API Security

RSAC 2020 Survey — API Security Attitudes & Trends

  CloudVector attended RSA Conference 2020 to exhibit in the Early Stage Expo, a specialized pavilion for up-and-coming cybersecurity vendors away from the hustle and bustle of the main show floor. The Early Stage Expo can only be accessed by RSA Attendees or those with Expo Plus badges, so the conversations are much more likely …

RSAC 2020 Survey — API Security Attitudes & Trends Read More »

Digging Deep to Defend Against Docker API Abuse

  Another day, another API breach adds to the growing chorus against API vulnerabilities. The attack we speak about this time is targeting publicly exposed Docker APIs, leveraging the victim infrastructure for illegitimate cryptocurrency mining. Way to ruin Thanksgiving for Docker Admins, I say! In this blog, we describe the attack targeting Docker API endpoints …

Digging Deep to Defend Against Docker API Abuse Read More »

CloudVector Launches API Threat Protection

CloudVector Advances State of API Threat Protection with Automated & Continuous Discovery ArecaBay rebrands as CloudVector, appoints Ravi Khatod CEO, gains $5M funding; CloudVector discovers, monitors and secures APIs to prevent data breaches LOS ALTOS, Calif., Nov 12, 2019 — CloudVector, the first API Threat Protection platform to go beyond the gateway, today announced the …

CloudVector Launches API Threat Protection Read More »

Time to Think Beyond Access: 3 Lessons from Capital One Data Breach

On July 19, 2019, Capital One determined that an outside individual gained unauthorized access and obtained certain types of personal information about Capital One credit card customers. That week the internet was abuzz with the information related to Capital One Data Breach. Around 30 GB of data was breached. It is estimated to consist of …

Time to Think Beyond Access: 3 Lessons from Capital One Data Breach Read More »

Microservices Needs API Security, but API Security Should Not Depend on Microservices

APIs are the interconnect protocol in microservices architectures, and for this reason, API Security is an essential component of microservices security, besides, of course, the service platform security and container security itself. However, microservices architectures present opportunities and challenges for API Security implementation: API calls between services usually go through proxies and/or other virtual components …

Microservices Needs API Security, but API Security Should Not Depend on Microservices Read More »

Advanced Microgateway Functions in a Service Mesh without Adding Gateways

A recent Gartner report (ID G00373257) defines elegantly a general Service Mesh architecture and how a set of microgateways are needed for East/West or lateral API mediation (Figure 1). Figure 1. (source Gartner Report) A few things worth highlighting in this architecture: The definition of Service Mesh isn’t limited to containerized microservices. It contains Miniservices, monolithic …

Advanced Microgateway Functions in a Service Mesh without Adding Gateways Read More »

What Went Down At USPS Data Breach? Only CloudVector Could Have Prevented

A Data Exposure flaw at the United States Postal Service (USPS) website was disclosed last week by Brain Krebs from KrebsonSecurity. The flaw was identified in the APIs exposed by a web component on the USPS website and potentially exposed data from 60 Million users. This blog does a quick rundown of how the flaw could be …

What Went Down At USPS Data Breach? Only CloudVector Could Have Prevented Read More »

A Case For Securing API Actions. What Words Of Wisdom Two Thousand Years Ago Can Teach Us About APP Security

Confucius taught us more than 2000 years ago: “Listen to his claims, but watch his actions.” Things are not what they claim to be. Such words of wisdom speak volume in light of the most recent Facebook access token leak. According to one of Facebook’s blog, a large number of access tokens were potentially stolen …

A Case For Securing API Actions. What Words Of Wisdom Two Thousand Years Ago Can Teach Us About APP Security Read More »