Dinesh Mistry

Dinesh Mistry is VP of Operations, CloudVector, where his work supports every aspect of its next-generation API security solution, from sales & marketing to engineering & product management. Dinesh has more than 20 years of cybersecurity experience focused on customer growth, including Agari, Bromium, and McAfee. He earned his BS in computer science from the New Jersey Institute of Technology.

Digging Deep to Defend Against Docker API Abuse

  Another day, another API breach adds to the growing chorus against API vulnerabilities. The attack we speak about this time is targeting publicly exposed Docker APIs, leveraging the victim infrastructure for illegitimate cryptocurrency mining. Way to ruin Thanksgiving for Docker Admins, I say! In this blog, we describe the attack targeting Docker API endpoints …

Digging Deep to Defend Against Docker API Abuse Read More »

CloudVector Launches API Threat Protection

CloudVector Advances State of API Threat Protection with Automated & Continuous Discovery ArecaBay rebrands as CloudVector, appoints Ravi Khatod CEO, gains $5M funding; CloudVector discovers, monitors and secures APIs to prevent data breaches LOS ALTOS, Calif., Nov 12, 2019 — CloudVector, the first API Threat Protection platform to go beyond the gateway, today announced the …

CloudVector Launches API Threat Protection Read More »

Time to Think Beyond Access: 3 Lessons from Capital One Data Breach

On July 19, 2019, Capital One determined that an outside individual gained unauthorized access and obtained certain types of personal information about Capital One credit card customers. That week the internet was abuzz with the information related to Capital One Data Breach. Around 30 GB of data was breached. It is estimated to consist of …

Time to Think Beyond Access: 3 Lessons from Capital One Data Breach Read More »

Microservices Needs API Security, but API Security Should Not Depend on Microservices

APIs are the interconnect protocol in microservices architectures, and for this reason, API Security is an essential component of microservices security, besides, of course, the service platform security and container security itself. However, microservices architectures present opportunities and challenges for API Security implementation: API calls between services usually go through proxies and/or other virtual components …

Microservices Needs API Security, but API Security Should Not Depend on Microservices Read More »

Advanced Microgateway Functions in a Service Mesh without Adding Gateways

A recent Gartner report (ID G00373257) defines elegantly a general Service Mesh architecture and how a set of microgateways are needed for East/West or lateral API mediation (Figure 1). Figure 1. (source Gartner Report) A few things worth highlighting in this architecture: The definition of Service Mesh isn’t limited to containerized microservices. It contains Miniservices, monolithic …

Advanced Microgateway Functions in a Service Mesh without Adding Gateways Read More »

A Case For Securing API Actions. What Words Of Wisdom Two Thousand Years Ago Can Teach Us About APP Security

Confucius taught us more than 2000 years ago: “Listen to his claims, but watch his actions.” Things are not what they claim to be. Such words of wisdom speak volume in light of the most recent Facebook access token leak. According to one of Facebook’s blog, a large number of access tokens were potentially stolen …

A Case For Securing API Actions. What Words Of Wisdom Two Thousand Years Ago Can Teach Us About APP Security Read More »

Toppling The App Jenga Tower – Pulling The API Parameter Piece

All of us have seen Jenga, Topple the Tower game. Today’s enterprise applications very much resemble the tower with a myriad of services and their instances each glued together by APIs much like the wooden blocks. Un-aware to the enterprise is the fact that it doesn’t take much for an adversary to break these APIs if …

Toppling The App Jenga Tower – Pulling The API Parameter Piece Read More »