CIO Influence
CIO Influence News IT and DevOps Security

Approov Integration and Alliance Partner Program Secures APIs for Unified, End-to-End Protection of Mobile App User Data and Business Logic

Approov Integration and Alliance Partner Program Secures APIs for Unified, End-to-End Protection of Mobile App User Data and Business Logic
Integrations with AWS, Microsoft Azure, Cloudflare, Fortinet, Kong, TIBCO, NGINX, FingerprintJS, hCaptcha, Google reCAPTCHA, Google SafetyNet, Apple DeviceCheck Help Secure Sensitive Data Against the “Achilles heel” of App Security presented by the use of mobile apps

Approov, creators of advanced API threat protection solutions, introduced the Approov Alliance and Integration Program to ensure that the critical elements of comprehensive mobile app API protection are rigorously tested and work together harmoniously and seamlessly to avoid both data leakage and exposure of the app’s core logic.

Recommended ITech News:  Cybersecurity Financial Services Industry Expert Perry Menezes Joins MorganFranklin Consulting

“As we have seen in recent high-profile breaches involving Peloton and Experian, threat actors are actively working to dissect mobile apps in order to mount successful attacks on APIs”

“API security is critical to protecting the confidentiality, integrity, and availability of your data but today the market is fragmented and customers need products to work together to get the protection they need,” said Alissa Knight, partner of Knight Ink. “The mobile app and client attestation provided by Approov is a crucial element and the new alliance program gives customers assurance that it works seamlessly with other security solutions to protect APIs.”

Mobile apps, by their nature, expose a potential “Achilles heel” in application security. A mobile app and its APIs expose API Keys, business logic, and other data that can be used to successfully attack that API using a script or modified mobile app. The deployment of mobile apps can present a comprehensive “tool kit for hackers” who are targeting APIs. Even with extensive shift-left security initiatives in place, this ability to exploit APIs can never be completely eliminated and they must be shielded at run-time.

Approov’s approach blocks these and other mobile app attack vectors, such as Man-in-the-middle attacks. Approov blocks any access to the API from anything other than unmodified, genuine versions of the app, effectively preventing any vulnerabilities in an app or its API from being exploited, protecting both apps under development and apps in production.

Recommended ITech News:  NICE Joins Microsoft Business Applications ISV Connect Program

The Approov Integration and Alliance Partner program ensures that each component in the application security ecosystem works seamlessly with Approov, in order to make it easy for customers to deploy a comprehensive solution for API security that optimizes user experience while thwarting malicious API access attempts. Approov invites vendors with complementary solutions to sign up here to the program.

Approov Technology Integrations :

Approov already has tried and tested integrations with a number of security vendors:

  • Identity and Access Management: Approov works with any products which support standards for authorization, authentication and identity management, such as OAuth2 and OpenID Connect (OIC).
  • WAF and API Management Gateways: Approov integrates easily with any backend environment: QuickStart guides are available for 10 commonly used environments. However, an emerging best practice is to unify security layers by having a single control point where application security policies are enforced. Approov supports this through integrations with back-end security platforms including Fortinet’s Fortiweb WAF, which allows Approov mobile attestation to be integrated into Fortiweb security rules. Similarly, Approov’s integration with API Gateways such as Kong, TIBCO/Mashery and NGINX PLUS, adds the Approov assurance that APIs can only be accessed by genuine instances of your mobile app.
  • Cloud Services: Integration of Approov with Amazon API Gateway and the Microsoft Azure API Management allows the Approov mobile app and client environment attestation checks to be enforced at the gateway to ensure comprehensive and consistent security for cloud-native APIs.
  • Browser based API access: It is a best-practice to isolate and have dedicated APIs to serve mobile apps in order to optimize performance and lock down access using app attestation and client validation. However, some mobile-first customers also allow browser-based access to the same APIs which service their mobile apps. To provide a single common validation method for mobile apps and browser-based access, Approov integrations include FingerprintJS, hCaptcha and reCaptcha. These solutions evaluate whether a browser access is by a human or a bot, and integration with Approov enables a single, common authorization method for both the web and mobile API channels in order to validate legitimate access.

Recommended ITech News:  Panasas Delivers Uncompromised Performance and Security with PanFS 9, a Next-Generation Portable Storage Platform

  • Mobile development framework integration: Approov ensures ease of deployment through integration with Android native and iOS native app development frameworks, as well as major cross-platform frameworks such as Flutter, React Native, NativeScript, Ionic, Cordova, and Xamarin.
  • Client integrity: Apple DeviceCheck allows developers to set and track states on (anonymized) iOS devices and Google SafetyNet evaluates whether an android device has been rooted or otherwise compromised. Integration of both with Approov ensures that DeviceCheck and SafetyNet validation can be incorporated into the powerful security policy framework which is part of the Approov service. This provides granularity of control, consistency and simplicity of implementation across both platforms and ensures compromised device access can always be blocked without creating false negatives.

“As we have seen in recent high-profile breaches involving Peloton and Experian, threat actors are actively working to dissect mobile apps in order to mount successful attacks on APIs,” said Approov CEO David Stewart. “Approov integrations simplify mobile security for customers by ensuring that the required security capabilities for mobile can seamlessly be integrated with the other essential elements of a security solution, bringing an important new level of security to existing and future mobile applications.”

Recommended ITech News:  Comcast Business to Acquire Masergy, a Pioneer in Software-Defined Networking and Cloud Platforms

Related posts

ReliaQuest Named Customers’ Choice by Gartner for Managed Detection and Response (MDR) services

Business Wire

Planful Named a Leader in the Nucleus Research CPM Technology Value Matrix for Ninth Consecutive Year

CIO Influence News Desk

EDGE Unveils Swarming Drones Application for Unmanned Aerial Systems at UMEX 2022

CIO Influence News Desk

Leave a Comment