Blog

2014-2018 – Has API Security Changed? Yes and No.

By | Date posted: November 15, 2018

Application programming interface (API) security remains a hugely overlooked issue, but Forum Sentry remains on top of its game. Let’s take a trip down memory lane from one glowing 2014 SC Magazine review, to our latest radiant review from CSO’s John Breeden.

2014

Let’s set the scene. The Pharrell Williams song “Happy” was topping the charts, the last season of Mad Men premiered, Kim Kardashian attempted to break the internet (seems to still be running on our end), and everyone was going crazy over the new iPhone 6 #Bendgate.

In the API security world, it was also the year of “The Snappening.” Hackers attacked third-party applications that connect to Snapchat via an unsecured API. The result: 90,000 photos that were presumed to be deleted were leaked. This was the cherry on top of a sad Snapchat sundae – earlier that year, hackers stole millions of Snapchat usernames and phone numbers.

2018

The year isn’t over quite yet, but some of the top pop culture stories have included the rise and fall of SNL’s Pete Davidson and chart-topper Ariana Grande’s engagement (as well as who gets to keep Piggy Smallz), spoilers and speculation surrounding Avengers: Infinity War made their way around the internet, and as of last week, the man who played Big Bird and Oscar the Grouch for nearly 50 years retired.

Surely, we’ve learned to secure our APIs by now, right? Despite Google’s acquiring of the Apigee API Management Platform and handsome spending for a Gartner Magic Quadrant dot,  Google+ is back in the headlines after an announcement that effectively put the final nail in the social platform’s coffin. In addition to shuttering the service, Google announced that an API bug exposed the details of 500,000 users. Oh, and Google chose not to disclose the breach for six months. Perhaps Google is wishing they had listened to our repeated warnings that API Management is not API Security.

So, what have we learned?

It sure doesn’t seem like much, but the good news is that API security awareness is on the rise. It’s largely due to the increased number of high-profile hacks hitting the headlines, but better late than never, right? API developers are focusing in on discovering and analyzing how customers are interacting with their APIs, and API security is moving from an afterthought to a key part of the development process.

As John Breeden writes, “The unsung hero of today’s modern networks is the API, the tiny programs and protocols that act as the bridges bringing users, networks, systems and information together.”

We couldn’t agree more, which is why we designed the Forum Sentry API Security Gateway with security in mind to help your company stay out of the data leak headlines.

So, does Forum Sentry still live up to its 2014 SC Magazine review? CSO seems to think so. Here are some of the highlights from John’s 2018 Forum Sentry review:

  • Easy Install: “Installing Forum Sentry is relatively easy… Administrators simply need to point programs at the gateway and define what types of connections are allowed.”
  • API Management: “The Forum Sentry API Security Gateway from Forum Systems takes a novel approach, using an appliance to link everything from modern to legacy systems, while also hardening and monitoring those connections to keep them free from compromise or tampering. And, by protecting the APIs and enforcing security policies on those connections, it can also protect the core network.”
  • Visualization: “Examining every aspect of a security policy can be done from within the main console, where a graphical interface makes all the interactions easy to comprehend and visualize.”
  • Powerful Single Sign On: “One thing that makes Forum Sentry so powerful is the fact that almost every conceivable legacy protocol and program type has been built into the appliance. The Forum Sentry API Security Gateway’s access control abilities are impressive, but it goes beyond access control and deep into security, monitoring all those connections that it forms and enforcing very granular security policies. It can even be used as part of a single sign on program, since it can control all aspects of connectivity and user access. Any organization with a large network can find a good use for Forum Sentry to help protect their APIs, connections and users.”

Want to learn more? Reach out to info@forumsys.com to discover what the unique qualifications of the Forum Sentry API Security Gateway can do for your organization to secure your APIs (and your API Management Platforms) once and for all.

 

Related content:

Leave a Comment