Automating the API Security Lifecycle – An Interview with Subbu Iyer of Cequence Security

Cequence Security is pioneering innovation in the API security space, and Subbu Iyer, the company’s VP of Product Management, provided a comprehensive understanding of the company’s approach during a recent conversation. His insights offer a fresh perspective on how organizations can safeguard their API footprint against increasingly sophisticated cyber threats.

Understanding the API Security Lifecycle

API security is not a singular problem, but rather a spectrum of concerns that span the entire API security lifecycle. In most cases, organizations begin by addressing immediate pain points such as threat protection, often following an experienced attack, and then gradually move towards a more comprehensive API security posture.

In Cequence’s model, this is a common use case, especially if an organization realizes that it is under attack and wants to put in immediate defense mechanisms to protect their assets. When an organization is under attack, immediate action is necessary to protect APIs. This is achieved by first detecting and then mitigating the threat by using Cequence’s API Spartan. Next, customers typically focus on ensuring API compliance with security best practices, for example by using Cequence’s compliance solution, API Sentinel. The final phase is then the discovery of all APIs using API Spyder, a solution provided by Cequence – putting together all critical puzzle pieces of robust API security in one unified platform.

Organizations may move their focus either from left to right along the API security lifecycle (from API discovery to threat protection) or the other way around based on their immediate needs. For instance, an organization may first plug an immediate gap in threat protection and then focus on compliance and discovery for robust API security hygiene.

What makes Cequence’s approach unique is its holistic attention to every aspect of the API protection lifecycle we just outlined. In the threat protection phase, Cequence provides native protection against malicious traffic. Unlike competitors who merely identify bad activity on an API and then push out IP addresses to a customer’s Web Application Firewall (WAF), Cequence’s solution offers more efficient and robust protection.

When it comes to compliance, Subbu described how Cequence utilizes innovative technologies like generative AI to make the security leaders’ lives easier and to reduce manual tasks.

The discovery phase is where Cequence truly distinguishes itself. Subbu pointed out that Cequence is the only vendor that specializes in ‘outside-in’ discovery. The company uses DNS techniques and proprietary ML-based methods to probe domains and discover APIs without needing to install anything on the customer’s environment.

No Code Automation – Operationalizing API Protection

Subbu highlighted a particularly helpful feature of Cequence’s platform: no-code automation. This allows organizations to generate automated workflows in response to detected malicious API activity.

Consider a scenario where an enterprise discovers that a hidden API, which has access to sensitive customer information, is under attack. The security team might want to page their operations team, put a hold on the API, block access from certain IP addresses, and carry out other tasks in response. With Cequence’s no-code automation feature, they can set up this entire workflow within the platform, saving valuable time and streamlining their response.

In conclusion, the conversation with Subbu of Cequence Security underscored the importance of a lifecycle approach to API security. Cequence’s innovative solutions, leveraging advanced technologies and unique features like AI and no-code automation, offer a comprehensive and effective approach to securing APIs. It’s clear that the company has carved a distinct place for itself in the API security space, and it will be interesting to see what new innovations they bring to the market in the future.


No posts to display