions

By | Date posted: November 1, 2018


“…government is a sector that already takes API security extremely seriously. Governments need APIs to connect together their vast numbers of IT systems and data stores, and to provide their workforces with modern user interfaces, and mobile access. Without APIs, the task would be impossibly expensive. Without API security, sharing data and connecting applications would be too risky.” – Moderator, Infosecurity Magazine

The UK Biometrics Service typifies the type of deep integration possible through APIs.

The Home Office systems hold 120 million biometric records and supplies services to over 50 organizations and 45,000 users, in the UK and overseas. Each year the service handles four million visa applications, six million passport applications and six million border checks. That is in addition to providing fingerprint data to police forces…


Read full article on InfoSec Online


CSO Review: Protecting API Connections with Forum Sentry

By | Date posted: October 19, 2018


“The Forum Sentry API Security Gateway goes beyond access control and deep into security, monitoring all the connections that it forms between systems and enforcing very granular security policies.”  — John Breeden II, IDG.

One thing that makes Forum Sentry so powerful is the fact that almost every conceivable legacy protocol and program type has been built into the appliance. This makes is possible to do things like control a legacy application using an iPhone, which was not even conceived, much less invented, when the legacy application was created. Forum Sentry handles the access controls on both ends, translating requests and commands so that each part can communicate. For organizations with legacy technology that they don’t want to overhaul, Forum Sentry could offer a less cumbersome solution to bring it into the modern age….

Read full article in CSO Online


Product vs Toolkit – API and IAM Security

By | Date posted: September 11, 2018


“Product vs toolkit – What’s the difference when it comes to API and IAM security? Jason Macy, CTO at Forum Systems explains the difference between toolkits, agents, and adapters versus purpose-built security products.

The issue is that API and IAM technologies are toolkits based on frameworks, and adapter-based solutions. Marketing for API toolkits and IAM toolkits tout security features which state terms such as ‘encryption’ and ‘access control’ to lull customers into complacency. By stating security over and over, customers believe they are safe. In fairness, the toolkit vendors are not to blame since their marketing is driven out of the need to placate their customers’ concerns about security. As the cyber-threats continue to evolve, so does the marketing speak.

As IAM and API toolkits, frameworks, and adapter-based solutions continue to claim to be security products, customers must look beyond the marketing statements to understand the difference between a security product and a toolkit.

Read full article in SC Magazine