Credit: sdecoret/Shutterstock

A new breed of application program interface (API) management providers are looking to fill the security gaps where traditional vendors fall short.  These API security startups showed up in full force at this month’s API World in California. They are quickly growing in popularity, among both enterprise customers and API technology partnerships.

One such company is little-known Cequence, whose AI-based security solution combats automated (bot) attacks on public-facing applications. These analyse traffic through machine learning in order to establish legitimate from automated threats.  The company recently played a critical role in the discovery of vulnerabilities in Cisco WebEx and Zoom. All had video conferencing platforms in which hackers gained access to meetings that were established without security precautions.

Go deeper with GlobalData

Premium Insights

The gold standard of business intelligence.

Find out more

Related Company Profiles

View all

These kinds of attacks have traditional API management vendors like IBM, Google, and Microsoft nervous. They have been prompted to establish partnerships with API security vendors such as 42Crunch and Ping Identity.  Traditional API management technology is built on gateway solutions which provide access control and management around API activities.  These solutions maintain important governance and policy functionality, however, they are not widely viewed as having best-of-breed API security capabilities.  Developers are inclined to find ways of bypassing API gateways during the app development process in order to obtain the latest innovative app platforms and OSS technologies.  API management providers are quickly realizing they need to up their game in security. Pure-play partnerships provide a quick fix to this new dilemma.

This relatively new lineup of API security startups includes 42Crunch, Cequence, Data Theorem, Shape Security, Signal Sciences, PerimeterX, Imperva, and Salt Security, among others.  They are imposing a disruptive threat to the API management space currently dominated by vendors including Google Apigee, IBM, Microsoft, Salesforce MuleSoft, and Red Hat.

Simplicity through automation

API security offerings simplify security requirements through automation, which is critical to developers tasked with creating APIs for distributed apps. Developers are playing a larger role in the security process, as some security pure-plays provide solutions designed as ‘security-as-code’ With these, the security capabilities are built into applications earlier in the app development process.  This is important because next-generation architectures demand security participation beyond traditional operations. They require security teams to involve app developers and architects who are well equipped to recognize new types of vulnerabilities.  There is also greater interest in segmenting and monitoring the new app architecture. This allows enterprises have a better understanding of not only security vulnerabilities, but also how their infrastructure is being used.

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData
Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.