42Crunch Named a 2017 Gartner Cool Vendor in Monitoring and Management of Threats to Applications and Data

42 CRUNCH IS THE ONLY ENTERPRISE GRADE, FULLY FLEDGED END-TO-END API SECURITY PLATFORM.

APIs are the nervous system of the digital enterprise. Enterprises are marching full steam ahead, building new agile applications based on APIs to increase reach and foster innovation, and connecting with their customers, employees, partners, and developers. These applications are built on orchestrations of existing internal APIs, partners APIs, and public (SaaS) APIs.

While every company is pursuing the gold rush and deploys new applications at speed, the security requirements are often overlooked or added as an afterthought. At best, security is limited to TLS, authentication and authorization, but this is not enough to fully address the API security spectrum.

80% OF API-BASED APPLICATIONS RELEASED TODAY ARE NOT SECURE!

Companies implementing API security typically face numerous issues:

null

Security policies are API-specific and therefore not reusable.

null

API security is often handled by developers, with no visibility to or control from the security teams.

null

Enforcing API security is poorly compatible with a DevOps approach. It does not scale and slows down application delivery.

null

Customers are left on their own to try to implement hundreds of pages of RFCs and security best practices.

null

The set of operating systems and frameworks to secure and manage increases as new microservices architectures are added.

Our Design Manifesto

API Security setup is declared, not manual

Our domain knowledge and standards are available as pre-defined policies

Security teams are in control

Security is adapted to the risk involved

Security Infrastructure is delivered as code

Communication platform across all roles involved

Secured by design - Trust no-one

WHAT CAN 42CRUNCH DO FOR YOUR ENTERPRISE?

Our platform allows your enterprise to quickly deliver apps built on top of secured APIs.

null

Guardian

The first API-native application firewall uses a positive security model for agile API attacks protection. Guardian can validate XML and JSON payloads, validate access tokens, find attacks in encrypted payloads, or detect OAuth attacks. Guardian also enforces OAuth and OpenID Connect configuration and runtime best practices. You can deploy one guardian per API or protect hundreds of APIs with a single Guardian cluster. It’s your choice.
null

APIPub

APIPub acts as the central collaboration venue for all roles involved in API security: API product managers, security architects, developers, and operation teams. It acts as a single source of truth for APIs, their security policies, and the infrastructure they are deployed on. Furthermore, everything you can do in the APIHub web application you can also automate by using our REST APIs or our CLI.
null

Insights

Your business is real-time and needs accurate and timely information in all aspects of its operations. With Insights, your operations teams, security teams, and business teams can access up-to-date information on the security and stability of your infrastructure. In addition, the teams are alerted in real-time when specific business or technical conditions occur.
null

Vault

Store all of your security credentials from Docker registries secret to TLS certificates and JWKs in a fully encrypted space.

You can deploy and scale Guardian on any Docker orchestrator such as Kubernetes, Docker™ Swarm or Redhat OpenShift(®). Our platform is fully compatible with existing API management solutions or API gateways. You can also deploy Guardian directly in front of application servers.

OUR ENTERPRISE API SECURITY BLUEPRINT

null

Holistic approach to API security: Confidentiality, Integrity, Availability, Authentication, Access Control, Non-repudiation

null

Risk-based management of API security

null

Security is fully part of DevOps initiatives

null

Distributed enforcement model, compatible with microservices architectures

null

Reusable, proven and standard-compliant API security policies

null

Collaboration across all API security actors: API product manager, security architects, developers, operators

BROUGHT TO YOU BY A TEAM OF WORLDWIDE SECURITY EXPERTS

Our technical team has a long history in corporate security, integration and APIs. They have been designing, developing and deploying best of breed Web application firewalls, IAM and Web SSO solutions, XML/SOA gateways as well as API Management solutions for the last 15 years. Together, they bring a wealth of expertise to the 42Crunch platform.

BE THE FIRST TO TEST OUR PLATFORM