API Gateway

Four Pillars of API Security

By | Date posted: August 18, 2017

API Security is complex! Vendors like Forum Systems, IBM, CA and Axway have invested almost 2 decades of engineering effort and significant capital in building API Security stacks to lockdown APIs. The API Security stack diagram shown below is essential for rapidly locking down APIs. In this article, we review “The Four Pillars of API Security” — SSL, Identity, Content Validation and Architecture.

API Security Stack

Before addressing the Four Pillars of API Security, it is essential to recognize that a robust PKI is a must for enterprise-grade API Security. Without proper key life-cycle management, the API Security Pillars cannot be built.

Once a solid PKI foundation is in place, an organization can build API Security Pillars on this foundation. Without a robust PKI foundation to stand on, API security pillars will collapse. With a solid foundation and strong pillars, a corporation’s API attack surface area is significantly reduced. To deploy API Security, we recommend the following four pillars:

Read more

PSD2: An Open Concept in Banking Mandating the Use of APIs

By | Date posted: April 25, 2017

A revolution is occurring in European banking and APIs are leading the way.

Adopted in 2007, the Payment Services Directive (PSD) “provides the legal foundation for an EU single market for payments, to establish safer and more innovative payment services across the EU.” Legislated by the European Commission, the objective of the PSD “is to make cross-border payments as easy, efficient and secure as ‘national’ payments within a Member State.”

To accommodate the rapid rise of new online payment providers – third-party payment providers (TPPs) – the European Commission proposed a revision in 2013. Building on the PSD’s key principles, PSD2 was ‘born’ to make payments safer and more secure, enhance consumer protection, foster innovation and promote competition while ensuring a level playing field for all payment service providers.

In force since 2016, EU Member States must implement PSD2 by January 2018.

Read more

Forum Systems Teams with Trustis to Deliver API Security Solutions on the G-Cloud 7 Framework

By | Date posted: January 26, 2016

Strategic Partnership Enables UK Government Agencies to Procure Leading API Security Management Technology on Crown Commercial Service’s Digital Marketplace


 

BOSTON, January 26, 2016 – Forum Systems Inc. today announced a strategic partnership with Trustis to deliver its award-winning API Security Management platform to UK public sector organizations on the G-Cloud 7 framework. Forum Sentry, which serves as the foundation of Trustis’ API Management & Cloud Gateway solution, can now be obtained in the Crown Commercial Service’s (CCS) online catalog, the Digital Marketplace. Read more

Forum Systems Drives Secure Enterprise-to-Cloud Integration with Industry-first Google Analytics, Policy and Identity Capabilities

By | Date posted: December 8, 2015

New Features Advance State-of-the-Art in API Security Management

BOSTON, December 8, 2015 – Forum Systems Inc. today announced significant enhancements to its flagship Forum Sentry API Gateway that enable enterprises to achieve seamless, secure integration with multiple cloud providers while satisfying users’ ever-increasing demands for anytime, anywhere mobility through the flexibility of Single Sign-On (SSO).

Read more

Forum Systems to Participate at ISSA International Conference and SC Congress Chicago

By | Date posted: October 12, 2015

Company to Showcase Industry-Leading API Security Management Technology

BOSTON, October 12, 2015 – Forum Systems Inc. announced today that it will be showcasing its award-winning API Security Management solutions at key cybersecurity events, including the 2015 ISSA International Conference and SC Congress Chicago.

Read more

KuppingerCole Names Forum Systems a Leader in API Security Management

By | Date posted: August 26, 2015

Premier Analyst Firm Recognizes Forum Systems as the Only API Management Vendor “with a Primary Focus on Security” 

Lauds Company as Top Vendor in Product and Innovation Categories

Forum Systems Inc. announced today that leading European analyst firm KuppingerCole has named the company an Overall Leader in its July market analysis of API Security Management solutions. Read more

Forum Systems to Showcase Award-Winning API Gateway at AFCEA Defensive Cyber Operations Symposium

By | Date posted: June 10, 2015

Forum Systems announced today that it will be showcasing its award-winning API Gateway, Forum Sentry, at the 2015 AFCEA Defensive Cyber Operations Symposium in Booth # 3014. Taking place June 16-18 at the Baltimore Convention Center, the event is designed to promote collaboration between government and industry partners in order to improve security and better defend the cyber mission space. Read more

OpenSSL Security Vulnerabilities and other C-based Risks

By | Date posted: April 11, 2014

One of the most significant OpenSSL security vulnerabilities is the latest Heartbleed OpenSSL security flaw (CVE-2014-0160). This OpenSSL security vulnerability is again a re-affirmation that usage of C-based security modules by an enterprise company greatly increases its risk posture. You can be certain that IT security folks out there felt that they were making the right architectural decisions to secure the enterprise. The problem isn’t the intent, the problem is the premise. Applications, wrapped in security band-aids , is not a sound enterprise risk mitigation strategy. Sure, Apache and OpenSSL are widely available and have been around for a long time, but look where it has led us.

Read more