CloudVector Enterprise Edition

Discover, Monitor, Secure All APIs

Autonomous API Visibility and Protection

CloudVector solution enables a fully autonomous - automated and continuously adaptive - three step process to API Security: Discover/Monitor/Protect.

The CloudVector API Inspection Modules (AIM) uses fully automated microsensor modules to enable the continuous discovery, and risk assessments of all APIs. 

Deep API Risk Trackers (DART) apply AI/ML to auto-generate and update policies based on customer-specific API blueprints to monitor for API risks and real-time detection of reconnaissance attempts.

The CloudVector API Response Modules (ARM) enforce targeted policies against API abuse in real-time. 

Architecture

Placeholder

Live API Catalog

Industry’s first and only fully auto-discovery of API specs without any dependency on specs manually created by developers. Auto-discovery allows continuous up-to-date API blue-prints

Autonomous Policies

Always up-to-date API blueprints allow advance, targeted policies to be generated/updated without human intervention. Autonomous policies capable of detecting and protecting against deep API data level abuses help protect against API level data breaches.

Zero Impact and Flexible Deployment

CloudVector is purpose-built for modern application architectures, and is deployed with zero impact to inline performance, with no changes required to applications or DevOps processes.

Sidecars, Tap, and plug-ins in a micro-service and conventional VM app environment

Message bus consumer and serverless extension

INSPECTION MODULE
Function Form Deployment
• Out-of-band

• Zero impact to app

• Low footprint (<1% CPU, ~40MB memory)

• Managed by controller

• Programmable by policy

• Capture and filter API calls to generate • API Call Event

• Monitor for anomalies

• Micro-service pod sidecar sniffer • Container image, auto-deployed
• No special privilege
• Part of Inline Protection Policy • Deployed as part of a proxy chain
• Proxy Log Consumer (e.g. F5 High Speed Log) • Standard web service listen to a customizable port (> 1024)
• Sniffer process alongside application process • Require to run with local system privilege for package capture
• Virtual tap VM • Virtual SPAN tap VM
• No special privilege
• Lambda Layer/Edge • Script installed as a Lambda layer
• Kafka Message Consumer • Standard message consumer
• No special privilege
PROTECTION MODULE
Function Form Deployment
• Take targeted action in response to anomaly and policy violation

• ID Management call back does not require inline deployment

• Inline Proxy • Deployed as an inline reverse proxy
• Lamda Layer • Script installed as a Lambda layer
• ID Management integration callback • Callback from controller
• Require token to invoke idM APIs
CONTROLLER
Function Form Deployment
• Dashboard + Policy Engine

• Manage all Inspection Modules and Protection Modules

• Container images for Kubernetes env.

• Single VM image

• Service listen on set of configurable ports

• All communication secured via mTLS

Features

Feature CloudVector Enterprise Edition
API Spec Risk Assessment Integrate into CI/CD
Features CloudVector Enterprise Edition
API Insights Full
API Live View Yes
API Catalog Yes
Features CloudVector Enterprise Edition
API Recording Yes
API Spec Generation – OpenAPI/Swagger 2.0 Format Yes
API Spec Generation – OpenAPI 3.0, RAML Yes
Integration with your CI/CD Pipeline Yes
API Gateway on-boarding Yes (Apigee)
Features CloudVector Enterprise Edition
Kubernetes Yes (MS AKS, AWS EKS, GCP GKE, Self-deployed Kubernetes Clusters)
VM Yes (OS – RedHat, CentOS, Ubuntu, Windows. AWS EC2, Azure Virtual Machine, GCP Compute Engine, Private Data Center)
Nginx Yes
Envoy Yes
F5 Yes
Heroku Yes
AWS Serverless Yes (Lambda)
Virtual SPAN & Tap Yes
Network Tap Yes
Features CloudVector Enterprise Edition
API Design Risks Yes
API Security Risks Yes
Features CloudVector Enterprise Edition
Metrics for basic targets Yes (Targets – Requests, Response Latency, Response Codes, Packet Counts, Total Bytes; Dimensions – API Endpoint, Service IP, Host)
Metrics for advanced targets Yes (Targets – Response Latency, Response Codes, Packet Counts, Packet Size Distribution, Total Bytes; Dimensions – API Payload Keys and Key+Values)
Integration with your APM or 3rd Party Products Yes (Prometheus, Datadog, Splunk, SumoLogic, Grafana)
Features CloudVector Enterprise Edition
Advanced Security Policies Yes
Features CloudVector Enterprise Edition
Anomaly Detection Yes
Features CloudVector Enterprise Edition
OWASP API Top 10 Yes
Features CloudVector Enterprise Edition
Advanced Correlation & Tracing Yes
Features CloudVector Enterprise Edition
IDP Integration Yes
In-line response policy actions Yes
Integration with API Gateways Yes (Apigee, Kong, Mulesoft)
Features CloudVector Enterprise Edition
Standalone Yes
CloudVector Hosted Yes
Hybrid – Standalone + Hosted Yes

Request Demo Below

Connect with CloudVector to schedule a quick 15 minute demonstration of our Secure API Platform