Security Of Data in Motion in the Cybersecurity Mesh

The cybersecurity mesh, one of the key trends identified in Gartner’s list of Top Strategic Technology Trends for 2021 will help drive organizational plasticity and resilience over the next 5–10 years. In this brief article, we will explore why it is growing in importance as well as its connection to the cloud-native API “behavior security” approach — API Security Mesh.

The Growth Of The Cybersecurity Mesh

Over the past few years, the traditional security perimeters for organizations’ assets have started shifting. Now, most assets and devices are located outside these boundaries and help promote the extended enterprise. Moreover, these distributed digital assets and users aka the cybersecurity mesh support location-independence and allow any person to access critical digital access, regardless of their location. Such a distributed architectural approach provides scalable, flexible and reliable cybersecurity control, helps centralize policy orchestration, and supports better, real-time trust decisions. For all these reasons, the cybersecurity mesh will support over half of digital access control requests by 2025.

Cloud-Scale “Behavior Security” Approach to Fix Blind Spots In Distributed Cloud-Native Environments

Quite a mouthful heading. Today, the deployment of cloud-native modern applications with data in motion and numerous workloads interacting with each other using APIs, and running on various heterogeneous environments, is a highly complex endeavor. Although such applications are now a key element of most modern organizations’ tech stacks, they also create a number of blind spots and security risks. These include rogue workloads, unsanctioned API interactions, compromised services, malicious downloads, unauthorized access to cloud storage or malicious domains, zero-day and unknown API layer attacks, and PII exfiltration, to name a few. Most of these risks are often not detected until it’s too late (206 days on average, according to IBM), and end up creating numerous operational challenges. One: how to bring a common view of applications and API behavior to improve Dev-Sec-Ops collaboration and speed up innovation. Second: how to ensure the security, resilience, and reliability of distributed applications, specifically how to detect and mitigate vulnerabilities and compliance risks in the absence of the traditional security perimeter. Third: how to intelligently analyze and triage operational issues in highly distributed workload environments to improve productivity and maintain business continuity.

All these challenges indicate the need for a robust security solution with strong built-in API layer observability and detection capabilities. Here, a “behavior security” approach is the ideal choice. This model provides a proactive means to fully secure the organization by monitoring the behaviors and interactions of workloads, and by detecting threats based on suspicious or malicious behavioral patterns. By gathering and correlating information (“signals”) from multiple sources and creating a unified context, the model makes it easy to determine the baselines of “good behaviors” of these applications, and understand if actual behaviors are drifting from these baselines. This helps strengthen real-time risk detection and improves the mitigation of lateral threats, vulnerabilities, and attacks arising from the use of APIs between distributed services.

Cloud-native API Security Mesh with Mesh7

Mesh7 is a comprehensive SaaS platform that continuously secures data in motion for cloud and cloud-native apps, APIs, and microservices. Its highly distributed micro API firewall with gateway gathers information to enable auto-discovery and observability of all API interactions between services, as well as every behavior change due to rapid CI/CD based deployments. It also gathers additional application context by tapping into cloud logs and source processes within various workloads, third party reputation data, and threat intelligence feed.

The solution correlates data intelligently, which delivers a number of crucial benefits for organizations. For one, it creates a large number of application and API behavior graphs to provide a visual representation of critical data such as how workloads are interacting, what APIs and PII they are sending, which third party domains they are talking to, etc. Mesh7 also understands application behaviors and creates baselines that allow it to detect drifts and anomalies that may indicate the presence of zero-day or unknown attacks. In fact, the behavior-based approach of Mesh7 provides the only way to detect zero-day or unknown attacks before they can cause untold damage.

Short clip on API, PII, API Risk View in Mesh API Security Mesh

Whenever necessary, i.e. when a security event (e.g. a DDoS attack) is detected, Mesh7 works in a “preventive security controls” mode, applying adaptive rate control, blocking select traffic, or redacting sensitive information for more effective mitigation.

Finally, Mesh7 can turn data into useful, insightful information to enable deep forensics, drill-down investigations, and root-cause analyses of application breaches and behavioral changes. Based on AI and ML, Mesh7 enables security personnel to triage and troubleshoot issues, and also understand the current health and security posture of their applications.

Mesh7’s API Security Mesh with behavior security approach provides a powerful means with observability to detect and mitigate against intrusions and risks from lateral, egress, and cloud services breaches. Start enforcing your security policies on all your APIs so you can focus on productivity and business continuity. Try Mesh7 free for 30 days.