SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image

Cequence Security updates to UAP platform to better manage risk

Cequence Security, the API Protection specialist, has announced new updates to the Unified API Protection (UAP) platform that aims to strengthen customers' ability to discover, manage risk and protect APIs.

With the latest capabilities, organisations can rapidly deploy API Security Testing with built-in generative AI automation, protect users from online fraud and operationalise security findings with low-code/no-code workflows.

Ameya Talwalkar, Founder and CEO of Cequence Security, says, "We are always exploring ways to further automate and improve our UAP solution and help our customers consolidate the tools required to stay ahead of the threat actors.

"The updates to our platform continue to set us apart from other point solution vendors in the API security space as we are providing our customers with the only integrated best-of-suite approach to discover, comply, test and protect their APIs."

Talwalkar says, "Today, we are also excited to share we are the first API security vendor to take advantage of the game-changing Generative AI and no-code security automation within our UAP solution to better protect users from online fraud and simplify security findings."

API security testing with generative AI

With the potential of generative AI tools like ChatGPT and Google Bard, Cequence is working to leverage this power to protect data and users from bad actors.

Cequence has added several new capabilities to API Security Testing, including Test Plan generation using a new feature called Intelligent Mode that helps automate the generation of API Security Test Plans using plain English, extending the low-code/no-code approach to test case generation.

Cequence UAP's Intelligent Mode automatically associates the appropriate APIs with the right test cases, given the functionality of that API. This not only drastically reduces the time needed to create a test plan to minutes, as compared to months with other solutions, it also ensures consistent experience across a customer's entire applications and environments.

Several other enhancements include detailed insights and remediation workflows into test failures. The test catalogue now has test cases for the latest OWASP API Top 10 2023. Cequence also empowers InfoSec teams to run API tests outside of CI/CD pipelines, and instead, point attack test suites directly against staging or even production servers.

New fraud prevention capabilities

To enable organisations to protect their APIs from online fraud, Cequence has introduced the Fraud Prevention module in API Spartan. The new module enables organisations to protect their end-customers from online fraud and instantly take action, including blocking transactions and generating enterprise-grade notifications to relevant teams.

Protecting applications and users against online fraud complements the existing capabilities of Cequence to detect and block business logic abuse, account takeover (ATO) attempts, common OWASP API Top 10 security risks and automated malicious traffic.

Operationalise API protection with low-code/no-code security automation

Cequence has introduced out-of-the-box integrations with over 300 third-party apps, including ServiceNow, PagerDuty, JIRA and Slack. Using off-the-shelf connections to these apps, security analysts can ensure security risks or threats are routed promptly to their business teams for remediation.

Security analysts can use a low-code/no-code approach within Cequence to implement the equivalent of an API Security Orchestration and Response (SOAR) workflow, wiring together multiple third-party connections to achieve their desired outcomes.

Using this approach, analysts can operationalise workflows that promptly remediate critical API security risks, such as the discovery of shadow APIs that have access to sensitive data and new security risks of weak authentication or non-conformance to OpenAPI specifications in newly built pre-production CI/CD pipelines, the company states.

Visibility of external facing APIs with API Spyder

New enhancements to API Spyder enable customers to easily identify APIs that are externally accessible, but not entirely protected by Cloud Security Posture Management (CSPM) infrastructure, the company states.

Additionally, this approach offers a seamless complement to API Sentinel's deep insights into runtime API inventory and compliance checking using the OWASP API Security Top 10 and other custom risk categories.

With the latest Unified API Protection platform updates, organisations are able to protect their users from online fraud, operationalise security findings with low-code/no-code API SOAR-like workflows and rapidly deploy API Security Testing with built-in Generative AI automation.

These capabilities continue to set Cequence apart from other point API security, bot management, anti-fraud and WAF vendors by having the industrys first and only Unified API Protection platform that covers the entire API lifecycle. With UAP, customers can discover with API Spyder, comply with API Sentinel and protect with API Spartan.

Follow us on: