Secure by Design: Forum Systems Delivers API Security Management Solutions Built on a Highly Optimized Architecture

TL; DR: Forum Systems is a worldwide provider of API security management with more than 15 years of experience delivering mission-critical solutions. The company’s flagship product, the Forum Sentry API Security Gateway, offers a no-code solution for building and connecting to mobile, cloud, and IoT APIs with an emphasis on security by design. With a future focus on leveraging artificial technology and machine learning to safeguard technology, Forum Systems is building on its reputation as a leader in API security.

Application programming interfaces (APIs) — or sets of instructions that allow apps to interact with one another — are popular because they reduce coding time, serve as a consistent baseline for many apps, and help spur innovation.

But, as with many things in life, they have a downside: More and more, we see APIs targeted as some of the most vulnerable points of modern infrastructure. In August 2017, for example, reporters revealed that hackers had exploited an unauthenticated API on the Panera Bread website to leak the personal data of 37 million customers.

The problem, according to Jason Macy, CTO of Forum Systems, is that lightweight API gateways and software-based identity enforcement points aren’t purpose-built to protect API endpoints or the technology serving integration points.

Jason said that’s like propping your house up on stilts instead of addressing its foundational problems.

“Our product technology was designed from the ground up to be secure,” he said. “We’re not offering cobbled-together integration toolkits, agents, or adapters, and that’s a huge differentiator for us, especially among security-conscious customers.”

The company’s API security management solutions include its flagship product, the Forum Sentry API Security Gateway. This solution enables enterprises to manage sophisticated API strategies in an efficient, agile, and highly secure way, whether on-premise, in the cloud, or through a hybrid approach. “Our off-the-shelf API security gateway technology creates code-free APIs, enabling secure access to complex enterprise applications,” Jason said.

In the future, Jason told us Forum Systems is looking forward to leveraging the power of advanced artificial technology and machine learning to safeguard API technology — furthering its reputation as a leader in security.

The Boston-based company was founded in May 2001 to help organizations secure their data through cutting-edge cybersecurity innovations. In the 18 years since, Jason said the company has identified significant shifts in the security management space.

For example, Forum Systems has adapted to increasing demand for API architecture of a dynamic nature, rather than the traditional monolithic model. “Our challenge is staying in front of everything with a diverse set of capabilities within our technologies to support a wide variety of environments and formats,” he said.

Jason said it’s often tricky to integrate legacy systems within these new, API-based communication models — and therefore, many companies focus on integration and enablement, rather than security. With Forum Sentry, however, security comes first in the form of deep content inspection beyond the packet layer. “Our focus is on securing data that’s traversing across various borders, boundaries, and insecure regions,” Jason said.

Forum Sentry, which performs at the intersection of identity, security, and integration and can be deployed virtually, as hardware, or as software, was recently recognized by KuppingerCole Analysts as the only API management provider with a primary focus on security.

The group also named Forum Sentry as an overall leader in both product and leadership categories. Enterprises worldwide now use the technology to process more than 10 billion transactions per day in some of the most complex real-time environments around.

In addition, Forum Sentry was recognized as a Gold winner in the API Management and Security category during Info Security PG’s 2018 Global Excellence Awards.

Forum Systems enables both the private and public sectors to achieve IT modernization with an improved cybersecurity posture. Over the last 15 years, it has maintained a 100% deployment success rate when working to provide U.S. federal agencies, foreign governments, and global enterprises with secure integrations across channels, applications, and infrastructures.

The company also adheres to a rigorous set of certification standards that includes the National Institute of Standards and Technology (NIST) Federal Information Processing Standard (FIPS) 140-2 Level II certification — a U.S. requirement for cryptographic modules and processing.

Forum Systems has also received the National Information Assurance Partnership (NIAP) Network Device Protection Profile (NDPP) certification, which affirms its commitment to protecting on-premise, cloud, and mobile infrastructure traffic through its industry-leading API security gateway technology.

Finally, the company has received the Department of Defense (DoD) Joint Interoperability Test Command Public Key Infrastructure (PKI) certification as a reflection of its robust security services in terms of access control, authentication, confidentiality, and non-repudiation.

“We started as a security company, have maintained our core focus on product technology that is itself secure, and have gone through the process of obtaining various government certifications to back it up,” Jason said.

In addition to compliance and certifications, Forum Sentry delivers several benefits to both public and private sector organizations, including lower cost of ownership, the ability to operate with agility, and reduced risk of reputational damage.

“The hidden aspects and tangibles of risk mitigation offer a pretty dramatic improvement that’s hard to quantify sometimes, but it’s a big advantage,” Jason said. “Of course, there’s also the ability to modernize and streamline your architecture so you can be more agile with a smaller footprint.”

Forum Systems works continually to introduce enhancements to Forum Sentry. The 2018 release, for example, introduced a REST API for autonomous provisioning in virtual, cloud, and containerized environments, as well as the ability to securely leverage the Amazon Elastic Compute Cloud (EC2) for key business initiatives.

The update brought forth seamless integration with any big data analytics engine or monitoring infrastructure and compliance with the FAA’s System Wide Information Management (SWIM) program, an information-sharing platform for secure identity using various token formats. It also included Forum Sentry’s certification for compliance with the cryptographic requirements of the 2017 Cybersecurity Executive Order, as well as the UK’s National Cyber Security Centre.

Jason told us that approximately 70% of Forum Systems’ product developments are customer-inspired. “We stay closely engaged with both market trends as well our customer environments, and we use that feedback loop to drive our innovation,” he said. “The goal is to support our customers in ensuring that they can leverage our technology to achieve their goals.”

To that end, Jason said Forum Systems is working on an artificial intelligence and machine learning initiative that will build off the company’s vast experience in the API space.

“We’re uniquely qualified in that we have a highly contextualized representation of what an API communication pattern looks like after being in the critical path of API communications for over a decade,” he said.

That foundation affords Forum Systems a significant lead in the space, providing the fuel needed to feed artificial intelligence engines. Otherwise, as Jason says, it’s “garbage in, garbage out.”

“We understand API communication better than anyone, and that really gives us a leg up,” he said. “Open machine learning is rapidly evolving and will become a huge part of our technology stacks in the very near future.”