The concept of “shift left” in the realm of API security sought to bring security into the development phase at an earlier stage. However, the market for API Security has traditionally overlooked the consumer of the API, failing to provide mechanisms for managing, monitoring, and controlling the data in motion, as noted by Yakubov.
In response to this oversight, Vorlon’s platform aims to address security from the consumption side. By employing tools to take inventory of an organization’s existing third-party integrations, scan the APIs used, and visualize the exposure and risks associated with these integrations, Vorlon seeks to enhance API security.
Since November 2023, Vorlon has witnessed over 50 million API calls and has assisted its early customers in tackling critical issues such as over-permissive connections, abuse of API secrets, exposed multi-use secrets, malicious IP access, and abnormal activities from third-party applications.
Avishai Avivi, an early Vorlon user and chief information security officer at SafeBreach, attested to the platform’s effectiveness. Avivi stressed the importance of Vorlon’s ability to provide telemetry and threat intelligence around API usage, particularly in relation to third-party vendors, which are often a “black box” to organizations. The platform’s ability to uncover the extent of the attack surface generated by third-party vendors connecting to data, both directly and indirectly, was a game-changer for Avivi and his team.
One of the key capabilities of Vorlon is its use of proprietary machine learning engines to process and analyze a large volume of API data in “near real time.” This enables the platform to identify anomalous activity specific to a customer’s instance of an observed third-party app through behavioral analysis.
Yakubov emphasized that Vorlon’s machine learning-driven behavioral analysis allows the platform to discern what might be normal for one organization but abnormal for another, highlighting the nuanced nature of anomaly detection in the API security landscape.