New security tools are required in a new era

A new chapter in the security of our world began on 24 February 2022. And the term "our world" must also include cyberspace, as the Ukraine-Russia war has openly demonstrated our dependence on information systems and the vulnerability of this ecosystem. Although the war news has so far focused on classic armed conflict, more and more is being learned about the activities and tools of individual, state and non-state hacker groups. The Cybersecurity and Infrastructure Security Agency (CISA), for example, is constantly raising awareness of both newly discovered codes attacking industrial systems and well-known yet routinely exploited vulnerabilities. Companies can be prepared for a renewed focus on cyber operations as the battle for physical space subsides, with potentially less emphasis on financial gain and more on destruction.

All this has occurred shortly after COVID led most companies to make a decade-long leap in digital transformation. Much of enterprise IT has moved to the cloud, and solutions that exchange data via APIs have become common. However, the rapid digital transition has by definition been driven by a focus on efficiency rather than cybersecurity. It is no coincidence that Gartner predicts that APIs will be the most attacked interfaces in 2022.

So even in a disrupted global security environment, the predictions of experts suggest that Western companies and critical infrastructure operators could have months to prepare for increased cyberattacks. Of course, years of work cannot be completed in this timeframe, but significant results can be achieved in the short term by adopting Zero Trust planning principles. CISA's recommendation, for example, highlights the importance of network micro-segmentation, increased control of privileged users and detection of signs of unusual behavior, and an overall reduction in the attack surface. In practice, these tasks are challenging enough individually, but meeting the full CISA list is almost an impossible task for most companies, while the likelihood of experiencing a cyber attack is higher than ever.

New types of challenges therefore require new types of solutions. Of course, you can't jump years ahead in product development, but re-tuning, integrating and re-designing existing solutions to a Zero Trust approach can provide a quick and cost-effective way to strengthen your cybersecurity. This is why Balasys has come up with an innovation that can provide an effective solution to current challenges such as API interface management and security support, filtering of traffic from the web with web application firewall (WAF) and micro-segmentation of the network, and filtering of malicious traffic with a behavioral analysis. The solution is available as Proxedo API Lifecycle Platform (PALP).