Vorlon is making waves in the security scene with its API security tool, which scrutinizes both in-house and third-party APIs used by organizations to pinpoint anomalies and malicious connections. This SaaS-based startup has recently introduced a new offering, emphasizing API visibility and addressing potential attack surfaces, taking a unique "shift-right" approach that it claims sets it apart from traditional solutions. The SaaS offering, initially in beta from August 2023, is now available for purchase on subscription.
Alex Yakubov, Vorlon's Head of Marketing, explains that Vorlon's vision expands the scope of API security to include the enterprise-as-consumer angle. The goal is to empower organizations to proactively manage third-party APIs, keeping a close eye on data in motion, distinguishing between legitimate and illegitimate traffic, and swiftly resolving issues as they arise – not waiting for months until a leak becomes public knowledge.
Vorlon, primarily a cloud application security startup, kickstarts its offerings with API security, available through an annual subscription with access tiers based on the number of observed third-party applications, data storage, and retention needs.
The essence of Vorlon's API security lies in enhancing visibility into an organization's third-party dependencies and associated APIs while in operation. This marks a departure from the traditional "shift left" approach, which focuses on API security during development and integrations. According to Yakubov, historical API security tools have concentrated on ensuring the safety of published APIs, overlooking the fact that organizations consume far more third-party APIs than they publish.
The "shift left" concept aimed to incorporate security earlier in the development phase. Still, due to the complexity and nuanced nature of each API, API security has historically neglected the consumer side, lacking means to manage, monitor, and control data in motion, Yakubov adds. In addressing this gap, Vorlon's platform employs tools to inventory existing third-party integrations, scan the APIs used, analyze transmitted data, and visualize associated exposure and risks.
Since November 2023, Vorlon claims to have scrutinized over 50 million API calls, assisting early customers in resolving critical issues such as over-permissive connections, misuse of API secrets, exposed multi-use secrets, malicious IP access, and abnormal activities from third-party applications. Avishai Avivi, an early Vorlon user and Chief Information Security Officer at SafeBreach, commends Vorlon for providing insights into not just the APIs in use but also the systems they connect to and the data enabled on top of these APIs.
Vorlon incorporates machine learning to process large amounts of API data in near real-time, made possible through proprietary machine learning engines. Behavioral analysis, leveraging machine learning, helps Vorlon identify anomalous activity specific to a customer's observed third-party application. This recognizes that what may be normal for one organization may not be so for another. Furthermore, Vorlon automates API analysis by cross-referencing with existing threat intelligence to identify known malicious API communications. Machine learning enables the delivery of custom remediation instructions tailored to the applications involved.
Eric Richard, Chief Information Security Officer at Hubspot, emphasizes the critical role Vorlon plays in addressing the lack of visibility into third-party APIs, which he considers a vulnerability. He sees Vorlon's tool as a means to bring these APIs "out of the shadows" and apply the same level of security controls seen in other domains.
Vorlon is actively expanding its catalog of observable applications, working on providing tailored remediation insights and capabilities.
Related Queries:
go fast bits
azure apim
amazon web services logo
github api token
web api security