Last week, cybersecurity company Zenedge announced the release of Zenedge API Security, an API protection solution with full application layer protection. We had the opportunity to talk with Aftab Afzal, head of Zenedge’s EMEA Sales about their API security suite and how it stacks up against competing solutions.
“Zenedge API Security is designed to protect the weakest link in an application’s security armor,” Afzal noted. “Traditionally, security solutions have only protected access to websites, not APIs, but we’ve been looking at the APIs themselves and trying to work with them to expand and customize protection, using our AI and machine learning technology to model behavior of what is normal vs. what is malicious and provide protection.”
As APIs extend their reach into more and more business-critical applications and data stores, they become more attractive targets for malicious users. This trend is reflected in the recent addition of under-protected APIs to OWASP’s 2017 Top 10 Application Security List, as well as the growing number of API security solutions from Distil Networks, Fastly, CloudFlare, and other CDNs and cybersecurity players.
Afzal remarked on what sets Zenedge apart from other solutions: “All of our solutions cover the entire range of the network. They are integrated with each other and work together so we can share intelligence across stack, ensuring that clients have access control, bot protection, and all other aspects of modern security. If you start to separate out security solutions, you lose intelligence. For example, if you know an API is being hit on the edge, you need to know what’s happening to network too–everything has to be integrated. We built from the ground up to make sure that we would have complete visibility to share with customers and integrate into their cloud solutions, which is quite rare.”
A press release from Zenedge added that their API security solution stands out, as many competing API solutions rely solely on IP rate limiting and basic DDoS protection. In contrast, Zenedge API Security’s advanced algorithms vets API requests from authenticated and unauthenticated API calls to determine their legitimacy and block malicious activity. Zenedge API Security also protects against dictionary attacks, API scraping and hijacking, and attacks at the network, transport, and application layers.