New API visibility and security capabilities empower security teams to discover and map their entire API estate and reduce API exposure risks with a 360-degree view of issues in the Orca Platform
Orca Security, the pioneer of agentless cloud security, today announced the industry’s first agentless API Security solution to secure customers against more cloud risks with its unified Cloud Security Platform. The new capabilities provide full inventory of external APIs, API security posture, and API drift detection, allowing security teams to identify, prioritize, and address API-related risks and misconfigurations across cloud environments.
According to Gartner®, “API security challenges have emerged as a top concern for most software engineering leaders, as unmanaged and unsecured APIs create vulnerabilities that could accelerate multimillion dollar security incidents.1”
With new API Security capabilities, Orca Security accelerates its mission of providing complete visibility and coverage of cloud risks through its comprehensive platform offering.
“APIs are an increasingly attractive vector for cyber attackers,” said Avi Shua, co-founder and CEO of Orca Security. “Until now, security teams have been forced to rely on network and agent-based point solutions, which lead to blind spots, scalability problems, performance degradation, and high TCO. New API Security capabilities continue our commitment to innovation, satisfying evolving customer needs with 100% visibility into both managed and unmanaged APIs, combined with deep insights into additional cloud data. Opposed to point solutions, Orca paints the big picture, allowing customers to understand the relationship between API weaknesses and other existing cloud risks just like an attacker does, and prioritize accordingly.”
Orca Security leverages its patented SideScanning™ technology and comprehensive insights into cloud workloads and configurations, as well as dynamic public endpoint scanning to provide security teams with a full inventory of APIs and their security posture. By combining detected weaknesses in APIs with other risks found in cloud environments, such as vulnerabilities, malware, asset and identity misconfigurations, and potentially exposed PII, customers gain the necessary context to understand which API risks are most critical. Key features and benefits of new API Security capabilities include:
- Deeply integrated cloud context: Existing API Security solutions do only that—API Security—with no wider context into cloud misconfigurations, workload vulnerabilities, takeover susceptibility, or other risks. New API Security capabilities augment the Orca Platform’s Unified Data Model to provide contextual awareness into API risks in relation to the entire cloud estate, including the ability to leverage Orca’s new graph visualization as it relates to API Security telemetry.
- Complete inventory of APIs: API Security needs to start with full insight into which APIs are running in the cloud environment. New capabilities provide an extensive view of the API attack surface with a continuously updated inventory including both managed and unmanaged APIs without blind spots.
- API drift detection: Identifying recently added and deleted APIs, and API drift is a challenge. Orca’s new capabilities include a summary of newly added and removed applications, domains, subdomains, API paths, and API operations on those paths—in the last specified number of days.
- API posture management: Orca enables organizations to take preventive steps to reduce the API attack surface. API asset data provided allows security teams to identify, address, and prioritize API risks and configuration-related vulnerabilities.
- Security integrated with developer toolkits: As developers play an increasing role in cloud-native application security, Orca offers the ability to compare a developer’s Swagger file with the security posture of production applications. This allows developers and DevOps teams to partner with security teams to continuously improve the security posture of their applications.
To learn more about Orca Security’s new agentless API Security solution and Cloud Security Platform, please visit our blog post, Multi-Cloud API Security With Continuous Visibility and Risk Management.
1. Gartner, Predicts 2022: APIs Demand Improved Security and Management, 6 December 2021, Shameen Pillai, Jeremy D’Hoinne, and 3 more
GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.
Visit AITechPark for cutting-edge Tech Trends around AI, ML, Cybersecurity, along with AITech News, and timely updates from industry professionals!