NYSTEC's cybersecurity professionals guide risk mitigation in a digital world
Application programing interfaces (APIs)
Application programming interfaces, or APIs, are software interfaces that allow computers and computer programs to talk to each other across networks, such as the internet. They are extremely flexible and open a world of possibilities for extracting and sharing data within and across organizations. However, with that flexibility comes risk to data security and privacy.
The use of APIs is exploding and is growing at a rate of 30% year over year, according to Gartner, because organizations now increasingly rely on cloud-based services to use data. Cloud-based applications require a way for other applications – and users – to access data, and APIs are the answer.
Unfortunately, APIs also provide a larger attack surface than ever before. In many cases, APIs on the internet are just waiting for something to connect to them. When the incoming connection is from a known source, all is well; but unknown connections can be dangerous. Bad actors continuously scour the internet looking for open APIs, attempting to glean any information they can about the target. They then use this information to attack the API.
Defending against API attacks requires multiple lines of defense. Complex passwords, MFA and the principle of least privilege (which dictates that any user, program or system should only have the minimum level of access necessary) can all help. Individually, they provide a basic level of protection but when used together, they can significantly lower the risk related to using APIs. Since the proliferation of APIs is relatively recent, the mature standards that are used in other security areas don't exist. But the NYSTEC team has developed mature security standards and guidance documentation to help organizations assess the potential risk associated with using APIs in their environments, so they can take full advantage of these flexible tools.
expand
Security testing
Sophisticated threat actors are constantly evolving their attacks, and without a structured approach for identifying system vulnerabilities, organizations remain dangerously exposed. Security testing serves as an early warning system, revealing exploitable flaws before malicious actors do. This proactive approach enables leaders to allocate resources more effectively, address weaknesses before they escalate into incidents and ultimately preserve business continuity.
Security testing employs a variety of methods, each designed to evaluate different aspects of an organization's infrastructure and risk exposure. Vulnerability assessments provide a broad inventory of known weaknesses across systems and networks, while penetration testing simulates real-world attacks to evaluate how well defenses hold up under pressure. Other methods, like red team exercises (which simulate real-world cyberattacks to expose vulnerabilities in an organization's security defenses), and static and dynamic application security testing (SAST and DAST), play complementary roles in building a resilient cybersecurity program, enabling organizations to gain a holistic view of their defensive posture.
Regulatory bodies and industry standards increasingly mandate rigorous testing as part of a sound cybersecurity program. Frameworks like NIST SP800-53, Payment Card Industry Data Security Standard (PCI-DSS) and the New York State Department of Financial Services (DFS) Cybersecurity Regulation require organizations to conduct ongoing risk assessments and technical evaluations. Beyond legal compliance, these measures reassure investors, clients and partners that an organization takes its security responsibilities seriously. In a business environment where trust is currency, demonstrating control efficacy through testing not only mitigates legal risk. It enhances reputation and competitive standing.
Security testing also serves a critical function in verifying that technical safeguards are working as intended. Firewalls, access controls, encryption protocols and endpoint protections must be stress-tested under realistic conditions to confirm they are actively defending the environment. When testing reveals a control is misconfigured or ineffective, it provides actionable intelligence to IT and executive teams alike.
There are many elements that make up a fully mature security and privacy program, and NYSTEC's team of experts has decades of experience in helping our clients mitigate the risks faced by organizations in our increasingly interconnected digital world. Ensure the security of your environment by contacting nystec@nystec.com.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Business Upturn
6 days ago
- Business Upturn
DigiCert Joins NIST Effort to Boost Software Supply Chain and DevSecOps Security
Lehi, Utah, Aug. 14, 2025 (GLOBE NEWSWIRE) — DigiCert, a leading global provider of digital trust, today announced its participation in the National Institute of Standards and Technology (NIST) National Cybersecurity Center of Excellence (NCCoE) project focused on Secure Software Development, Security, and Operations (DevSecOps) Practices. DigiCert joins 13 other technology collaborators, including Google, Microsoft, IBM, Palo Alto Networks, CyberArk, Dell Technologies, and GitLab, to help design and demonstrate integrated solutions that improve security across the software supply chain. As software supply chain attacks continue to rise, organizations need trusted, proven ways to harden their development environments. This project, sponsored by the U.S. Federal government, provides an independent evaluation of how to integrate leading technologies in a way that enhances software integrity and operational security, without favoring any particular vendor. Advertisement 'Secure software development too often relies on fragmented tools that don't integrate well or scale across the software lifecycle,' said Tim Hollebeek, Vice President of Industry Standards at DigiCert. 'This project helps demonstrate how trusted technologies can work together to create a more cohesive, risk-based approach to DevSecOps, aligning with NIST's guidance while offering practical solutions to the market.' The NCCoE's collaborative approach marks the first time these specific technologies have been brought together to form a comprehensive solution for secure software development, operations, and monitoring. The project stands out for its focus on applied, real-world implementations, going beyond theory to show how to achieve security and compliance goals using current tools and practices. The public is encouraged to review and comment on the NIST SP 1800-44 Draft, now available online. Stakeholders are also invited to participate in an upcoming virtual event hosted by NIST on August 27, where project collaborators will discuss insights, implementation guidance, and community engagement opportunities. Learn More Register for the August 27 NIST DevSecOps event About DigiCert DigiCert is a leading global provider of digital trust, enabling individuals and businesses to engage online with the confidence that their footprint in the digital world is secure. DigiCert® ONE, the platform for digital trust, provides organizations with centralized visibility and control over a broad range of public and private trust needs, securing websites, enterprise access and communication, software, identity, content and devices. DigiCert pairs its award-winning software with its industry leadership in standards, support and operations, and is the digital trust provider of choice for leading companies around the world. For more information, visit or follow us on LinkedIn. __PRESENT Disclaimer: The above press release comes to you under an arrangement with GlobeNewswire. Business Upturn takes no editorial responsibility for the same.
Yahoo
13-08-2025
- Yahoo
Industry First: ATEN DigiKVM™ Sets the Pace with FIPS 140-3 Compliance for Mission-Critical Security
Delivering high-grade security and centralized control in a next-gen digital KVM platform TAIPEI, Aug. 13, 2025 /PRNewswire/ -- ATEN International, a global leader in KVM and AV/IT connectivity and management solutions, proudly announced a groundbreaking milestone: the ATEN DigiKVM™ is now the industry's first Single-Portal, All-Digital KVM over IP Solution to integrate a FIPS 140-3 compliant encryption module. This sets a new security benchmark for centralized control in mission-critical applications. By embedding the latest FIPS 140-3 encryption module, ATEN DigiKVM™ aligns with the most advanced cryptographic standards issued by the National Institute of Standards and Technology (NIST). This integration strengthens algorithm validation, entropy sourcing, self-testing, and lifecycle management—ensuring robust cryptographic protection and enabling secure deployment across highly regulated sectors such as government, military, healthcare, utility, and finance. In environments where traditional IP-based access may fall short, ATEN DigiKVM™ delivers superior compliance, auditability, and operational control. Awarded a Red Dot Design Award for its robust and agile hardware design with an intuitive front panel and modular installation, ATEN DigiKVM™ is an all-digital KVM over IP solution purpose-built for secure, high-performance remote server management in data centers, control rooms, and broadcast facilities. It supports up to 32 independent connections to the attached servers with real-time 4K video performance and enables server connections up to 100 meters. With features such as out-of-band management (OOBM), advanced encryption, and broad OS compatibility, ATEN DigiKVM™ ensures uninterrupted access and rapid recovery, even during network disruptions, making it the ideal solution for mission-critical and distributed environments. "Security is no longer a value-add—it's the baseline. With FIPS 140-3 compliance built into DigiKVM™, we're enabling our customers to operate with confidence, backed by a future-ready infrastructure that meets the highest global standards," said Nicholas Lin, Senior Vice President of ATEN. Key Features of ATEN DigiKVM™ KVM over IP Solution: Distortion-Free: Reinforced KVM ports with enhanced high-voltage isolation and minimized electromagnetic interference Delay-Free: Real-time, concurrent remote access—anytime, anywhere 10× Faster: Ultra-fast virtual media transfer rates for rapid server updates 100× Smoother: Exceptional livestream video refresh rate with Panel Array Mode™ Live+ Agile & Effortless Installation: Industry's most compact DigiProcessor for maximum rack space efficiency High-Grade Security: Supports TLS 1.3 and integrates a FIPS 140-3 certified cryptographic module (Certificate #4985) For more information about the ATEN DigiKVM™ KVM over IP Solution, please refer to the link: 16-Port KVM over IP OmniBus Gateway (KG0016) 32-Port KVM over IP OmniBus Gateway (KG0032) USB VGA KVM DigiProcessor (KG1900T) USB DVI KVM DigiProcessor (KG6900T) USB HDMI KVM DigiProcessor (KG8900T) USB DisplayPort KVM DigiProcessor (KG9900T) USB 4K DisplayPort KVM DigiProcessor (KG9950T) USB 4K HDMI KVM DigiProcessor (KG8950T) About ATEN ATEN International Co., Ltd. (TWSE: 6277), established in 1979, is the leading provider of KVM and AV/IT connectivity and management solutions. Offering more than 1,000 integrated KVM, professional AV, USB, racks and intelligent power products, ATEN enables easy connection, management, and optimization of AV/IT equipment in corporate, government, education, healthcare, manufacturing, broadcasting, media, and transportation environments. With over 650 issued international patents, ATEN's global R&D team continuously produces innovative solutions, resulting in a comprehensive portfolio of products available worldwide. Headquartered in Taiwan, ATEN International Co., Ltd. has grown to include subsidiaries and regional offices in China, Japan, South Korea, Belgium, Australia, the U.S., the U.K., Turkey, Poland, India, Romania, South Africa, Indonesia, and Mexico – with R&D centers in Taiwan, China, and Canada. For more information about ATEN, please visit Press Contact ATEN International Co., Tsai/ Ivy LeeTEL: +886-2-8692-6789 EXT. 1835/1867FAX: +886-2-8692-6577Email: pr@ View original content to download multimedia: SOURCE ATEN International Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
Time Business News
10-08-2025
- Time Business News
Face Recognition SDK Guide for Developers & Businesses
In the last decade, facial recognition has evolved from a futuristic idea into an everyday reality. Today, apps can unlock phones, verify payments, and secure buildings with nothing more than a glance. At the heart of many of these systems lies a powerful tool: a face recognition SDK software that gives developers ready-made tools to integrate advanced face recognition into their applications. In this guide, we'll break down what it is, how it works, why it matters, and how to choose the right one for your business without drowning you in jargon. We'll also explore real-world examples, future trends, and the must-know privacy considerations. Let's start with the basics. An SDK (Software Development Kit) is like a recipe box for developers. Instead of creating facial recognition from scratch, developers use an SDK to 'plug in' proven, pre-built tools. A face recognition SDK typically handles four main steps: Image Capture: A camera records an image or video frame of the subject. Facial Landmark Detection: The software maps key points (eyes, nose, mouth, jawline). Feature Extraction: Unique measurements of the face are converted into a mathematical representation. Matching & Verification: This data is compared against stored templates to verify identity. Advanced SDKs also incorporate deep learning neural networks to improve accuracy across variations in lighting, facial expressions, and even aging. For a deeper dive into the science behind it, check out NIST's Face Recognition Overview, one of the most respected sources in the field. Not all SDKs are created equal. Some are basic; others are packed with features that make integration smoother and security tighter. Accuracy rates above 99% are no longer uncommon. But accuracy alone isn't enough the best SDKs can process a match in under 200 milliseconds. That's faster than the blink of an eye. An ideal SDK supports multiple environments so you can deploy across devices without rewriting code. This saves months of development time and ensures consistent user experiences. Without this, a photo or video could fool the system. Liveness detection analyzes: Micro facial movements Skin texture Depth and 3D mapping Eye-blink patterns These checks are critical for industries like banking, where a single security loophole can mean millions in losses. Feature On-Device Processing Cloud Processing Speed Instant (no network delay) Slight latency depending on connection Security Data stays on device Data sent over network Scalability Limited to device power High scalability Offline Capability Yes No Some businesses even use hybrid models initial checks on-device, with deeper verification in the cloud. Enhanced Security: Makes unauthorized access significantly harder. Makes unauthorized access significantly harder. Faster Authentication: Reduces login times from seconds to milliseconds. Reduces login times from seconds to milliseconds. Improved User Experience: Users love frictionless security. Users love frictionless security. Enterprise Scalability: Handles large user databases with minimal slowdown. Handles large user databases with minimal slowdown. Cost Savings: Cuts down the time and expense of building from scratch. Think of it as hiring a specialist chef instead of learning to cook every dish yourself faster, better, and with fewer burnt results. Facial recognition isn't limited to just phone unlocking. Here's how it's making waves globally: Banks use facial recognition for: Mobile banking logins Fraud prevention in transactions Automated KYC (Know Your Customer) verification 📌 Example: The Industrial and Commercial Bank of China integrated face authentication into ATMs, allowing withdrawals without a bank card. Retailers integrate facial authentication for: VIP customer recognition for personalized service Touchless checkout to reduce queue times Shoplifting prevention by flagging banned individuals Case Study: Alibaba's 'Smile to Pay' feature in Hangzhou lets customers pay at kiosks using facial recognition in under three seconds. Agencies use it for: Border control verification Identifying suspects from CCTV feeds Locating missing persons In India, police used a facial recognition system to identify 3,000 missing children in just four days. Hospitals secure patient data and control restricted areas using biometric verification. 💡 Pro Tip: For HIPAA compliance in the US, ensure your SDK uses encryption and proper access logs. Choosing poorly can lead to integration nightmares and security gaps. Here's a checklist: Accuracy & Benchmark Scores: Look for published results in tests like NIST's FRVT. Look for published results in tests like NIST's FRVT. Integration Ease: Clear documentation and multiple programming language support. Clear documentation and multiple programming language support. Compliance: GDPR, CCPA, and other data protection laws. GDPR, CCPA, and other data protection laws. Device Compatibility: Works on your target devices and OS versions. Works on your target devices and OS versions. Security Features: Encryption, liveness detection, spoof prevention. Encryption, liveness detection, spoof prevention. Developer Support: Availability of API documentation, sample projects, and quick response to queries. With great tech comes great responsibility. Face data is sensitive personal information. Best practices include: Informed Consent: Always get user permission before capturing biometric data. Always get user permission before capturing biometric data. Encryption: Store templates in encrypted form, not raw images. Store templates in encrypted form, not raw images. Data Minimization: Only keep what you need and delete old records promptly. Only keep what you need and delete old records promptly. Anonymization: Where possible, store data without direct personal identifiers. Where possible, store data without direct personal identifiers. Compliance: Align with regulations like GDPR (EU), CCPA (California), or PDPA (Singapore). According to a Pew Research Center study, 56% of Americans trust companies less if they use facial recognition without transparency a reminder that trust is a business asset you can't afford to lose. Smarter AI Models: AI can now identify faces even when partially covered, such as with masks. AI can now identify faces even when partially covered, such as with masks. Edge AI Adoption: More processing happening directly on devices for speed and privacy. More processing happening directly on devices for speed and privacy. Integration with IoT: Smart locks, cars, and even vending machines using facial authentication. Smart locks, cars, and even vending machines using facial authentication. Multi-modal Biometrics: Combining face recognition with voice or fingerprint for even higher security. Combining face recognition with voice or fingerprint for even higher security. Ethical AI Initiatives: Companies investing in bias reduction and fairness testing. Face recognition is no longer a novelty; it's a powerful, practical security solution. The right SDK can boost security, streamline user experiences, and future-proof your applications. But it's not just about technology, it's about trust, privacy, and getting it right from the start. And if you're looking for the best face recognition SDK that checks all the boxes, Recognito is worth exploring. You can explore the Recognito GitHub for face recognition SDK resources. TIME BUSINESS NEWS
