API management for zero trust endpoint protection

Andy James, associate partner at Cluster Reply, and Gordan Milinkovic, partner at Spike Reply, spoke to Information Age about the importance of API management for zero trust endpoint protection

Over the past few years, the network perimeters of organisations big and small have evolved, with staff going about work beyond the traditional company-issued laptops and desktops. Personal laptops and other devices including tablets and mobile phones are now commonly utilised for internal communications and remote operations.

This trend, coming due in part to the pandemic, has meant a need for cyber security practices to evolve, amidst threat actors regularly targeting endpoints with increasingly intelligent techniques capable of catching any security team out. And as Application Programming Interfaces (APIs) are now a go-to for transferring of data between systems, sufficient security of endpoints calls for a strong API management strategy underpinned by a zero trust approach.

To help their partners succeed in keeping their endpoints and network secure, Cluster Reply and Spike Reply have been using their expertise in cloud computing and cyber security to establish personalised strategies in line with industry, network and customer needs. Cluster Reply offers bespoke services using Microsoft Azure, while Spike Reply is Reply’s cyber security and data protection subsidiary.

Protecting endpoints with API management

APIs facilitate access to specific data used for specific functions. This is a key aspect of the technology that lends itself well towards establishing a zero trust environment — one that lives by the motto ‘never trust, always verify’.

“We came from a world in which a perimeter was the way to protect your assets. Then then we started creating third party landing zones that had to evolve, and now we live in a world with no borders,” said Gordan Milinkovic, partner at Spike Reply.

“Stakeholders need to take into consideration all of the traffic that moves around, and having an understanding of the expected modus operandi is key. This is where zero trust comes into play.”

Any unusual behaviour in the network can be detected using cloud monitoring tools, which Spike helps its clients get the best out of, while Cluster helps ensure smooth digital transformations in the cloud. But having a zero trust system in place goes one step further by ensuring that all users verify their identities in line with who needs to access the particular data — reducing strain on security teams.

“The number one thing for us as an integrator, is that we’re able to not only look externally at integration with API management, but also use the capabilities internally as well,” Cluster Reply associate partner Andy James added.

The benefits of Azure API Management

API management is an integral aspect of the Azure environment. Offering a scalable, multi-cloud platform for API security and analysis, this particular market offering goes beyond merely being a gateway for data.

“You have the gateway, which is exactly what you want it to be, but also you’re not limited to this great world of Microsoft and its protocols,” explained James.

“When we go on to containerisation, we can self-host the gateway and container, but the important bit of API management that everybody forgets is the insights; the analytics you’re pulling out to see who is using your API.

“It serves like a Lego brick that integrates into Azure services, and can be built upon.”
The ease of integration brought by Azure API Management, combined with the specialised expertise of Reply, are key value drivers for Reply customers, bringing clear network visibility and speed of insight delivery.

EDR vs XDR

When it comes to keeping the network protected, it’s a good idea to look beyond just the security of endpoints, ensuring that data in transit is as secure as at rest. Unlike endpoint detection and response (EDR), which focuses on protection of workloads on devices, extended detection and response (XDR) refers to a SaaS-based system that holistically caters for the whole infrastructure.

“I see EDR as a continuous effort to bring antivirus software to the endpoint, with extended functionality for a wider variety of threats such as malware,” said Milinkovic.

“XDR meanwhile was really an attempt to bridge the gap that was evident when an incident would occur. From there, analysts from operations units can piece together what actually happened, and act accordingly.

“With XDR, data isn’t in five to 10 different silos. All data sources in the network are joined up. This helps achieve a general enrichment of external data sources, and an ability to present these in a way that makes the breach timeline easier to work out.”

This approach is also complemented by AI capabilities, which have continued evolving over time, delivering faster insights and reducing strain on security staff.

Choosing the right integrator partner

As a group of collaborating integrators including Cluster and Spike, Reply is able to take expertise from across the business and apply multi-faceted guidance on cloud adoption and cyber security to each specific client project.

“We try to instil this ‘landing zone’ approach, which means we can look at all aspects of what we’re going to do from an established base, and everything around zero trust security is included in that,” said James.

“This way, we can tweak things early on so that we don’t need to fight any uphill battles later on.”

From Spike’s standpoint, Milinkovic added: “Meeting customers wherever they find themselves on the journey allows us to assess maturity when it comes to their security posture.

“Once that’s done, we would benchmark this, and from here determine where we want to get to, in what time frame. We can then deliver expertise from our specialist areas. If you’re not measuring, you’re not managing.”

This article was written as part of a content campaign with Reply.

Related:

Three reasons why your API security is failing — Here are three reasons why organisations are still failing at API security.

The importance of endpoint security in breaking the cyber kill chain — Keeping endpoints protected is vital towards disrupting steps taken by threat actors.