London ā Nov 21, 2018 ā Today, at theĀ API Security For Open Banking Summit, 42Crunch, the leading backend API security platform and CriticalBlue, provider of Approov, the leading frontend mobile API security solution, announced that they are now offering enterprise customers with an end-to-end API protection service.
42Crunch and CriticalBlue were both named Cool Vendors by Gartner in 2017.
Misuse and abuse of APIs is a real and growing threat. APIs represent a window into the inner workings of a business, and they represent the easiest target in todayās enterprise architectures for financial gain and data extraction. As Gartner sees it: “By 2022, API abuses will be the most-frequent attack vector resulting in data breaches for enterprise web applications” fromĀ https://www.gartner.com/document/3834704Ā (Subscription required).
42Crunch provides an integrated platform where development, security and operations teams can collaborate efficiently towards top-notch API security. The company delivers a distributed, lightweight API firewall as well as tools to evaluate continuously that the APIs are following security best practices when defining, implementing and deploying APIs.
CriticalBlueās Approov providesĀ dynamic software attestation for mobile apps. It allows mobile apps to uniquely authenticate themselves as the genuine, untampered software images that were originally published. Approov does not require a static secret to be stored in the mobile app, is easy to integrate via a drop-in SDK, simple to deploy and has no impact on the end user experience.
Combined together, the two solutions efficiently address critical API security issues for mobile application development: fake apps, bots, stolen tokens and scripting attacks. Approov ensures that the mobile application is authenticated while 42Crunch ensures that the API requests are valid, and attack-free. Furthermore, the 42Crunch protection service ensures that tokens used to authenticate both the apps and the APIs are properly validated according to theĀ standard best practices.
With the rise of the API economy, usage of APIs has skyrocketed, and as a result, it is vital that deployed APIs are both correctly designed and safely used by only the remote software clients they were designed for.
Under the partnership, 42Crunch will release an Approov package with a set of pre-tested policies that Approov customers can use straight away to enforce and validate Approov security tokens.
āThe CriticalBlue/Approov solution adds the āfirst mile securityā for our customers using APIs with Android and iOS mobile apps. The combined solution guarantees the integrity of the data flowing through the APIs at all timesā said Jacques Declas, CEO of 42Crunch.
āThis partnership creates a security continuum from API design right through to deployment and use,ā commented David Stewart, CEO of CriticalBlue. āIt encompasses the need for a full security service across all API access points, including web, while also recognizing the need for particular attention to the mobile channel, which is generally the least well protected part of the eco-system.ā
About 42Crunch
Founded in London, UK, with offices in Dublin, Montpellier, France, and Irvine, California, 42Crunch provides a security platform that automatically generates and enforces risk-based security policies on enterprisesā APIs. The cloud solution addresses the most demanding API security requirements for enterprises around the world. The 42Crunch API Security platform also fosters the collaboration of security, development, and operations teams, and provides a DevSecOps approach to API development. VisitĀ 42crunch.comĀ to learn more. To learn more about API Security visit the community site hosted by 42Crunch atĀ https://APISecurity.io.
About CriticalBlue
CriticalBlue launched Approov to close the gap between the current web-oriented security solutions and the growing need for more trust in the mobile app channel. Approov employs CriticalBlueās mature and proven dynamic runtime technologies to enable a fundamental advance in the digital economy security ecosystem by protecting digital assets from cyber attacks and fraud vectors. This re-establishes the two-way trust needed to truly secure enterprise businesses. For more information, please visitĀ approov.io
