Advancing API Threat Protection

Fresh tracks from the next summit

“The summit is what drives us, but the climb itself is what matters.” – Conrad Anker

I have built my career summiting mountains. Always driving forward. Overcoming obstacles. My companies have advanced markets with innovative solutions and enabled organizations to embrace their own transformations. I have developed a passion for cybersecurity because of the very tangible battle between good and evil, but my companies have never embraced the fear. Each time we advance the state of the art, it has been driven by the desire to “do good” and to enable others to do so as well.

Today is no different. We are witnessing a paradigm shift catalyzed by digital transformation.

Just as my previous work has focused on enabling users to click on anything and restoring trust to digital transformation, my work now is focused on minimizing the friction of digital transformation. From this next summit, we can see clouds stretched across the sky to the horizon.

According to Deloitte’s 2018 global CIO survey, 93 percent say their organization is adopting or considering the cloud.

APIs have become mission critical to digital transformation, but they are ripe for abuse.

“By 2022, API abuses will move from an infrequent to the most-frequent attack vector, resulting in data breaches for enterprise web applications,” reports Gartner API Security: What You Need to Do to Protect Your APIs (Gartner subscription required), by Mark O’Neill, Dionisio Zumerle, Jeremy D’Hoinne, August 28, 2019.

It is clear to me that the API Threat Protection market is inevitable. My goal is to make it purposeful. That is, not only purpose-built for modern application architectures, but also to serve a purpose in the continuous integration and continuous delivery (CI/CD) model. Pragmatically, that means making a developer’s life easier—to make the CIO a hero. It isn’t enough to prevent the bad, we must “do good.”

I am proud to announce the launch of CloudVector as its co-founder and CEO.

CloudVector is the first API Threat Protection platform that enables organizations to move beyond the gateway and firewall as they embrace digital transformation. You could call it a next-generation solution, but until CloudVector the market was waiting for the first generation.

CloudVector is very exciting in this emerging market because of its ability to fill gaps in the multi-billion dollar Web Application Firewall and API Management gateway markets. One of the most frequent complaints about these solutions is that they require manual registration of APIs—and that doesn’t even address shadow APIs. As I posed in my question above, how can you protect APIs if you don’t even know they exist?

I won’t drone on about our product here, but I am going to brag on CloudVector because we are the first API Threat Protection solution that automates the continuous discovery of APIs (and we also monitor and secure). DevOps teams are sure to agree that reducing the friction of digital transformation will enable them to “do good” work of their own.

I would love to show you. Request a live demo.

I also want to take a moment to recognize and thank the rest of the CloudVector founding team. Our CFO, Bob Dykes, is a powerhouse (formerly with Symantec and Juniper). Our CTO, Lebin Cheng, and our VP of Engineering & Threat Research, Ravi Balupari, were both formerly with Netskope and are two of the brightest minds I’ve had the pleasure to work with. Our Chief Architect, Aiguo Fei, has been involved in some of the most ambitious cloud architecture projects in the world. I am surrounded by an extraordinarily talented and experienced team that I have no doubt will continue to advance the state of the art as we continue to transform the industry together.

Look me up on LinkedIn if you would like to connect. And be sure to follow CloudVector on Twitter and LinkedIn too.