In an increasingly digital world, interconnection is often presented as a cybersecurity risk. So exactly how could APIs improve its security?
In response to ever-more complex cyberattacks, cybersecurity solutions are springing up... on workstations, networks, control centers and elsewhere. Are we sure to fully exploit the potential of all these tools, which are often supplied by different producers. Given that fact, how can you deliver optimum security levels? The answer may lie in the creation of interactions via an applications programming interface (API). How interconnection can improve security.
Getting the best out of complementary solutions
Imagine a scenario in which, following an exchange of information between a firewall and the SIEM display console, a machine affected by malicious activity is automatically quarantined without human intervention. That’s the promise of the API, which – when used for cybersecurity purposes – can create a dialogue between fault detection solutions and other tools which are able to implement appropriate countermeasures.
A closer look at the Python API - Stormshield
The Python - Stormshield API enables third-party products and programs to connect directly to Stormshield Network Security (SNS) firewalls to issue commands without resorting to traditional graphical administration interfaces. “It’s a real building block for future intelligent systems,” explains Yvan Vanhullebus, Technical Leader at Stormshield.
Another example using Stormshield Data Security (SDS): when driven by the SDS Connector API, this program can automatically encrypt files reported as sensitive by a third-party program specialising in data loss prevention (DLP).
Automating and integrating security from the deployment stage
In addition to ensuring that alerts are handled by the most appropriate security systems, APIs can also be very useful for orchestration purposes. During the deployment of a virtual machine or new application, an orchestration tool such as Ansible can use the API to automatically install not only the basic configuration for the firewall, but also a specific configuration based on pre-defined options. Security rules are set automatically as a result.
“In a system that uses APIs, the risk of configuration errors, a frequent source of vulnerabilities in digital infrastructures, is considerably reduced. These APIs automatically integrate security into the Infrastructure-as-a-Software model”, says Julien Paffumi, Product Manager, Stormshield. “That also allows teams to concentrate on the value they add to the processes, rather than constantly repeating similar admin tasks”.
The risk of configuration errors, a frequent source of vulnerabilities in digital infrastructures, is considerably reducedJulien Paffumi, Product Manager, Stormshield
What are the downsides of an API?
Despite the promises offered by APIs, the investment inherent in such a deployment must not be underestimated. “This sort of interconnection project can be complex, costly and time-consuming to implement, as it may require considerable levels of service provision and technical support”, warns Jocelyn Krystlik, Data Security Business Unit Manager, Stormshield. “Not to mention staff training time, for example for developers.” Substantial upstream preparation is thus required in order to make best use of human resources in this area. At the same time, Yvan Vanhullebus points out that for publishers, “we need to bear in mind the fact that developers and products from different cultures must be able to interface successfully with one another. No one excels at everything, so we need to think in terms of standardisation and documentation, and have a real understanding of this ecosystem.”
In addition, the cybersecurity-by-design aspect is critically important here. Since this issue has a direct bearing on how security solutions operate, there is a need to ensure the confidentiality and integrity of the data they exchange. This makes the security of the APIs themselves a major issue.
If security rules are adhered to during the design phase, APIs will then be able to improve the overall efficiency of cybersecurity solutions. By means of privileged information sharing, APIs facilitate the deployment of security solutions, improve security system performance and minimise everyday human errors. And the benefits of such open, automated solutions can be fully appreciated when emergencies arise.