Resurface v3 Ushers in a New Era for API Security
Purpose-built for API data, fills gaps in perimeter-based defense
Coinciding with the OWASP Global AppSec conference, Resurface Labs announces general availability of its v3 product, designed to detect and alert on API threats in real-time, including out-of-the-box OWASP security rules.
APIs expose the limitations of traditional perimeter-based security, failing the Zero Trust sniff test. Forrester defines this as “API insecurity,” where permission-based access and controls no longer apply to complex API interactions. Black box API traffic hides actions that should be visible and auditable in their entirety.
Read More: ServiceNow Named A Leader In The 2021 Gartner® Magic Quadrant™ For Enterprise Low-Code Application…
Robust API security requires API-centric solutions that natively understand API traffic, and provide useful guidance at runtime. Resurface captures API request and response detail, and is shaped for high volume, making API traffic visible and searchable.
“APIs are now considered to be the #1 attack vector, yet most organizations use ill-fitting solutions for API security. We’re solving for the gaps that exist in API intelligence with clear, actionable data at runtime,” said Christine Bottagaro, co-founder, Resurface Labs.
Read More: SalesTechStar Interview With Greg Armor, Executive Vice President Of Sales, Gryphon.Ai
Resurface v3.0:
- Complete auditing of REST and GraphQL request and responses for every API call, including session and sequence level details
- Alerts and views for OWASP API Security Top 10
- Flexible deployment options include network capture, via API gateways, logging middleware, direct JSON, or any combination.
Resurface captures all API attributes without upfront modeling, and is self-hosted, preserving data sovereignty. Underscoring the need for smart API-first security solutions, Resurface was named in Forbes “Top 25 Machine Learning Startups to Watch In 2021.”
Rob Dickinson, Resurface co-founder and CTO, is presenting “OWASP cautions against “insufficient logging & monitoring.” What does sufficient look like?” at the OWASP Global AppSec US 2021 conference, highlighting what’s missing in today’s network-centric approach to API security.