Concept: California’s security software startup Cequence Security has rolled out an ML-based application programming interfaces (API) security platform that protects users’ APIs and web-based applications from automated bot attacks and vulnerability exploits. The startup claims that the new platform unifies API discovery and inventory tracking with risk analysis, remediation, and real-time threat prevention across any cloud platform. The startup claims that the new platform serves over 85 brands globally and protects two billion API transactions per day.
Nature of Disruption: The startup leverages its patented ML-based analytics engine CQAI to discover APIs, analyze their risk posture, and detect and prevent threats. The CQAI has various features including application source profiling, credential stuffing detection, source IP reputation analysis, source tools profiling, and behavioral fingerprinting. The new security platform includes the API Sentinel feature, which provides visibility and monitoring of organizations’ internal and external APIs. It can integrate with the organizations’ API management infrastructure and continuous integration (CI)/ continuous deployment (CD) tools to find all the APIs for visibility, discover potential security gaps, and alert development teams for rapid remediation. It integrates various infrastructure components including API gateways, proxies, load balancers, and ingress controllers to offer 360-degree visibility. The platform also includes Bot Defense, an ML-based analysis that eliminates the threats due to bots. It is claimed to be the only bot mitigation solution that does not require any JavaScript or mobile SDK integration to collect the attack telemetry needed to prevent malicious automated bot attacks.
Outlook: API-based attacks are increasing across all the industries across the globe and organizations looking at solutions to mitigate the risks due to the API-based attacks. The most common API-based attacks involve the exploitation of an API’s authentication and authorization policies. Cequence Security claims that its new security platform helps organizations to mitigate the risks due to API-based attacks and provides more visibility into all of the organizations’ APIs. In December 2021, the startup raised $60M in a Series C funding led by Menlo Ventures, with participation from Icon Ventures, Telstra Ventures, HarbourVest Partners, Shasta Ventures, Dell Technologies Capital, and T-Mobile Ventures. The startup aims to use the funding to recruit new talents and develop new software including natural language analysis that can find common patterns that can pose a risk within API communications.
This article was originally published in Verdict.co.uk