What We Do

 

API is the “new TCP/IP”: enterprise applications interconnected with APIs are becoming the interface to business-critical data. While API Gateways offer some security features for Public APIs (e.g. API exposed for 3rd party developers), a vast majority of Enterprise Private APIs are still being treated as just payloads of “web traffic”. With adoption of the Cloud and new app architectures such as micro-service mesh, increasing number of Private APIs will be exposed externally as Outer APIs to support clients such as mobile apps or Line of Business web apps. Conventional tools such as WAF or proxy are lacking in providing deep activity and object level observability to API calls traversing through them, let alone the Service Mesh lateral/east-west APIs that are largely unmanaged. This is the reason why Gartner predicts in a report (ID: G00342236) that API abuses will be the major vector leading to data breaches.  

ArecaBay enables InfoSec and DevOps teams to discover, monitor, and secure APIs, especially Private APIs that are Cloud-enabled. Rather than forcing Private API calls through yet another inline gateway (be it on-premises or Cloud), we enhance the existing application infrastructure by super-imposing a Network Engine layer of Micro-Sensors that enables API Observability and Security without any modification to the application code or runtime environment.  

The same Network Engine is used for two products:  

  1. ArecaBay X-Ray for API Observability for DevOps  

  2. Arecabay Force-Field for API Security for InfoSec and SecOps   

 

Why ArecaBay?

 
 
zeroImpact.png
 
 
aboveLayer7.png
 
 
beyondGateway.png
 
 

API Transaction and Object Level Data with

No Code change

No Run-time or Library change

No Host/OS modification

No Agent inside container

Network Deployment with

No Kernel/OS network stack dependency

No Host/VM/infra dependency or impact

No Performance/Availability impact

No Impact on shared infrastructure

 
 

Reduced Time-To-Detect(MTTD) & Time-to-Respond(MTTR)

with Zero-Impact to Uptime

 

+ Why is this unique

  • Deploys anywhere: At the core of ArecaBay is its Network Engine consisting of an array of lightweight software micro-sensors that are easily deployed, without modification to the app or app runtime, as network taps, gateway plug-ins, container sidecars, serverless functions, or message bus consumers.
  • Self Learning: Self-adaptive API learning process ensures the Network Engine continuously learns and targets highly relevant API activities and data.
  • Deep Tracing: The Network Engine monitors all end-to-end API flows at the finest granularity level, providing DevOps object level insights and correlated call traces across the entire transaction, while supporting a Dynamic API Risk Tracker(DART) dashboard for SecOps to take specific, target remediation actions against session/data anomalies.
  • North/South and East/West: Zero impact deployment means universal API mediations.

+ Why should you care

APIs are the "new TCP/IP". Enterprise organizations like yours have seen increasing use of APIs to provide access to applications and to business-critical data. As API usage increases, so are API security risks. Gartner predicts in a report (ID: G00342236) that API abuses will be the major vector leading to data breaches. Furthermore, in a rapidly expanding digital mesh, service-to-service (external or internal) API connections are the foundation of mission critical applications. Monitoring and performance management of end-to-end API transaction, with no impact or restriction to the application, become vitally important.

+ Why other approaches do not work

  • Conventional network security tools (e.g. IDS, IPS, Firewall, WAF, and Layer-3, Layer-4, Layer-7 Segmentation) are limited to front-end north-south access and target mostly URLs of APIs, not the actual payload-level data.

  • Server OS or runtime “self-protection” app-sec tools require changes to codes or app runtime and thus severely limiting their adoption by Dev and DevOps.

  • Log-based tools are not effective, even when enhanced by AI, as logs are rarely real-time and worse, don’t provide sufficient call-level data.

  • Traditional API performance measurement tools are not built to provide granular information at the API object level. Also, most of them are not built for cloud native technologies such as kubernetes and are opaque to mTLS (mutual TLS) encryption between services.

ArecaBay provides a “best of both world's” solution: API object-level app-sec visibility/control using an intelligent Network Engine that is as easy to adopt by DevOps as a network sniffer.

+ How do you map ArecaBay to today's landscape

  • API Sniffer: Think of us as an API Sniffer tool like tcpdump or wireshark for API monitoring and observability.
  • API IDS/IPS: Think of us as an IDS/IPS for APIs.
  • API WAF: Think of us as the next generation of WAF with complete coverage of WAF functions at an API layer.
  • API Next-gen Firewall: Think of us as the next generation firewall that can go deep into APIs and its payloads and also provide full access control features
 

Why API Security, and Why Now? 

 

Gartner predicts that, by 2022, API abuses will be the most-frequent attack vector resulting in data breaches for enterprise applications.

API exploitation Data breaches are on the news almost on a daily basis, but conventional tools do not provide a zero-impact solution that addresses such security threats.

ArecaBay customers instantly identify their API security posture, making it simple to remediate and secure.

 
 

Experience a Live 15-Minute Demo

See how ArecaBay can take your application security to the next level in a live, personalized demo with a solution consultant. 

Name *
Name
Phone Number *
Phone Number