CloudVector, the first API Threat Protection platform to go beyond the gateway, announced the launch of its namesake solution, which discovers, monitors and secures APIs to prevent data breaches.
The proliferation of APIs have encouraged threat actors to target this new attack vector, increasing the risk of major data breaches. Existing Web Application Firewall (WAF) and API Management gateways are unable to provide API Threat Protection because of inherent limitations in their architectures.
According to Gartner API Security: What You Need to Do to Protect Your APIs, by Mark O’Neill, Dionisio Zumerle, Jeremy D’Hoinne, August 28, 2019, “Modern application architecture trends — including mobile access, microservice design patterns and hybrid on-premises/cloud usage — complicate API security since there is rarely a single “gateway” point at which protection can be enforced.”
To move beyond the gateway, CloudVector encourages organizations to adopt an API Threat Protection solution that is able to automatically discover APIs, monitor for deviant behavior, and secure data from exfiltration. CloudVector is the first API Threat Protection platform to deliver this full feature set.
“CloudVector delivers API Threat Protection we couldn’t find in any other vendor, without negatively impacting DevOps—it automates tedious manual processes to discover APIs and secure them,” said Abhijit Oak, Vice President, Software Development, Katerra. “This product enables us to simplify our security structure and spend.”
CloudVector arises from ArecaBay, appoints Ravi Khatod CEO
CloudVector, which was formerly known as ArecaBay, also announced the appointment of Ravi Khatod as co-founder and CEO.
Ravi is a seasoned Silicon Valley security executive with more than 15 years of experience focused on building foundational teams and strategy, driving sales success and customer excellence, and delivering market-leading growth at category-defining vendors including IronPort, CipherTrust, and AppSense.
Prior to CloudVector, he served as CEO of Agari, a next-generation email security company, where he drove 300 percent in revenue run rate growth in three years.
“APIs have become mission critical for organizations as they move to the cloud and embrace digital transformation initiatives. Attackers have also recognized this new and broad attack surface. As we’ve seen with recent high profile data breaches API security has become a predominant challenge,” said Khatod.
“The shortcomings of existing gateways represent a multi-billion dollar market opportunity for CloudVector, which is advancing the state of the API Threat Protection market with its solution.”
CloudVector has raised more than $5M in seed funding round led by SignalFire, which it is aggressively investing in the growth of its R&D, sales and marketing teams.
Beyond the gateway: Full-feature API Threat Protection
CloudVector is purpose-built for modern application architectures, and is deployed with zero impact to inline performance, with no changes required to applications or DevOps processes. In fact, CloudVector eliminates the need for manual API specification to deliver immediate time to value.
Key features of CloudVector’s API Threat Protection platform include:
- Discover with API Inspection Modules (AIM) — Fully automated microsensor modules enable the continuous discovery of all APIs connected to enterprise assets—even shadow APIs.
- Monitor with Deep API Risk Trackers (DART) — Deep monitoring modules apply proven Machine Learning to customer-specific API blueprints that drive automatic identification of API risks and, more importantly, real-time detection of reconnaissance attempts.
- Secure with API Response Modules (ARM) — Real-time response modules enforce targeted policies against API abuse—the only solution to entirely address the OWASP API Security Top 10.
According to Gartner API Security: What You Need to Do to Protect Your APIs, by Mark O’Neill, Dionisio Zumerle, Jeremy D’Hoinne, August 28, 2019, “Many API breaches have one thing in common: the breached organization didn’t know about their unsecured API until it was too late. This is why the first step in API security is to discover the APIs which your organization is delivering, or which it consumes from third-parties.”