Imperva's CloudVector Buy Highlights API Trend


By: Mary Jander

Imperva, the data protection company founded by Shlomo Kramer (co-founder of Check Point Software Technologies and Cato Networks), has announced its intent to buy CloudVector, a three-year-old startup based in San Ramon, Calif., that specializes in protecting application programming interface (API) traffic in cloud networks.

The move adds to Imperva’s arsenal of data protection solutions, which includes web application firewall (WAF), distributed denial of service (DDoS) mitigation, and database security. It also spotlights an area of intense activity in cybersecurity — namely, protection for the APIs that comprise the majority of cloud traffic. While Imperva has products in this area, it intends to strengthen its solutions with CloudVector.

Imperva's move show the seriousness with which companies are examining API security. Indeed, APIs are so prevalent in the shift to multi-cloud networking that they are acknowledged as a chief attack vector by security experts.

API Security Is on the Rise

There are many aspects to API protection. There are API gateways, which incorporate security alongside comprehensive management of APIs and microservices. This segment is illustrated by Kong, the late-stage startup that scored $100 million in Series D funding in February 2021. Kong faces rival solutions from all the major cloud providers, who also offer API gateways with integral security. Examples include Amazon’s API Gateway, Google’s Apigee X, Microsoft’s Azure API Management, and Salesforce’s MuleSoft.

There also is a growing number of smaller firms focused specifically on API security. Many of these have adapted or extended existing security technologies to encompass the API environment -- which is where CloudVector comes in.

CloudVector Guards APIs

CloudVector was founded in 2018 by a group of security experts including Lebin Cheng, a co-founder of Netskope, a Futuriom 40 company that features an automated platform modeled on cloud access security broker (CASB) technology.

Cheng has said the idea behind CloudVector was to protect the “dense fabric” of APIs proliferating on the web and in enterprise networks. He thinks these APIs are growing and shifting too fast, particularly in cloud environments where microservices are increasingly deployed. The problem, he says, is to protect these advantageous business assets from being invaded by malfactors looking for sensitive data.

CloudVector claims to move beyond traditional methods of protecting APIs via their gateways to an approach in which the system discovers the API coding, including so-called shadow APIs that are typically hidden from view; uses machine learning to monitor API traffic for abnormal activity; and shields APIs from hackers.

Troops of API Protectors

CloudVector isn’t alone. API security has become a hot target in the cloud security market, with numerous methodologies and products surfacing to protect APIs. Among some of the many notable players are the following:

Akana. A subsidiary of Perforce, which makes software to manage the development cycle, Akana offers perimeter-securing software for authentication, authorization, privacy, and non-repudiation in the use of APIs by developers. Akana was purchased by Minneapolis-based Perforce in 2019.

Cequence Security. Founded in 2015 in Sunnyvale, Calif., by ex-Symantec experts, Cequence just announced the second release of API Sentinel, which is one of the products in its lineup designed to protect APIs. Others include an Application Security Platform that is offered as software or SaaS.

Nevatech. Based in Atlanta, Ga., and founded in 2011, Nevatech claims an impressive roster of customers for its Sentinet API protection product, including Brinks, Chubb, Reserve Bank of New Zealand, and Saab. Its Sentinet incorporates an API Repository and API Gateway to discover and manage API traffic and avoid hackers.

Wallarm. Founded in 2013 and based in San Francisco, Wallarm offers a series of cloud-native solutions and services aimed at tracking all APIs in a range of premises and cloud environments and allows managers to discover incidents and prioritize response. Wallarm claims over 200 enterprise customers and over 80 integrations with DevSecOps products and platforms, including Kong.

Consolidation on the Way

With so many startups on the go and a sense of urgency mounting about API protection, it’s likely that Imperva’s purchase of CloudVector will be one of many industry mergers and buyouts.

Terms of Imperva’s purchase of CloudVector were undisclosed, but the transaction should be completed this month.