"We didn't want to just create another dashboarding solution where folks stare at and admire their problems," said the CEO of StackHawk, Joni Klippert. Instead, the company has launched a new birds-eye view that helps security teams understand what APIs are being added, are they being properly tested, what are the key findings, and are fixes being implemented quickly enough. "You'd be surprised how many security teams are monitoring the overall health of their organization's security program via spreadsheets and legacy tools," Klippert went on to say.
To truly appreciate the value of Oversight requires understanding how StackHawk thinks about end-to-end API security that is proactive. The first logical step is having an efficient way to discover all of the various APIs across an organization. That's why, earlier this year, StackHawk launched API Discovery, which leverages source code to obtain the full scope of an organization's APIs and applications. According to the company, discovering APIs from an organization's source code repository (GitHub, Azure DevOps, Bitbucket) is the quickest way to uncover hidden and unknown APIs.
From there, security teams need an automated way to security test their APIs. The hard truth is that security folks are outnumbered 100 to 1 by their developer counterparts—a gap only widening with the rise of AI—and the solutions that AppSec teams have today are based on legacy technology that has yet to embrace a more proactive approach. StackHawk enables this proactive mindset with automated API security and a platform that helps create a shared context across security teams and application owners (i.e., AppSec).
With today's launch of Oversight, StackHawk is offering security teams an end-to-end solution for shift-left API security. It will be interesting to see how the company continues to evolve and respond to the rapidly changing landscape driven by AI. Many applications will be created without any human intervention, and the APIs built to communicate with them will need to be secured.
Oversight goes beyond what a traditional monitoring dashboard provides by offering assistance when it comes to prioritization and surfacing actionable insights. The ability to aggregate key security data across all applications to see the bigger picture equips security teams to proactively respond and share insights into the health of their security program.
