.png)
.svg)
This month's Levo team brings to you significant advancements to ensure robust security across your entire API ecosystem.
We’ve introduced test runners to ensure the safety of your internal APIs, RBAC for enhanced compliance and insider threat mitigation, direct configuration of eBPF sensors and satellites via our UI, and an integration with AWS API Gateway.
TL;DR
Levo.ai just shipped four powerful API security upgrades that protect your entire API ecosystem inside and out. Most teams overlook internal APIs, but 13% of all attacks target them directly. Levo now fixes that with one-click internal API testing, RBAC for compliance, UI-configurable eBPF sensors to cut cloud waste, and an AWS API Gateway integration for real-time threat visibility.
Testing Internal APIs:
Securing your internal APIs is now just a click away!
Most security vendors have always disproportionately focused on external APIs at the cost of internal APIs. Not only does this widen the attack surface but it also propagates the myth that attackers do not target internal APIs.
This couldn’t be further from the truth as attacks on internal APIs are rampant and growing, with 13% of attack attempts being made on internal APIs.
We at Levo.ai understand this and since the beginning have prioritized visibility and testing across the entire API ecosystem, not just external APIs. Our eBPF sensor discovers and documents all APIs including internal APIs and our CLI has been used to test them.
But now with the introduction of our test runners, your DevSecOp teams can run tests on internal APIs right from the dashboard instead of installing the CLI every time. Ensuring that you test your internal APIs with the same rigor and regularity as external ones.
Have a look ⬇️
Role-Based Access Control:
Take your regulatory compliance to the next level with Levo’s RBAC implementation
Being a security vendor to several fintech enterprises, we understand how important compliance with industry standards like PCI DSS is for our customers to build customer trust.
Our RBAC will not only support such compliance efforts but also help enterprises battle insider threats (which surprisingly account for 60% of the data breaches).
Restricting our functionalities to only what professionals need to do their jobs, enterprises no longer need to monitor who is doing what within our platform. This will also simplify the platform for users.
Have a look⬇️
Configure eBPF Sensors and Satellite Directly Through Our UI
The current economic downturn is tough on everyone, and high cloud costs worsen it. As most platforms consume a lot of cloud resources, this deters many enterprises from important initiatives like API Security.
According to a recent report, enterprises can spend up to 30% of their cloud budget on inefficient resource usage. This significant waste can quickly add up, impacting the overall budget and resource allocation.
Inefficiencies in agent and platform design make it worse.
Yet neither of these factors should be a concern with Levo.
While our eBPF agent and satellite have always been designed to capture and process only minimal and necessary traffic, our new feature enhances this.
Engineering and security leaders can now configure both directly from the UI, saving time and cloud resources that would otherwise be spent relying on engineers. They also have the flexibility of capturing, monitoring, and testing APIs separately for every environment.
Have a look⬇️
Integration with AWS API Gateway:
How do enterprises detect attacks on their APIs?
In an ideal world, it would be through rigorous monitoring and logging but another method takes precedence over it.
Over 52% of the surveyed enterprises identify attack attempts from API Gateways. While this is a great addon that Gateways provide, by the time these alerts are generated it's often too late.
Some if not most damage is done, so we at Levo.ai have paired with Amazon Web Services (AWS) API Gateway to provide comprehensive API observability.
Go through this blog to learn more about this integration and how it facilitates robust API visibility.
Conclusion
Ultimately, API security without internal API protection is just half a shield. Levo.ai's latest updates close the gaps attackers already know about — combining automated testing, access control, and full API observability in one lean platform. The teams that act on this today won't be the ones explaining a breach tomorrow.
FAQs
What is Levo.ai's new internal API testing feature?
Levo's test runner lets DevSecOps teams test internal APIs directly from the dashboard with no CLI needed. Since 13% of attacks target internal APIs, testing them regularly now takes just one click.
How does RBAC help with API security compliance?
RBAC restricts platform access to only what each user needs, supporting standards like PCI DSS while eliminating insider threats responsible for 60% of breaches.
Why should enterprises protect internal APIs, not just external ones?
Internal APIs face 13% of all attack attempts yet most tools ignore them entirely. Levo's eBPF sensor auto-discovers every internal API so nothing stays hidden from your security team.
How is eBPF-based monitoring better than API gateway monitoring?
eBPF captures traffic at the kernel level and finds every API including shadow and undocumented ones. Gateway monitoring only sees configured traffic and misses what attackers exploit most.
What's the risk of relying on API gateways alone for attack detection?
Gateway alerts are reactive and 52% of enterprises only detect attacks through gateways, meaning damage is already done when the alert fires. Levo adds proactive observability so threats surface earlier.
How does Levo.ai help reduce cloud costs for API security?
Levo's eBPF sensors capture only necessary traffic and avoid resource bloat that wastes up to 30% of cloud budgets. Leaders configure sensors via UI saving time and cutting costs without sacrificing coverage.
.png)
.png)
