Vulnerability management

Trend 9: A paradigm shift to microservices-based architecture and API security

In an era of Agile work and faster GTM, microservices-based architecture is a game changer. Granular components' bigger attack surface makes them prime targets for hacktivists, as shown by recent attacks on industry giants like Facebook and Twitter. Insecure APIs create a ripple effect, allowing attackers to exploit vulnerabilities and gain access throughout the supply chain. While traditional solutions like Burp suite, SOAP UI, and Postman did the trick, niche solutions from vendors such as App Sentinel, NoName, Salt, and Cequence provide end-to-end protection of business-critical APIs.

Securing APIs throughout the development process is now a CXO priority. This involves finding important APIs, assessing their business risks, uncovering vulnerabilities, and regular risk monitoring.

Organizations need tools and processes to detect and fix weaknesses in APIs; continuously assess API security controls to meet compliance requirements and enforce configurations to harden systems; control and mitigate risks during change, whether routine code, application, or modernization to the cloud.

A European company adopted an agile application development approach and incorporated security testing tools in its CI/ CD pipeline. However, it lacked API security assessments. Infosys helped it set up an automated API security assessment process to precede code deployment to production. The firm conducted security assessments for all APIs in the same sprint they were developed.

Vulnerability management

Trend 10: Safeguarding supply chains against cyber threats

Supply chain security protects the interconnected network of vendors, suppliers, partners, and third-party service providers that contribute to an organization's products or services. Supply chain security is on the rise due to growing cyberattacks that exploit vulnerabilities in the supply chain to gain unauthorized access to organizations' systems and data. Many industries require organizations to follow specific regulations for supply chain security. Compliance with these regulations is crucial not just to avoid penalties but also enhance security practices.

Modern businesses rely on a complex ecosystem of suppliers, partners, and vendors to deliver goods and services. Each entity in this network potentially introduces vulnerabilities that cybercriminals can exploit to target the ultimate target organization. A third-party breach can cascade into security risks for the organizations they serve. Attackers often target weaker links in the supply chain as entry points to more valuable targets, underscoring the need to assess all entities' cybersecurity.

Supply chain security involves evaluating the security practices of vendors and partners before engaging with them. Continuous monitoring of security measures ensures ample security throughout the partnership. Organizations must validate software and hardware integrity to prevent such risks and stay informed about third-party components and their software bill of material (SBOM) for continuous scanning and vulnerability mitigation.

Zero trust, vendor assessments, continuous vulnerability scanning, threat intelligence sharing, and robust incident response plans are essential vulnerability management components to safeguard the supply chain.

A US semiconductor company aimed to standardize supply chain security procedures across its enterprise and establish a software bill of material (SBOM). Infosys helped the firm set up a security tool that identifies SBOM vulnerabilities and establishes effective vulnerability management processes.