Skip to main content

API Co-Signer Recommended Defense and Monitoring systems

  • Updated

IMPORTANT NOTE:

This article will be deprecated by February 28th, 2025. For all API Co-signer documentation, visit this overview article, which also links to updated Co-signer content in the Developer Portal.

Overview

The API Co-Signer automates approving transactions, signing transactions, and approving workspace changes. This makes the API Co-Signer a sensitive machine since it holds important information, such as:

  • The set of keys required for approving requests
  • An MPC key share for signing transactions

Although a quorum can be configured to approve requests, and a single MPC key share cannot be used to compromise the system, we recommend adding multiple defense and monitoring systems on Fireblocks API Co-Signer instances. By implementing the recommended defense and monitoring systems, organizations can significantly improve the security of the Fireblocks API Co-Signer and reduce the risk of security incidents.

Recommended Defense and Monitoring systems

  • Cloud Workload Protection: A solution that actively monitors the instance running on the Fireblocks AWS API Co-Signer and provides real-time protection against known and unknown threats.
  • Event Detection and Response (EDR) or Extended Detection and Response (XDR): A solution that actively monitors the instance running on the Fireblocks AWS API Co-Signer and detects and responds to potential security threats in real time.
  • Security Information and Event Management (SIEM): A solution to collect all login attempts to the instance running on the Fireblocks AWS API Co-Signer and provide real-time alerting and reporting on potential security incidents.
  • Privileged Access Management (PAM): A solution that actively controls and monitors access to privileged accounts, such as root access to the instance running on the Fireblocks AWS API Co-Signer. A PAM solution can also provide real-time monitoring and alerting on privileged account activity, and enforce security policies, such as password management and least privilege access.
  • Multi-Factor Authentication (MFA): An MFA solution can enforce secure authentication and access control to the instance running on the Fireblocks AWS API Co-Signer. An MFA solution can also help prevent unauthorized access and reduce the risk of account compromise.
Was this article helpful?
0 out of 1 found this helpful

Related Articles