This analyst report prepared by Dr. Edward Amoroso, CEO of Tag Infosphere Inc, offers a review of the recently announced partnership between cybersecurity vendor 42Crunch and Microsoft.
Introduction
The recently announced partnership between 42Crunch and Microsoft, integrating 42Crunch’s API security solutions 1 with Microsoft Defender for Cloud 2, marks a significant advancement in the field of API security 3. This collaboration aims to provide a comprehensive solution for the entire API lifecycle, addressing the increasing centrality of APIs in cloud applications and the growing challenge of securing them.
Overview of Platforms
42Crunch’s API DevSecOps platform focuses on API security audit and vulnerability testing. The integration with Microsoft Defender for Cloud will enable Microsoft customers to benefit from continuous API protection from the design phase to runtime. APIs, while fundamental to data exchange in cloud applications, are inherently vulnerable and traditionally underserved by general application security solutions. The partnership addresses this gap by empowering developers to identify and rectify API vulnerabilities early in the development process, while also providing security teams with centralized governance across their API landscape.
Microsoft Defender for APIs, a component of Microsoft Defender for Cloud, is a cloud-native application protection platform. It enhances organizational security postures and allows for the rapid detection of active real-time threats. The collaboration with 42Crunch enables development teams to adopt a “shift left” approach, addressing security vulnerabilities earlier in the development lifecycle.
By merging insights from both 42Crunch and Defender for Cloud, security teams gain extensive visibility and governance over API-related risks from design to runtime. This integration also benefits operations teams, who can use Defender for Cloud’s native workflow capabilities to expedite remediation efforts.
Analysis and Commentary
TAG’s on-going review and analysis of enterprise cybersecurity deployment and support has identified the ineffectiveness of using general-purpose application security solutions alone for protecting web APIs. This practice is both clumsy and expensive for practitioners 4.
Each new API introduces unique attack vectors, necessitating a continuous, lifecycle-oriented approach to API security. This approach includes designing security into APIs, conducting API security testing, and creating and applying reusable API security policies.
Jacques Declas, CEO of 42Crunch, emphasized the significance of the partnership in validating a shared vision of providing a robust DevSecOps solution to safeguard digital assets against a widening range of attacks 5. The partnership allows customers to establish, implement, and enforce API security compliance and governance on a large scale. Vlad Korsunsky, Vice President of Cloud and Enterprise Security at Microsoft, reiterated the enhancement of Microsoft’s CNAPP solution, Defender for Cloud, through the partnership 6.
This enhancement offers comprehensive API security coverage throughout the entire API development lifecycle, thereby bridging the security gap from development to runtime and enabling security teams to govern their API ecosystem effectively throughout the development process.
This integration is currently available in public preview for customers of Microsoft Defender for Cloud using GitHub, with future support planned for Azure DevOps. Customers can also purchase 42Crunch through the Microsoft Commercial Marketplace, expanding the accessibility of this integrated solution.
Concluding Remarks
From a TAG analysis perspective, we view the partnership between 42Crunch and Microsoft as representing a welcome development in API security, addressing critical vulnerabilities and governance challenges in the increasingly API-centric world of cloud applications. This collaboration sets a precedent for future integrations in cybersecurity, demonstrating the importance of a holistic, lifecycle-oriented approach to securing digital assets and infrastructures.
About TAG
TAG is a trusted next generation research and advisory company that utilizes an AI-powered SaaS platform to provide on demand insights, guidance, and recommendations to enterprise teams, government agencies, and commercial vendors in cybersecurity, artificial intelligence, and climate science.
Copyright © 2024 TAG Infosphere, Inc. This report may not be reproduced, distributed, or shared without TAG Infosphere’s written permission. The material in this report is comprised of the opinions of the TAG Infosphere analysts and is not to be interpreted as consisting of factual assertions. All warranties regarding the correctness, usefulness, accuracy, or completeness of this report are disclaimed herein.
1 Cybersecurity vendor 42Crunch has a feature-rich website at https://42crunch.com/ which describes its commercial suite of API security solutions.
2 Microsoft’s Defender for Cloud combines cloud security posture management and other cloud security functions into a powerful portfolio of solutions for Azure customers. See https://www.microsoft.com/en-us/security/business/cloud-security/microsoft-defender-cloud.
3 See https://42crunch.com/42crunch-and-microsofts-defender-for-cloud-partner-to-deliver-end-to-end-api-security/ for a description of the partnership between the two companies.
4 TAG works with hundreds of enterprise security teams through its AI-powered SaaS offering called Research as a Service (RaaS) that provides on-demand research, guidance, and insights on issues related to cybersecurity, artificial intelligence, and sustainability for practitioners.
5 See the public article located at https://www.devopsdigest.com/42crunch-integrates-with-microsoft-defender-for-cloud
6 The executive explains the company’s vision for Cloud and Enterprise Security here: https://techcommunity.microsoft.com/t5/microsoft-defender-for-cloud/announcing-new-cnapp-capabilities-in-defender-for-cloud/ba-p/3981941.
