API security on behalf of manufacturers! Ruixu Information was selected into China's data security development roadmap

2022.09.07
As the backbone of China's data security field, Ruixu Information has launched an API security management and control platform that fully integrates attack-oriented active defense capabilities and AI intelligent data analysis capabilities, and is listed as IDC TechScape: API Security Representative Manufacturer of Transformative Data Security Technology .

On August 26, IDC, the world's leading IT research and consulting company, released "IDC TechScape: China's Data Security Technology Development Roadmap, 2022", which selected 18 emerging and important data security technologies for analysis, and analyzed them from transformative, The three categories of incremental and opportunistic technologies are used to present the technical points, technical advantages and disadvantages, development stages, risk levels, market popularity and benchmarking manufacturers of different data security technologies and services, helping users to understand and choose the one that suits their own business development requirements. A portfolio of data security products and services.

As the backbone of China's data security field, Ruixu Information has launched an API security management and control platform that fully integrates attack-oriented active defense capabilities and AI intelligent data analysis capabilities, and is listed as IDC TechScape: API Security Representative Manufacturer of Transformative Data Security Technology .

API is becoming the core technical means to realize business innovation and digital transformation. It connects not only systems and data, but also enterprises, customers, partners, and even the entire business ecosystem. It has become an important entrance and exit of current network application traffic, and it is becoming more and more Many attackers are leveraging APIs to implement automated and efficient attacks.

IDC pointed out that API security has increasingly become an important field of data security and application security. At present, the traditional API protection functions in products such as web application security gateways are no longer sufficient to protect against increasingly complex API attacks. API security should stand in the perspective of full life cycle management, starting from API security development and deployment (API testing, etc.), It is managed and controlled with capabilities such as encryption, identity authentication, authority control, API security testing, detection, monitoring, threat protection, and threat processing.

Overall, the API security protection dilemmas faced by end users mainly focus on incomplete and inaccurate sorting of API assets, weak API testing capabilities in the development process, incorrect security configuration, errors in identity authentication and authority control, encryption failures, and running processes. Continuous detection and monitoring are difficult, and API security awareness is weak.

As a representative manufacturer of API security in China, based on the pain points of users in API security protection, Ruixu Information fully integrates active defense capabilities with AI intelligent data analysis capabilities on the technical route, and thus launches API perception, discovery, monitoring, and protection. The capable Ruishu API security management and control platform covers the entire life cycle of API security protection management.

Different from many security solutions from the perspective of API security gateway, Ruishu API security management and control platform emphasizes the improvement of API-related threat identification and protection capabilities, and based on behavior analysis, it can identify risks more finely and accurately, and realize Comprehensive API security threat protection from API access client to API server.

Specifically, the Ruixu API security management and control platform includes four modules: API asset management, attack protection, sensitive data management and control, and access behavior management and control, providing a complete security management and control solution for API interfaces.

l API asset management module: Continuously discover API interfaces, establish an API list, compare it with the API catalog provided by the business side, and discover unknown APIs and zombie APIs in time. Automatically classify and group API interfaces, and assign responsible persons to realize data decentralization management. Extract the metadata of the API interface and provide a visual detailed display for the API interface.

l  API攻击防护模块:基于已知业务逻辑和依赖关系定义API接口调用顺序,防止绕过业务逻辑的访问行为,提前设置接口请求参数调用规则,拒绝非法的API请求参数调用,降低安全配置错误,缩小攻击面;支持API安全攻击检测和防护,并引入语义分析技术,进一步提高检测准确性。

l  API敏感数据管控模块:内置敏感信息检测引擎,覆盖OWASP API Security Top10、姓名、手机号、身份证、银行卡、密码等18种敏感数据类型,对敏感信息进行自动分级,实时洞察API接口中双向传输的敏感数据、明文密码和弱密码,并及时对 API 接口回传报文中的敏感信息进行脱敏处理,规避数据泄漏风险。

l  异常行为监控模块:基于多维度实时监控API接口的访问行为,包括访问成功率、耗时、TPS、并发数等维度,建立API访问基线,及时发现偏离基线的异常访问行为;内置API 业务威胁模型,透视API常见的业务威胁,如:撞库、爬虫等。

l  API访问控制模块:内置灵活的API访问控制策略,可基于API接口、源IP、访问频率、客户端指纹、API令牌、User Agent、HTTP请求特征等上百个元素,对API接口实现精细化的访问控制,支持对维度限频、拦截、延时等。

瑞数API安全管控平台不仅可以快速自动地发现API,并且针对发现的API给出明确的认定,还可以显示出清晰的API列表,对API接口的访问情况一目了然。同时,通过精准地构建API画像,可以快速预览各个业务的API情况,包括使用情况、异常情况、访问来源等,并且可根据行为分析的结果或指定条件,进行动态响应防护,提升通过逆向探测或机器学习分析等攻击手段的难度。

瑞数API安全管控平台已广泛应用于金融、快消、零售、运营商、能源等多个行业,为企业实现API安全管控和数据安全提供有力支持。

入选IDC TechScape API安全技术推荐厂商的背后,是瑞数信息紧紧贴合市场趋势与用户需求,在技术上不断精进创新,长期以来收获了市场与用户的认可。未来,瑞数信息将持续打磨API安全技术和方案,为用户带来实实在在的价值,助力企业合规建设数据安全,有效抵御API新兴威胁。