The 7.3 release of the Cequence Security Unified API Protection (UAP) platform will be generally available 06 August 2024. This release has many new, exciting features. Let’s take a quick tour.
New Summary Dashboard Summarizes Product Value
Cequence is excited to introduce a new summary dashboard page that summarizes discovery, compliance, and threat protection metrics. This dashboard provides an easy to consume summary of key application and API activity protected by your Cequence UAP deployment, highlighting the metrics that matter for technical personnel and decision makers alike.
Key metrics highlighted on this dashboard include:
- Number of API hosts discovered by Cequence's attack surface discovery compared to the total number of hosts the platform is actively monitoring.
- Number of Internal, External, and Third-Party APIs in the API inventory.
- Total Number of API Risk Issues detected by the platform, including run-time risks and build-time compliance test failures.
- Statistics about malicious traffic detected and mitigated by the platform, including types of threats and their sources.
New Summary Dashboard UI
New API Inventory Page Allows Quicker Navigation and Exports
The Cequence UAP platform has a new API Inventory page with several usability improvements to common workflows used by security personnel. From this new page you can:
- Access the entire API inventory in a simple, tabular format, allowing easy filtering by API type and other additional attributes.
- View APIs by their classification as Internal, External, or Third-Party, and customize the view to meet your specific requirements.
- Generate API specifications for undocumented APIs.
- Manage Shadow APIs and API compliance drift.
- View a summary of risk findings, including Sensitive Data Exposure.
There’s also a new API Endpoint Details page that lets delve into the details of what’s going on in an endpoint. Along with usage statistics for your APIs, Cequence provides an analysis of the payloads in your API requests and responses, including parameter discovery. Cequence can automatically create Data Extraction rules based on the discovered parameters. APIs are analyzed for sensitive data exposure, assisting in your compliance requirements.
New API Inventory Page
New Integrations Enhance Discovery of Internal, External and Third-Party APIs
This release of the Cequence UAP platform introduces the following new integration connectors:
- Cequence is the first API security vendor to introduce integrations with outbound network technologies to enable the discovery of API callouts from customer-owned applications, surfacing the third-party API suppliers that your applications depend on. These integrations also provide the necessary context to understand the security posture of those API callouts, including the identification of any sensitive data they exchange.
- F5 High Speed Logging (HSL): F5 users can integrate with Cequence to discover and protect their APIs exposed behind F5 gateways using F5’s high-volume, low-latency HSL feature without needing to perform additional TLS terminations. This enables quick, low-latency, and secure integrations.
Citrix ADC Content Inspection: Cequence customers can discover and protect their APIs exposed behind Citrix ADC gateways using Citrix content inspection capabilities, with a quick, passive integration using Citrix mirroring technology. - WSO2 API Gateway: Cequence now provides both inline and passive integrations with WSO2 API gateways, allowing customers of WSO2 to easily integrate with Cequence to discover and protect APIs exposed behind such gateways.
- Serverless application integrations: Cequence now integrates with container deployment technologies from leading cloud providers to discover and protect serverless applications deployed on those cloud services. Cequence has introduced native integrations for AWS App Runner, Azure Container Apps, and GCP Cloud Run, enabling organizations to discover and protect APIs exposed within containerized applications deployed on such technologies.
For details about these integrations, visit the Cequence documentation portal at https://helpdesk.cequence.ai.
New Out-of-the-box ML based Classification of Mitigated Threats
Cequence is excited to introduce a unique capability among API security vendors to automatically classify API threats based on the API endpoints where the malicious activity was detected, the sources of the malicious requests, and the malicious behavior patterns observed. This trifecta of detection is unique to Cequence and brings together the combined strength of the platform to provide better visibility and protection to our customers. Another unique highlight of this classification feature is that this includes industry-specific threats, such as CPNI Enumeration and Device Port-in Fraud (for Telecom customers), Inventory Abuse and Shopping Card Abuse (for Retail customers), and Credit Application Fraud and Payment Fraud (for Financial Services customers). This ML-based classification automatically learns and profiles API patterns unique to a particular industry including, but not limited to:
- Account Takeover
- Fake Account Creation
- CPNI Enumeration
- Account Management Abuse
- Inventory Scalping
- Hype Sale Abuse
- Loyalty Rewards Abuse
Detecting and Blocking Automated AI Bot Activity
Cequence introduces new capabilities to automatically identify activity from AI bots without requiring any user configuration. This enables security teams to detect activity from AI apps and use easily created policies to block or rate-limit such activity. Amidst increased news coverage that AI bots from all over the world aggressively scrape web content and often do not honor robots.txt configurations, this feature helps security teams discover the extent of AI bot activity against their publicly exposed content and limit or block it as desired. Cequence continuously updates UAP’s list of global AI bots without requiring any software updates or configurations, ensuring that customer deployments are always up to date with the latest AI bot coverage.
Attack Surface Detection of API Gateways and Infrastructure
Cequence API Spyder is now able to automatically discover API gateways and infrastructure components and highlight potentially shadow API deployments. Using external attack surface discovery which does not require installing any software or networking on customer premises, out-of-the-box API Spyder can now discover the presence of MuleSoft, Apigee, Envoy and a wide variety of API gateways, including those deployed on cloud providers like AWS and Azure. What’s more, Cequence offers customers the ability to author and customize their own detection algorithms to minimize false positives and ensure the highest level of efficacy. This instant visibility and flexibility present security teams with an overall coverage spectrum of their API attack surface across multiple edge, infrastructure, and gateway providers. Cequence is unique in the API Security space to provide such visibility and without requiring any network or software changes. Cequence also automatically surfaces potential shadow API deployments -- API deployments that appear to be in non-sanctioned environments.
Auto detection of Edge, Infrastructure and Application Gateways in API Spyder
Updated current functionality
When you’re discovering your API attack surface, the Cequence UAP platform now crawls domains from within the EMEA/UAE regions, including proxy support, providing truly global coverage.
Beyond new presentation and categorization in the refreshed UI, the 7.3 release of the Cequence UAP platform includes a new ability to search right from the Data Extraction page.
The Cequence UAP platform now ships with the OWASP API Security Top 10 2023 rules as default, leaving the older OWASP API Security Top 10 2019 rules as disabled. You can customize this configuration if required, adding additional categories and rules as needed.
Sneak Preview of Upcoming Features
Here’s a quick sneak preview of upcoming new capabilities in the product in the 2H of 2023:
- New intelligent edge-based traffic processing which will enable you to aggregate Cequence UAP integrations with traffic filtering, sensitive data masking, and rate-limiting closer to the edge and to your applications. This capability significantly reduces the traffic volume that must be sent to the UAP Platform for discovery use-cases and optimizes network bandwidth costs. It also reduces data privacy risks by moving sensitive data detection to your premises (for on-premises deployments) and masks sensitive data in API payloads before sending traffic patterns outside your environment.
- Testing LLM Applications for OWASP LLM Top 10 Risks: Exciting new capabilities for security teams to test their pre-production LLM applications against the OWASP LLM Top 10 risks before releasing them to production.
- New Cequence Flow Graph capabilities that allow security teams to visualize various API flows exercised in their applications, comparing and contrasting flows exercised for good traffic patterns from flows used by malicious or rogue actors for attack use-cases. A security user will be able to analyze details of their API flows and be able to mitigate or block bad flows.
Cequence Unveils New User Community Forum and Enhanced Helpdesk Portal
We are thrilled to announce the launch of our brand-new user community forum, available now at https://helpdesk.cequence.ai/. This exciting update introduces a fresh theme and streamlined navigation, designed to provide an intuitive and user-friendly experience. Our goal is to make it easier than ever for our customers to find the information they need, share insights, and connect with both the Cequence team and fellow users.
Key Features of the New Helpdesk Portal:
- Modern Theme & Streamlined Navigation: Explore a contemporary design with a clear and logical layout, making it easier to find the resources and support you need.
- Enhanced Documentation Access: Our comprehensive documentation library is now more accessible, ensuring you can quickly find guides, FAQs, and troubleshooting tips.
- Improved User Experience: Enjoy a more efficient and enjoyable interaction with our portal, whether you're seeking answers or contributing your own knowledge.
- Community Engagement: Connect with Cequence and your peers to discuss best practices, share experiences, and get advice on optimizing your solutions.
- Cequence Certified Administrator training course: informative video-based training provides working knowledge of the Cequence platform and its administration.
This upgrade is part of our ongoing commitment to enhancing your experience with Cequence. We invite you to explore the new features and join the conversation in our community forum. Your feedback is invaluable as we continue to evolve and improve our platform.