Cequence is excited to announce the latest release of our Unified API Protection (UAP) platform, version 7.3. This release has big new features and updates to existing capabilities, so let’s take a tour. The major feature categories include:

• New Summary Dashboard
• New API Inventory Page
• New Integrations
• New ML-based Threat Classification
• Automated AI Bot Detection and Mitigation
• API Gateway and Infrastructure Attack Surface Discovery
• New Cequence User Community Forum

New Summary Dashboard

Our new summary dashboard provides a comprehensive overview of your API environment. It highlights critical discovery, compliance, and threat metrics including:

• Number of API hosts discovered compared to the total monitored hosts
• Inventory of internal, external, and third-party APIs
• Total API risk issues detected, including run-time risks and build-time compliance test failures
• Statistics on malicious traffic, detailing threat types and sources

This dashboard simplifies monitoring for technical personnel and decision-makers, ensuring key insights are easily accessible.

New API Inventory Page

The new API Inventory page offers improved usability for security teams and their common workflows. Key features include:

• A simple, tabular view of the entire API inventory, with filtering options by API type and attributes
• Customizable views of APIs categorized as internal, external, or third-party
• Generation of API specifications for undocumented APIs
• Management of shadow APIs and API compliance drift
• Summary of risk findings, including sensitive data exposure

The new API Endpoint Details page reveals API usage statistics and payload analysis, including parameter discovery, aiding in compliance and security evaluations.

Powerful New Integrations

Cequence integrates with your existing security and networking infrastructure to support API discovery and added convenience. New integrations include:

• Outbound Network Technologies: Cequence is the first API security vendor to introduce integrations with outbound network technologies, enabling the discovery of API callouts from customer-owned applications, surfacing third-party API suppliers and potential security risks
• F5 High-Speed Logging (HSL): Integration with F5 gateways using HSL to discover and protect APIs without additional TLS terminations
• Citrix ADC Content Inspection: Leverages Citrix mirroring technology to integrate with Citrix ADC gateways using Citrix content inspection capabilities
• WSO2 API Gateway: Inline and passive integrations for API discovery and protection
• Serverless Application Integrations: Native support for AWS App Runner, Azure Container Apps, and GCP Cloud Run, enhancing discovery and protection of APIs within containerized applications

Advanced ML-Based Threat Classification

Another feature unique to Cequence, our ML-based threat classification automatically categorizes mitigated API threats based on endpoint, source, and behavior patterns. This capability can also profile industry-specific threats such as:

• Telecom: CPNI enumeration, Device port-in fraud
• Retail: Inventory abuse, Shopping cart abuse
• Financial Services: Credit application fraud, Payment fraud

This ML-based classification automatically learns and profiles API attacks including, but not limited to:

• Account takeover
• Fake account creation
• CPNI enumeration
• Account management abuse
• Inventory scalping
• Flash sale abuse
• Loyalty rewards abuse

Automated AI Bot Detection and Mitigation

In response to the surge in AI bot activities, Cequence UAP 7.3 introduces automatic identification of AI bot activity. Security teams can now easily detect and mitigate unwanted AI bot interactions with configurable policies. Our continuously updated list of global AI bots ensures your defenses remain current without manual updates.

Expanded Attack Surface Detection

API Spyder now includes automatic discovery of API gateways and infrastructure components, identifying potential shadow API deployments. This feature discovers and identifies gateways from providers including MuleSoft, Apigee, and Envoy, including those deployed on cloud providers such as AWS and Azure. The detection algorithms can be customized or built from scratch by the customer to ensure the highest accuracy. Cequence is the only API security vendor that provides this level of functionality without requiring any network or software changes.

Additional Platform Enhancements

• Global Domain Crawling: Expanded to include EMEA/UAE regions, with proxy support for comprehensive global coverage
• OWASP API Security Top 10 2023: Default rules updated to the latest standards, with customizable configurations
• Data Extraction Search: Enables searching directly from the UAP Data Extraction page

New Cequence User Community Forum & Helpdesk

Last but not least, we’re excited to unveil our new user community forum at Cequence Helpdesk Portal. This platform offers:

• Modern design and streamlined navigation
• Enhanced documentation access
• Improved user experience
• Community engagement for sharing best practices and insights
• Cequence Certified Administrator training courses

Stay tuned for more updates! If you’re an existing customer, contact your Customer Success manager for more details. If you’re not yet a customer, we’d love to chat! Book a personalized demo here.

The post Advancing API Security and Bot Management with Cequence UAP v7.3 appeared first on Cequence Security.

*** This is a Security Bloggers Network syndicated blog from Cequence Security authored by Jeff Harrell. Read the original post at: https://www.cequence.ai/blog/cequence-product-news/unified-api-protection-7-3/