fbpx
Techitup Middle East
B2B TechnologyCybersecurity

Qualys Launches its API Security Platform

Qualys has announced the launch of its API security platform that leverages AI-powered scanning and deep learning-based web malware detection to secure web apps and APIs across the entire attack surface. This includes on-premises web servers, databases, hybrid, multi-cloud environments, API gateways, containerized architectures, and microservices. 

APIs are integral to digital transformation initiatives across industries. The latest data indicates that over 83% of web traffic now comprises API traffic, highlighting their critical role in modern web applications using microservices, cloud, and hybrid environments. However, this also underscores the vulnerabilities that accompany their widespread adoption.  

Qualys API security addresses and allows organizations to:  

  • Measure API risks across all attack surfaces with a unified view of API security by discovering & monitoring every API asset across diverse environments, enabling better decision-making and faster response times. 
  • Communicate API risks like OWASP API Top 10 vulnerabilities & drift from OpenAPI specs with real-time threat detection and response, minimizing the risk window and enhancing overall security. 
  • Eliminate API risks with integrated workflows supporting Shift-Left & Shift-Right practices, bridging the gap between IT and security teams, promoting seamless collaboration, and improving operational efficiency. 

Key features of Qualys API 

1. Comprehensive API discovery and inventory management 

Qualys WAS with API Security automatically identifies and catalogs all APIs within an organization’s network, including internal, external, undocumented, rogue, and shadow APIs. Whether APIs are deployed in multi-cloud environments (AWS, Azure), containerized architectures (Kubernetes), or API gateways (Apigee, Mulesoft), Qualys’ continuous discovery ensures an updated inventory across all platforms, preventing unauthorized access points and shadow APIs. 

2. API vulnerability testing & AI-powered scanning 

Qualys provides comprehensive API vulnerability testing using 200+ prebuilt signatures to detect API-specific security vulnerabilities, including those listed in the OWASP API Top 10, such as rate limiting, authentication & authorization issues, PII collection, and sensitive data exposure. Moreover, for large applications, Qualys combines the power of deep learning and AI-assisted clustering to perform efficient vulnerability scans. This smart clustering mechanism targets critical areas, achieving a 96% detection rate with an 80% reduction in scan time. 

3. API compliance monitoring 

Qualys performs both active and passive compliance monitoring to identify and address any drift or inconsistencies in API implementation and documentation in adherence to the OpenAPI Specification (OAS v3). Clear, standardized API documentation, in adherence to OAS, ensures that shared documentation is easily understood by recipients, simplifies security assessments and enforcement, and enhances the accuracy of code, benefiting both automated tools and human developers. Qualys also continuously monitors APIs for compliance with industry standards such as PCI-DSS, GDPR, and HIPAA to ensure that APIs remain compliant with evolving regulations, avoiding potential fines and enhancing data protection. 

4. API risk prioritization with TruRisk™ 

Qualys leverages its proprietary TruRisk™ scoring system, which integrates multiple factors such as severity, exploitability, business context, and asset criticality to prioritize risks based on overall business impact, ensuring that the most critical vulnerabilities are addressed first. It also categorizes risks based on the OWASP API Top 10, helping organizations focus on the most prevalent and severe API security threats. 

5. Seamless integration with Shift-Left and Shift-Right workflows 

Qualys integrates seamlessly with existing CI/CD tools (e.g., Bamboo, TeamCity, Github, Jenkins, Azure DevOps) and IT ticketing systems (e.g., Jira, ServiceNow), supporting both shift-left and shift-right security practices. This facilitates automated security testing and real-time threat detection and response without disrupting development workflows. By bridging the gaps between IT and security teams, Qualys ensures smoother operational transitions, improving API security practices and reducing the risk window. 

Interested parties can read more about the new launch here

Related posts

BeyondTrust Achieves ISO 27001:2022 Certification, Enhancing Commitment to Customer Security

Editor

SentinelOne Powers Broadest Insurance Ecosystem in the Market 

Editor

Entrust Unveils Zero Trust Solutions for Enhanced Security

Editor

Leave a Comment