Canonic Security Launches AppTotal API to Streamline App-Vetting for Security Teams
August 2022 by Marc Jacob
Canonic Security announced the launch of the AppTotal API. Connected to AppTotal – the industry’s first independent and continuously updated index of SaaS add-ons and integrations – the new API layer enables security teams to automate and integrate Canonic App Access & Vulnerability Intelligence within their workflows as well as existing app vetting and governance processes. The result is increased productivity where employees can connect the apps they want to IT systems, without worrying about security.
The rise in remote work has caused business continuity to increasingly become reliant on SaaS apps and low code automation. However, with the growth of marketplace ecosystems and add-ons, vendor security teams are struggling to manage the processes needed to vet hundreds of apps, extensions, and add-ons each and every week. The manual process takes vendor security teams hours, if not days, to vet every app. This causes delays in the onboarding and approvals of apps, ultimately slowing down business and its bottom line.
AppTotal Community, Canonic Security’s community offering, lets users submit one app at a time. With AppTotal API, security engineers, service providers and partners such as MDRs, MSSPs and security testing providers, get programmatic access to drive their own workflows, enabling improved efficiency and efficacy. AppTotal API can be used to enrich SaaS non-human identity information with context, threat intelligence and potential attack paths. It can also be used to build custom app-vetting orchestration such as a Slack or Teams bot or drive a case management-based workflow through integration with Jira.
Canonic continuously monitors the behavior and posture of apps in its catalog and users of AppTotal API can now support continuous monitoring use-cases and get notified on app posture-drift, suspicious behavior, and any changes in the app developers’ security assurance. This moves the industry from Verify Once (and forget) to continuous verification of third-party integrations.
The AppTotal API platform is available as a community-based offering and paid tiers which have an extended set of attributes, threat intelligence features and quota. AppTotal API is already being used by several MDR providers, security automation tools and SaaS security companies.