Harness today unfurled a cloud web application and application programming interface (API) protection (WAAP) platform that makes it simpler for security operation (SecOps) teams to defend application environments.
Based on the Traceable API security platform that Harness acquired earlier this year, the Traceable WAAP platform also provides bot mitigation tools and an ability to thwart distributed denial of service (DDoS) attacks.
Sudhir Patamsetti, senior director of product management for cybersecurity at Harness, said the Traceable WAAP makes it simpler for SecOps teams to address cybersecurity issues after applications and their associated APIs have been deployed.
That’s especially critical at a time when many cybersecurity teams are moving to unify web applications and API security, he added.
Historically, the challenges associated with defending web applications and APIs have been twofold. The first is that web applications are built by application developers who may not have much cybersecurity expertise. As such, there tend to be a lot of internet-facing vulnerabilities that are easily exploitable.
The second issue is that the APIs that have been deployed are equally vulnerable for the same reasons. Cybercriminals have become more adept in recent years at using those APIs to exfiltrate data. More challenging still, there are also rogue APIs that developers have exposed without anyone on the cybersecurity team knowing they exist. Finally, there are also zombie APIs that are no longer being actively maintained but remain accessible simply because no one remembered to remove them.
The APIs are also playing a pivotal role in enabling access to artificial intelligence (AI) services that are now also being increasingly targeted by cybercriminal syndicates.
Harness, to address those issues, is making a case for an integrated platform that discovers APIs by monitoring traffic, encrypted flows and code repositories. It then applies risk scores to those use cases in addition to making it possible to detect anomalies and even apply digital fingerprints to previously seen attack vectors.
Additionally, Traceable WAAP can be integrated into the continuous integration/continuous delivery (CI/CD) platform used to build and deploy web applications and APIs as well as API gateways, load balancers, or directly within application code using lightweight agents that Harness provides.
Finally, IT teams can also securely route traffic to a content delivery network (CDN) that Harness also makes available.
Collectively, those capabilities make it simpler for organizations to bridge the divide that often exists between cybersecurity teams and the teams that build and deploy their applications and APIs, said Patamsetti.
It’s not clear to what degree organizations are increasing their investments in application security, but it’s become apparent that cybercriminals are shifting their focus to exploiting weaknesses in software. Successful attacks against those applications enable cybercriminals to also compromise the underlying IT infrastructure.
Hopefully, as application security continues to improve, the number of breaches that cybersecurity teams need to respond to should decline. The challenge, as always, is often simply determining the true size of the attack surface that needs to be defended.
