Impart Security is happy to share another runtime protection enhancement called Dependent Sensitive Detections.
Detecting Personally Identifiable Information (PII) is hard since it’s easy to miss sensitive information like CVV numbers and zip codes. Most API security solutions solve this by relying on simple Regex rules that look for three or five digits in a row. However, this approach is prone to generating a high rate of false positives, which can render the detection useless and create additional work for security teams to validate findings that indicate sensitive data.
With Impart’s Dependent Sensitive Detections, you can now create dependency graphs of different PII detections to improve accuracy and avoid false positives. In the example brought up earlier, one way to avoid generating thousands of false positives using Regex would be to only execute CVV or zip code-based detections if there is a higher confidence detection in place. For example, a credit card number detection, which is a built-in security function of our API security platform and often correlated with CVV and zip code, can be validated using the third-party Luhn algorithm. These detections can be designed in our graph editor.
Contact us at try.imp.art to see how Dependent Sensitive Detections can help to reduce your false positive fatigue and be sure to follow us on LinkedIn for more product updates.