Archives Forum Systems

What’s in a (Security) Name? Turns Out, Plenty

By | Date posted: November 7, 2018

“Who would claim to be that who was not? Hmm?”

This iconic rhetoric, from the 1987 film, “The Untouchables,” was delivered by Sean Connery’s street-wise policeman Jim Malone when he first meets Kevin Costner’s principled treasury officer Eliot Ness.

The highlight reel: Ness was upset that Malone didn’t investigate him further after discovering Ness, who identified himself as a treasury officer, was carrying a concealed weapon. As fans of the film know, the two ultimately form the titular group – The Untouchables – to battle Robert DeNiro’s Al Capone in 1930s Chicago.

While powerful movie dialogue, the answer to the question in the real-word is “plenty.” Vendors are constantly bombarding us with claims that users need to examine thoroughly instead of accepting as gospel.

In the consumer realm, Consumer Reports is a reliable ally. The nonprofit watchdog organization is a steadfast proponent of consumer self-education and frequently produces informative articles on how to decipher labels, particularly those that pertain to food products.

However, in the IT world, it can be more difficult to navigate vendor marketing-speak. That’s especially the case when it comes to security.

The ‘APIcenter’ of Modern Computing – and (In)Security

As we’ve discussed, APIs are the instrumental interconnection points – what we sometimes refer to as “the connective tissue” – of our modern computing architecture. A companion technology, Identity and Access Management (IAM), is also essential in providing the authentication and access control to APIs.

Enterprises understand APIs’ tremendous business value. Unfortunately, so do hackers.

2017 was a watershed year for API (in)security, and 2018 is shaping up to be even worse. High-profile incidents involving Reddit/Mailgun, Roku, Panera and, just this week, Google, continue to demonstrate that the security of APIs is a misunderstood and, far too often, unpracticed discipline.

Knowing (The Difference) is Half the Battle

To help security professionals implement a sound API and IAM security strategy, our CTO, Jason Macy, recently authored an Executive Insight column published in SC Media UK. In the piece, Jason cautions that “API security and IAM security…are starting to lose meaning by their association with vendor marketing that dilutes the definition of security.”

Further, he advises, “customers must look beyond the marketing statements to understand the difference between a security product and a toolkit” as well as frameworks and adapter-based solutions professing similar security claims. “Whereas a toolkit bolts on security” to an architecture that “is vulnerable to attack,” Jason continues, “an API or IAM security product is built with a secure, locked-down architecture with self-integrity checks to ensure the product itself is not able to be compromised.”

Emblematic of this distinction is the API Security Gateway. This technology, Jason states, is “where ‘Security’ means the literal, cyber-hardening of the Gateway product itself so that API and IAM enablement can be done securely and without risk of compromise.”

Last month, one of the central themes of Forum Systems’ annual London API Summit was examining the security shortcomings of toolkits, agents and adapters, and contrasting that with the comprehensive functionality of an API Security Gateway. Similarly, Director of Field Operations Greg DiFruscio also explored this topic in his “Combine API and IAM into a Simplified and Secure Architecture” session at API World 2018.

If you were unable to attend one or both of those events and would like to learn more, please contact us at



APIs: Risks, Potential and Security Solutions

By | Date posted: November 1, 2018


“…government is a sector that already takes API security extremely seriously. Governments need APIs to connect together their vast numbers of IT systems and data stores, and to provide their workforces with modern user interfaces, and mobile access. Without APIs, the task would be impossibly expensive. Without API security, sharing data and connecting applications would be too risky.” – Moderator, Infosecurity Magazine

The UK Biometrics Service typifies the type of deep integration possible through APIs.

The Home Office systems hold 120 million biometric records and supplies services to over 50 organizations and 45,000 users, in the UK and overseas. Each year the service handles four million visa applications, six million passport applications and six million border checks. That is in addition to providing fingerprint data to police forces…


Read full article on InfoSec Online


CSO Review: Protecting API Connections with Forum Sentry

By | Date posted: October 19, 2018


“The Forum Sentry API Security Gateway goes beyond access control and deep into security, monitoring all the connections that it forms between systems and enforcing very granular security policies.”  — John Breeden II, IDG.

One thing that makes Forum Sentry so powerful is the fact that almost every conceivable legacy protocol and program type has been built into the appliance. This makes is possible to do things like control a legacy application using an iPhone, which was not even conceived, much less invented, when the legacy application was created. Forum Sentry handles the access controls on both ends, translating requests and commands so that each part can communicate. For organizations with legacy technology that they don’t want to overhaul, Forum Sentry could offer a less cumbersome solution to bring it into the modern age….

Read full article in CSO Online


Product vs Toolkit – API and IAM Security

By | Date posted: September 11, 2018


“Product vs toolkit – What’s the difference when it comes to API and IAM security? Jason Macy, CTO at Forum Systems explains the difference between toolkits, agents, and adapters versus purpose-built security products.

The issue is that API and IAM technologies are toolkits based on frameworks, and adapter-based solutions. Marketing for API toolkits and IAM toolkits tout security features which state terms such as ‘encryption’ and ‘access control’ to lull customers into complacency. By stating security over and over, customers believe they are safe. In fairness, the toolkit vendors are not to blame since their marketing is driven out of the need to placate their customers’ concerns about security. As the cyber-threats continue to evolve, so does the marketing speak.

As IAM and API toolkits, frameworks, and adapter-based solutions continue to claim to be security products, customers must look beyond the marketing statements to understand the difference between a security product and a toolkit.

Read full article in SC Magazine


eWeek- Forum Systems: Product Overview and Insight

By | Date posted: July 2, 2018

eWeek- Forum Systems: Product Overview and Insight

eWEEK has started a new IT products and services section that encompasses most of the categories that they cover on their site. In it, they spotlight the leaders in each sector, which include enterprise software, hardware, security, on-premises-based systems and cloud services. 

Forum Sentry API Security Gateway enables enterprises and government organizations to create code-free APIs that secure access to complex enterprise applications.

Read eWeek’s Product Overview of Sentry


How to build a secure API gateway – Network Security

By | Date posted: June 29, 2018

We invite you to download and read our CTO Jason Macy’s article featured in Network Security

How to build a secure API gateway 

In this era of hyper-connectivity, where almost every app or application relies on communication to a server or database somewhere, it has become harder than ever to secure an organisation’s systems, data and business-critical processes. Most of the major technology trends that have shaped IT over the past few decades – such as cloud computing, BYOD, IoT and even social media have resulted in more people and entities connecting to corporate IT assets than ever before.

Most of the major technology trends of the past few decades have resulted in ever-greater numbers of connections to corporate IT assets.

At the heart of these connections are application programming interfaces (APIs) that underpin almost every interaction or process and these have quickly become a prime target for attackers. Yet despite their growing prominence, they have largely remained the sleeping giant of our technology-led world, attracting too little attention when it comes to security

Download the article

The API Security Gold Rush – Network Computing

By | Date posted: May 24, 2018

When it comes to securing the API aspect of networks, should security come before functionality? Jason Macy, CTO at Forum Systems explains why this is the only option

In today’s era of hyper-connectivity, securing your organisation’s systems, data and business-critical processes is harder than ever. As a result of the major IT trends of the last decade, in particular cloud, mobile and IoT, more and more people and applications are connecting to our IT assets than ever before. What’s more, the majority of these interactions are from untrusted entities outside of the organisation’s network perimeter, and almost every one of these interactions relies on an application programming interface (API) to communicate to an application or system, somewhere in the world.

Read full article in Network Computing


Forum Systems Named Gold Winner in Info Security PG’s 2018 Global Excellence Awards®

By | Date posted: May 8, 2018

Company’s Industry-leading API Security Gateway Earns Top Honors in API Management and Security Category

BOSTON, May 8, 2018 – Forum Systems Inc., a pioneer in API security technology, today announced that the Info Security Products Guide has named the Forum Sentry API Security Gateway a Gold winner in the API (Application Programming Interface) Management and Security category of the 2018 Global Excellence Awards®.

Read more

Forum Systems to Explore API Security Fundamentals at Midwest Summit

By | Date posted: April 17, 2018

BOSTON, April 19, 2018Forum Systems Inc., a pioneer in API security technology, today announced the Midwest API Summit, the latest event in the company’s continuing series dedicated to examining the fundamentals of API security.

Taking place Thursday, April 26, from 9:30 a.m. – 4:30 p.m. EDT at the Renaissance Cincinnati Downtown, the Midwest API Summit will feature Forum Systems CTO Jason Macy and other industry experts exploring the best practices in securing API-based architectures. During the event, Forum Systems will showcase how its award-winning Forum Sentry API security gateway is providing the foundation for an effective API security strategy.

Read more