Joint solution to ensure APIs are built correctly and used legitimately.
London – Nov 21, 2018 – Today, at the API Security For Open Banking Summit, 42Crunch, the leading backend API security platform and CriticalBlue, provider of Approov, the leading frontend mobile API security solution, announced that they are now offering enterprise customers with an end-to-end API protection service.
42Crunch and CriticalBlue were both named Cool Vendors by Gartner in 2017.
Misuse and abuse of APIs is a real and growing threat. APIs represent a window into the inner workings of a business, and they represent the easiest target in today’s enterprise architectures for financial gain and data extraction. As Gartner sees it: "By 2022, API abuses will be the most-frequent attack vector resulting in data breaches for enterprise web applications" from https://www.gartner.com/document/3834704 (Subscription required).
42Crunch provides an integrated platform where development, security and operations teams can collaborate efficiently towards top-notch API security. The company delivers a distributed, lightweight API firewall as well as tools to evaluate continuously that the APIs are following security best practices when defining, implementing and deploying APIs.
CriticalBlue’s Approov providesdynamic software attestation for mobile apps. It allows mobile apps to uniquely authenticate themselves as the genuine, untampered software images that were originally published. Approov does not require a static secret to be stored in the mobile app, is easy to integrate via a drop-in SDK, simple to deploy and has no impact on the end user experience.
Combined together, the two solutions efficiently address critical API security issues for mobile application development: fake apps, bots, stolen tokens and scripting attacks. Approov ensures that the mobile application is authenticated while 42Crunch ensures that the API requests are valid, and attack-free. Furthermore, the 42Crunch protection service ensures that tokens used to authenticate both the apps and the APIs are properly validated according to thestandard best practices.
With the rise of the API economy, usage of APIs has skyrocketed, and as a result, it is vital that deployed APIs are both correctly designed and safely used by only the remote software clients they were designed for.
Under the partnership, 42Crunch will release an Approov package with a set of pre-tested policies that Approov customers can use straight away to enforce and validate Approov security tokens.
“The CriticalBlue/Approov solution adds the ‘first mile security’ for our customers using APIs with Android and iOS mobile apps. The combined solution guarantees the integrity of the data flowing through the APIs at all times” said Jacques Declas, CEO of 42Crunch.
“This partnership creates a security continuum from API design right through to deployment and use,” commented David Stewart, CEO of CriticalBlue. “It encompasses the need for a full security service across all API access points, including web, while also recognizing the need for particular attention to the mobile channel, which is generally the least well protected part of the eco-system.”
Founded in London, UK, with offices in Dublin, Montpellier, France, and Irvine, California, 42Crunch provides a security platform that automatically generates and enforces risk-based security policies on enterprises’ APIs. The cloud solution addresses the most demanding API security requirements for enterprises around the world. The 42Crunch API Security platform also fosters the collaboration of security, development, and operations teams, and provides a DevSecOps approach to API development. Visit https://www.42crunch.com to learn more. To learn more about API Security visit the community site hosted by 42Crunch at https://APISecurity.io.
CriticalBlue launched Approov to close the gap between the current web-oriented security solutions and the growing need for more trust in the mobile app channel. Approov employs CriticalBlue’s mature and proven dynamic runtime technologies to enable a fundamental advance in the digital economy security ecosystem by protecting digital assets from cyber attacks and fraud vectors. This re-establishes the two-way trust needed to truly secure enterprise businesses. For more information, please visit https//www.approov.io