News

ATARC Zero Trust Lab Presentation Series

By | Date posted: November 1, 2021

Zero Trust Presentation

Join ATARC and Forum Systems for the ATARC Zero Trust Lab Scenarios from 11:00  AM  – 1:30 PM on Friday, November 5. See how the ATARC Zero Trust Lab showcases technical architectures and Original Equipment Manufacturer (OEM) hardware and software solutions to address the Zero Trust use cases as defined by CISA. By enabling this hardware and software evaluation environment, ATARC has created a unique space for Federal agencies to better assess software products.

The Forum Sentry product from Forum Systems is a state-of-the-art, rapidly scalable, rules-based security technology that will allow Federal organizations to deploy a best in-class, nimble, agile, and highly performant enterprise Policy Enforcement Point (PEP) solution for a Zero Trust network model. Forum Sentry unifies information assurance, continual dynamic authentication, and deep-content data analysis to achieve Zero Trust security. This comprehensive approach provides capabilities across the core pillars of the Zero Trust Capability Model.

Forum Sentry is a uniquely qualified product built as a security hardened technology from the ground up. It combines authentication, authorization, data security, data privacy, data leakage, intrusion prevention, and full transaction audit logging. Forum Sentry is deployable in hardware or virtual formats (such as hardware appliance, VMWare Image, Amazon Image, Azure Image, Docker Image, Linux Image, and Windows Image).

We deliver Zero Trust by using Forum Sentry as the secure Information Assurance PEP to ensure continual authentication, authorization, and inspection of the devices, applications, and users. The technology provides a logical abstraction of the application and performs traffic flow analysis and enforcement without impacting the existing applications. This approach delivers on the NIST SP 800-207 Zero Trust tenants.

SSO and OKTA PEP – Case Study by AssetMark

By | Date posted: April 27, 2020


AssetMark’s versatile eWealthManager advisor and investor platform is a one-stop portal that combines both client management and account administration functions. Secure single sign-on (SSO), seamless federation with technology partners, and secure multi-factor authentication (MFA) are all critical aspects of the portal to ensure high customer satisfaction while enforcing modern security requirements.  A significant challenge for AssetMark was centralizing various internal and cloud-based identity and access control technologies with an on-premise, high performant, cyber-secure Policy Enforcement Point (PEP).  To complicate matters, the eWealthManager portal services multiple types of users whose experience accessing, and then within, the portal may vary greatly depending on who they are.

To meet these challenges, AssetMark deployed Forum Sentry as an in-line gateway/cyber-secure PEP to provide dynamic data security for the bi-directional traffic (data coming in and data going out).   Forum Sentry combines data security with identity policy enforcement to provide a seamless user experience and agentless PEP to unify SSO across multiple identity repositories and SaaS providers such as OKTA.  

By adopting Forum Sentry as its portal gateway and cyber-secure policy enforcement point, AssetMark has been able to achieve high customer satisfaction while delivering a fast, modern, and secure SSO experience for their varying user groups.

Read the full case study here

 

Aite Group – Rise of API Security Gateways

By | Date posted: March 31, 2020

Rise of the New API Security Gateway Market

“Out of all the ASGs, Forum was the most remarkable solution we reviewed”


The rise in API data breaches means traditional API gateways with security as a feature and legacy web application firewalls have offered enough empirical data that these technologies are no longer sufficient to protect organizations and their data.

This report proposes a new product category of API security gateways (ASGs) designed to secure organizational externally facing and internally facing APIs in order to highlight the failure of using API gateway solutions to secure APIs. It also emphasizes a need to decouple ASGs from the API gateways product category and explains why attempting to secure APIs against cyberattacks with API gateways and web application firewalls is ineffectual.

Download the Aite Group Report on API Security Gateways to learn why Aite Group recognizes Forum Systems as a leader in API Security and Zero Trust.

KuppingerCole 2020 Leadership Compass

By | Date posted: February 7, 2020

KuppingerCole 2020 Leadership Compass – API Management and Security

Forum Systems named Overall Leader, Product Leader, and Innovation Leader in KuppingerCole 2020 API Management and Security Leadership for it’s flagship product Forum Sentry.

“Forum Systems, which had the distinction of being the product Leader in our previous, more security-focused Leadership Compass, is still being recognized for its continued ‘security first’ approach in their product design, as well as ongoing innovations in areas like DevOps and API analytics.” — Alexei Balaganski, KuppingerCole.

Download the KuppingerCole 2020 API Management and Security Leadership Compass to learn why the leading German analyst firm has named Forum Systems a leader in API Management and Security.

 

HostingAdvice – API Security By Design

By | Date posted: October 3, 2019


“…Application programming interfaces (APIs) — or sets of instructions that allow apps to interact with one another — are popular because they reduce coding time, serve as a consistent baseline for many apps, and help spur innovation.

But, as with many things in life, they have a downside: More and more, we see APIs targeted as some of the most vulnerable points of modern infrastructure. In August 2017, for example, reporters revealed that hackers had exploited an unauthenticated API on the Panera Bread website to leak the personal data of 37 million customers.

The problem, according to Jason Macy, CTO of Forum Systems, is that lightweight API gateways and software-based identity enforcement points aren’t purpose-built to protect API endpoints or the technology serving integration points.
…”

Read full article on HostingAdvice.com

 

APIs: Risks, Potential and Security Solutions

By | Date posted: November 1, 2018

 

“…government is a sector that already takes API security extremely seriously. Governments need APIs to connect together their vast numbers of IT systems and data stores, and to provide their workforces with modern user interfaces, and mobile access. Without APIs, the task would be impossibly expensive. Without API security, sharing data and connecting applications would be too risky.” – Moderator, Infosecurity Magazine

The UK Biometrics Service typifies the type of deep integration possible through APIs.

The Home Office systems hold 120 million biometric records and supplies services to over 50 organizations and 45,000 users, in the UK and overseas. Each year the service handles four million visa applications, six million passport applications and six million border checks. That is in addition to providing fingerprint data to police forces…

….

Read full article on InfoSec Online

 

CSO Review: Protecting API Connections with Forum Sentry

By | Date posted: October 19, 2018

 

“The Forum Sentry API Security Gateway goes beyond access control and deep into security, monitoring all the connections that it forms between systems and enforcing very granular security policies.”  — John Breeden II, IDG.

One thing that makes Forum Sentry so powerful is the fact that almost every conceivable legacy protocol and program type has been built into the appliance. This makes is possible to do things like control a legacy application using an iPhone, which was not even conceived, much less invented, when the legacy application was created. Forum Sentry handles the access controls on both ends, translating requests and commands so that each part can communicate. For organizations with legacy technology that they don’t want to overhaul, Forum Sentry could offer a less cumbersome solution to bring it into the modern age….

Read full article in CSO Online