Recently, Gartner, the world's authoritative IT research and consulting company, released the report "Market Guide for API Management, China" and "Tool: Vendor Identification for API Solutions in China" ).
With its strong technical strength and market performance in the API field in recent years, Ruisu Information has once again been recognized by international authorities and was selected as a representative vendor in the API field in China by Gartner; Ruisu API security management and control platform was included as a recommended product in the field of API security in China.
API security platform
At present, thanks to the rapid development of China's digital economy and the deepening of the Internetization process of enterprises, APIs are being widely used in various industries such as finance, social media, transportation, and e-commerce. However, as the number and complexity of APIs continue to increase, the current enterprise demand for API management solutions is also rising rapidly. Gartner predicts that by 2027, more than 50% of enterprises in China will use API management platforms to improve business integration, a significant increase from less than 20% in 2023.
As one of the earliest manufacturers in China to focus on API security, the Ruisu API security management and control platform (API Bot Defender) launched by Ruisu Information includes modules such as API asset management, attack protection, sensitive data control, and access behavior control. It is in line with the APIs that Gartner focuses on. Key security components: API discovery and classification, API threat protection, API status management, and API access control respond to each other, providing a complete security management and control solution for API interfaces to solve various security risks and challenges faced by APIs.
**API asset management module:** Automatically discover API interfaces based on big data modeling, automatically classify and group API interfaces, and assign responsible persons to achieve decentralized data management. Automatically extract API interface styles, provide visual details of API interfaces, and help customers achieve life cycle management of API assets.
**API attack protection module:** Based on the intelligent threat detection engine, it continuously monitors and analyzes traffic behavior, uses multiple threat models obtained by machine learning to identify abnormal attacks, and uses semantic analysis and traffic learning technology to accurately and quickly identify various types of attacks. Type attacks, including OWASP API Security Top 10 security attack detection, API security parameter compliance detection, and API interface calling sequence detection.
**API sensitive data management and control module:** Built-in sensitive information detection engine, covering 18 types of sensitive data such as name, mobile phone number, ID card, bank card, password, etc., automatically grading sensitive information, and providing real-time insight into the two-way API interface Sensitive data, plain text passwords and weak passwords are transmitted, and sensitive information in API interface return messages is desensitized in a timely manner to avoid the risk of data leakage.
**API abnormal behavior monitoring module:** Based on multi-dimensional real-time monitoring of the access behavior of API interfaces, including access success rate, time consumption, transaction processing per second (TPS), number of concurrency and other dimensions, establish API access baseline, timely Discover abnormal access behaviors that deviate from the baseline, and promptly discover unknown APIs and zombie APIs. The built-in API business threat model provides insights into common business threats to APIs, such as credential stuffing, crawlers, etc.
**API access control module:**Built-in flexible API access control policy, which can be based on API interface, source Internet protocol address (IP), access frequency, client fingerprint, API token, customer agent (UserAgent), and hypertext transmission Protocol (HTTP) request characteristics and other hundreds of basic elements and user interaction behavior characteristics, implement refined access control for API interfaces, and support multi-dimensional frequency limiting, interception, delay, etc.
In August 2023, Ruishu Information officially released the "2023 API Security Trend Report", which conducts in-depth analysis from multiple aspects such as API threat situation, attack methods, API security development trends, etc., analyzes typical API attack cases, and combines API trends to provide Enterprises should provide protection suggestions and reference guides for API security protection.
API execution protection on WAAP will become increasingly important
In addition, Gartner pointed out in the report that the scope of API security is constantly expanding. Currently, there are two main types of products in the Chinese API market: API security platform and WAAP (Web Application and API Protection). With the massive use of APIs, in API operation protection on WAAP will become increasingly important. At the same time, the growing popularity of cloud-native applications continues to drive increased API usage.
As one of the first domestic professional manufacturers with "cloud native API security capabilities + WAAP capabilities" certification, Ruisu Information has been listed as a representative vendor in the cloud security field in Gartner's "China ICT Technology Maturity Cycle Report" for 2021, 2022 and 2023. Representative vendor of the "2022 China Cloud Security Resource Pool Innovation Insights" report, representative vendor of the "Hype Cycle for Security in China, 2022" report cloud security resource pool; and in August 2023, jointly with the China Academy of Information and Communications Technology's Cloud Computing and Big Data Research Institute Writing and publishing the "Cloud WAAP Development Insight Report (2023)" demonstrates the strong strength of Ruisu Information in comprehensive fields such as API, WAAP, and cloud security.
In the future, Ruisu Information will continue to innovate technology, upgrade products and services, improve user API security capabilities, and help enterprises build a more comprehensive and robust security ecosystem in the digital trend.