Overview

A global banking instituted was having issues managing and deploying API services in order to support rapid expansion and diversification of their business channels. The demands from open Banking and PSD2 in the finance industry have accelerated the growth of APIs making more and more challenging to manage and secure. APIs have been proven to be very effective as a common ‘back-end’ for multiple types of systems but this organization’s  uncontrolled deployment of APIs gave rise to cyber security ‘blind spots’ and unmanaged endpoints.

Issues with Visibility

With this growth of API deployment the company found themselves in a situation where couldn’t scope how many APIs were deployed. This can result in APIs, which act as a path to sensitive business data being insecure, unmaintained and not regularly assessed.

Do you know how many APIs are deployed across your public facing Internet and where?

The Challenge:

It can be difficult to discover APIs as they are ‘headless’ and don’t have a website or other obvious indicator they exist. Many APIs are only discoverable if you interact with the endpoint in the correct manner. If we can’t easily find and track deployed APIs how do we secure them?

Edgescan API discovery process to identify and secure their APIs

API Discovery: Using multi-layer probing techniques

• Multi-layer probing across IP/CIDR ranges designed to detect rogue or unknown deployed API endpoints.
• API Discovery process is a continuous asset profiling service that allows you to understand the API topology deployed across your public internet facing estate.
• With cataloguing and categorising correlation technology, it is possible to find a true inventory of APIs and exposures facing the public internet.
• Our proprietary discovery process runs continuously across your entire estate non-stop, 24x7x365 and alerts you when a newly discovered API has been detected.