Problem Statement:
Enterprises are deploying API services in order to support rapid expansion and diversification of their business channels.
Open Banking and PSD2, for example, in the finance industry have accelerated this growth further.
APIs have been proven to be very effective as a common ‘back-end’ for multiple types of systems be they B2B or B2C services. Uncontrolled deployment of APIs can give rise to cyber security ‘blind spots’ and unmanaged endpoints.
Visibility:
With this growth of API deployment many enterprises find themselves in a situation where they don’t know how many or where APIs are deployed across the enterprise. This can result in APIs, which act as a path to sensitive business data being insecure, unmaintained and not regularly assessed.
Do you know how many APIs are deployed across your public facing Internet and where?
The Challenge:
It can be difficult to discover APIs as they are ‘headless’ and don’t have a website or other obvious indicator they exist. Many APIs are only discoverable if you interact with the endpoint in the correct manner. If we can’t easily find and track deployed APIs how do we secure them?
Edgescan API discovery:
API Discovery: Using multi-layer probing techniques
- Multi-layer probing across IP/CIDR ranges designed to detect rogue or unknown deployed API endpoints.
- API Discovery from edgescan™ is part of the edgescan™ continuous asset profiling service that allows you to understand the API topology deployed across your public internet facing estate.
- With cataloguing and categorising correlation technology, it is possible to find a true inventory of APIs and exposures facing the public internet.
- Our proprietary discovery process runs continuously across your entire estate non-stop, 24x7x365 and alerts you when a newly discovered API has been detected.