Securing the worlds APIs: why we’re partnering with 42Crunch
Alberto Gomez, Managing Partner and Jorge Baron, Analyst @Adara Ventures
⚡️The Opportunity: APIs run the world (wide web)
APIs (Application Programming Interfaces) are a set of functions and procedures that facilitate the safe, reliable and stable communication between two applications for the exchange of messages and data. Nowadays, APIs are everywhere, with 83% of all web traffic occurring via API.
☢️ The Problem: More APIs = More cyberattacks
As APIs proliferate, so do cyberattacks that leverage vulnerabilities associated to them. Companies use internal APIs to access their microservices, SaaS APIs to draw in third party information, and external APIs providing functionalities to external developers. This creates a blurred security perimeter that may inadvertently offer an unsecured back door into an enterprise system. Gartner predicts:
- APIs will become the #1 attack vector of cyberattacks by 2022.
- The yearly cost of API security breaches is estimated to reach $600Bn by 2022.
🚧 The Solution: 42Crunch secures APIs individually, and at all stages of the development lifecycle
The 42Crunch platform provides a set of automated tools to easily secure the entire API infrastructure by describing security in the API contract, and enforcing those policies throughout the entire lifecycle. Delivering security as code enables a seamless DevSecOps experience, allowing innovation at the speed of business without sacrificing the security of APIs.
The 42Crunch platform includes three components:
1. Audit: a tool for developers to embed API security as they code
The Audit tool runs a static analysis of the OpenAPI definition of the contract against 200 security checks, automatically identifying specific errors and remedies.
2. Scan: a dynamic runtime analysis of the API
By scanning in runtime, 42Crunch check that the implementation of the API and the behaviour of the backend service match the API contract. This helps identify potential issues such as data or exception leakage by detecting misconfigurations, misbehaviours, and APIs vulnerabilities.
3. Protection: a native, lightweight and low-latency API firewall
Deployable with just one click, the API firewall automatically enforces security measures based on the OpenAPI definition and protects API endpoints wherever they are. Allowed operations are whitelisted, eliminating the need to implement custom rules or to guess which traffic is valid through AI. 42Crunch’s firewall is highly scalable, platform agnostic, and supports multi-cloud and multi-geo zone deployments.
Importantly, the 42Crunch API security solution has been integrated into GitHub, the world’s largest software development and code hosting platform. This integration allows millions of developers to try 42Crunch on any of their projects on GitHub, coupling API security review with their development workflow, and supporting the “shifting left” movement that seeks to make security an integral part of the development lifecycle.
🤝 Adara Ventures: Tripling down on cybersecurity
42Crunch’s team, product and approach captivated us from our very first interaction. We are delighted to welcome them to our portfolio, joining exceptional cybersecurity teams Constella Intelligence, CounterCraft and Hdiv.
About the Author
Alberto is co-founder and Managing Partner of Adara Ventures, an early-stage venture capital firm managing over €180 million in capital, and dedicated to investments in deep-tech companies addressing enterprise (B2B) markets.