Tidal Cloud.

FireTail Secures & Monitors Tidal Cloud’s APIs

Born in the cloud, Tidal Cloud is on a mission to help enterprises embrace cloud technologies with a suite of migration and management products to help its customers make the transition securely and effecvtively.

To do so, they take an application-centric approach to migration, as opposed to an infrastructure-led approach, and make heavy use of APIs to understand their customers’ applications and help decouple complex systems to ready the environment for migration. APIs are a large aspect of how Tidal designs its product and how its services talk to one another.

‍

The Challenge

Tidal understands the need for security as it has access to its customers’ sensitive data (and potentially its customers’ customers’ data). Because of this, Tidal plans for security from the beginning of the design process, taking a ‘shift-left’ approach. Building secure APIs from the start is an important step in designing new services and Tidal needs to know that all new APIs built adhere to strict security standards.While a ‘shift-left’ approach is going to solve a lot of security issues before code is ever committed, there is a strong need to verify that APIs are behaving as they should and that security put in place deuring development is actually working in production. Tidal recognizes the need to monitor API traffic and usage in production in order to know when anomalies occur.

‍

The Solution

FireTail had the privilege of helping Tidal Cloud improve their API Security Posture Management by providing end-to-end API security. FIreTail’s agentless integration allowed Tidal to:

• Identify and understand its APIs by combining cloud native integrations and repository scanning
• Swiftly respond to any API threats by quickly identifying and evaluating API vulnerabilities so that they can be remediated before any threat actors can take advantage.
• Identify and protect sensitive data by pinpointing which APIs interact with sensitive data, and
• Detect and respond to malicious API calls often missed by WAFs and API Gateways.

‍

“You can plan for success but you  always have to be vigilant of what’s actually happening. You won’t know what’s happening unless you’re looking. We use FireTail for that. We’re using FireTail to monitor our APIs and we have alerting set up if there’s requests that look abnormal to us.”
Philip Rees | CTO | Tidal Cloud

‍

The Results

FireTail has given Tidal Cloud the single pane of glass needed to help ensure that their APIs are built securely in development and that they behave as designed in production.

“We’ve hooked it into our GitHub organization.” says Philip Rees, CTO at Tidal Cloud, “This gives us a really clear way to see if we have a new repo over here and it has an API in it and it’s already being tracked and managed in FireTail. And FireTail is looking at it to see if anything is potentially wrong, even if we’re in development and we haven’t gone live.”

‍

The FireTail platform can automatically identify all new APIs and begin assessing them immediately without any need for manual identification or input. This ability to see APIs as soon as they’re built helps ensure that no API is published without a security review.

In production, FireTail monitors Tidal’s API traffic, checking the requests that come in and providing alerts if any abnormal  or malicious requests come through. Additionally, FireTail provides an inventory of all of Tidal’s public APIs, so that it can easily be verified that any API in production is published and behaving in the way it was designed.

“We don’t have people opening up public APIs without permission,” continues Philip, “but at the same time it’s very comforting and satisfying to log into FireTail and see all the APIs and they haven’t changed and there are no more and these are the ones that we have published.”

‍

For Tidal, a company built in the cloud with an API-centric architecture, FireTail provides the visibility, monitoring, and security capabilities that will help protect Tidal’s APIs from code to cloud.

‍