PARTNERBecome a Partner
Book a call

Equixly's Licensing

Carlo De Micheli, Zoran Gorgiev
Equixly's Licensing

This article focuses on Equixly’s licensing. You’ll learn everything you need to get a clear picture of Equixly’s licensing plans.

Even though we assume you already know a thing or two about Equixly, there’s a section on the platform’s crucial capabilities as well. You might need a knowledge refresher, or, who knows, you might even discover something new there.

In addition, we’ll discuss the different natures of licensing and pricing. “Discuss” is a bit of a heavy term for what you’ll see here. It won’t be exactly a treatise on the conceptual and practical differences between licensing and pricing. Nonetheless, we hope it makes clear that the two are not equivalent.

Speaking of pricing, we’ll touch only on the most fundamental aspects of Equixly’s pricing.

First Things First: Licensing vs. Pricing

Pricing specifies how much a customer pays for a product or service. Licensing, on the other hand, specifies what a customer can access and to what degree (amount or number). More precisely, licensing defines the following:

  • The version of the product or service a customer has permission to use (e.g., 1.0, but not the new upgraded 2.0 version)
  • How long they can use it (a month, a year, a lifetime)
  • The number of users that have permission to access it (one user, five users, ten users, and so on)
  • The location from where they can access it (the country or geographical region, or whether it’s on-premises or cloud deployment)
  • The usage limits and restrictions (say, 50 API endpoints, 100 API endpoints, etc.)
  • The features they have the right to access (for instance, CI/CD integration with a premium but not with a standard plan)

These access rights, permissions, and restrictions do not have to be related to prices, and the relationship between a licensing and pricing plan doesn’t have to be a one-to-one relationship. For instance, a single pricing plan can combine multiple licensing types. Also, users can be licensed to access, share, and distribute a piece of software without financial compensation (think Linux and WordPress).

A Few Words on Equixly

Once you onboard your APIs, any security professional or developer, regardless of rank and experience, can learn their way around Equixly. Its dashboard is neat, logical, and easy to navigate, so mastering it is a brief and painless experience, not a demanding initiation into the mysteries reserved only for the chosen few.

/assets/blog/equixly-licensing/equixly-dashboard.png

Equixly is the fruit of security professionals, ethical hackers, and developers with hands-on experience in cybersecurity. It was conceived to bridge the gap between what’s available and what’s needed in API security.

To illustrate this point, let’s look at a few significant challenges API security faces today:

  • A dire shortage of security professionals, including pentesters
  • Mountains of security-relevant data virtually impossible to process and make sense of
  • Prolonged detection and remediation of critical vulnerabilities

Regarding the first point, Equixly’s fundamental capability is automated pentesting at your convenience. At the platform’s core sits its proprietary machine-learning engine that lets you execute scores of API attacks following tested and proven (ethical) hacking techniques.

By exhibiting qualities and implementing methods of traditional pentesters combined with the efficiency of artificial intelligence, an automated API pentesting platform such as Equixly acts as an AI-powered hacker. That helps ameliorate the shortage of API pentesters and red team professionals in a predominantly understaffed sector.

Besides, Equixly can complement the work of red teamers and manual pentesters. They can delegate parts of their job—for instance, long, arduous, and repetitive tasks—to it to boost their efficiency.

Regarding the second point, Equixly relies on artificial intelligence, more precisely, machine learning. And there’s hardly a better way to handle the oceans of data flooding the security professionals each new day and derive meaningful insights than to employ machine learning and artificial intelligence systems.

Admittedly, machines are much better and more efficient than us in data processing and calculations, so there’s no good reason not to rely on them more in API security.

As for the third point, Equixly:

  • Supports security testing in development to allow you to avoid significant damage in production
  • Detects the most severe and common API vulnerabilities, understands and catches logic flaws, and spots traces of zero-days in the making
  • Helps you map your attack surface
  • Carries out both on-demand and scheduled tests in development and production, reports the found issues specific to your APIs, and suggests remediation measures for prompt intervention

/assets/blog/equixly-licensing/equixly-issues-api-vulnerabilities-remediation.png

Equixly’s Licensing in General Terms

Different companies choose different licensing types for their products and services.

Some base their licensing and pricing on a per-version basis. You can use only one software version. When there’s a new release, you cannot access it without a new payment for a new license.

Others opt for a user-based licensing model and pricing plans that revolve around the number of users. Since your costs can be high in this scenario, they lower the price per user proportionately to the number of users: more users mean less costly individual licenses.

As a SaaS solution, Equixly fully embraces the implications of a SaaS model. When you subscribe, the subscription fees cover everything, including updates and new releases, meaning the company doesn’t charge new fees on top of your subscription for upgraded software versions.

You have extra costs only when you want to test more API endpoints than your plan allows. But in that case, you make just a one-time purchase.

Also, Equixly doesn’t base its licensing and pricing on users, meaning your costs stay the same regardless of the number of users. It’s your organization that gets access to the platform, not individual members.

The factors that affect your Equixly licensing and costs are the following:

  • The features you access
  • The number of API endpoints you test
  • The number of security scans you take

Equixly’s Licensing Types

Equixly offers two licensing types:

  • Continuous Testing
  • MSSP (managed security service providers)

The Continuous Testing licensing is divided into two subtypes:

  • Standard
  • Enterprise

The Continuous Testing Licensing

The Standard Tier

The Standard tier includes the following:

  • One security scan per month for up to five different applications/APIs
  • API inventory and data classification
  • One package of API endpoints equivalent to 100 endpoints
  • Email customer support
  • Annual subscription paid in advance

The second point means Equixly searches for undocumented APIs and sensitive data flowing through your endpoints, like in the following example:

/assets/blog/equixly-licensing/equixly-api-inventory-sensitive-data-classification.png

The third point shows how Equixly defines a block of endpoints to calculate your costs. If the number of endpoints you want to test exceeds 100, regardless of whether it’s 109 or 199, you have more than one package, which means the price increases. Equixly allows you to purchase an additional package, called an add-on, for a flat rate.

The rest of the points are, it seems to us, straightforward.

The Enterprise Tier

The Enterprise tier includes the following benefits:

  • Unlimited security scans
  • API inventory and data classification
  • 100 API endpoints
  • Phone and email support
  • Access to Equixly’s API
  • CI/CD integration
  • The possibility to pay the annual subscription fees in installments

As you might have noticed, the Enterprise tier includes more benefits and perks than the Standard tier. CI/CD (continuous integration and continuous delivery/deployment) integration is one of those benefits.

Continuous security testing can refer to regular API testing stemming from the awareness that security is never done. However, shifting left—frequent security testing in the CI/CD pipeline, that is, SDLC (software development life cycle)—along with regular testing in production, is undoubtedly the embodiment of the concept of continuous testing. And that’s what Equixly offers in the Enterprise tier.

Another unique benefit of this tier is the access to Equixly’s API. This feature allows you to trigger API scans or retrieve the results of the scans via APIs. For instance, if you use a system like SIEM that aggregates vulnerability data, you can send your API tests’ data to that system.

Another use for this feature is to set up a trigger for initiating an automated security test whenever your developers deploy new code.

The MSSP Licensing

The MSSP licensing type includes:

  • Security scans based on tokens
  • API inventory and data classification
  • Ten tokens equivalent to 1,000 API endpoints
  • Yearly subscription paid up front

To state the obvious, one token corresponds to 100 endpoints. So, a security scan of an API with 100+ endpoints requires more than one token.

This concept of a token is not arbitrary. It’s based on industry and market analysis. The same can be said about its corresponding pricing, which aims to guarantee fair competition and keep the market balance intact, i.e., avoid a market upset with an overly low price.

It’s worth noting that Equixly allows customers to generate scan reports, and MSSPs can white label these reports. As a reminder, white labeling means rebranding aspects of someone else’s software with the original owner’s permission. In this case, MSSPs can use their own branding on the scan reports.

Conclusion

Licensing and pricing are connected but different. This article discussed Equixly’s licensing and only touched on its pricing.

Equixly offers two licensing types matching the type of clients: Continuous Testing for regular organizations and MSSP for managed security service providers. Further, the two subtypes of Continuous Testing match the size of the customer organizations: Enterprise for large organizations and Standard for smaller (in relation to enterprise-level) ones.

Contact us to learn more about Equixly’s licensing and pricing, the benefits of automated API security testing, and Equixly’s mission. We’ll be delighted to help.

Carlo De Micheli

Carlo De Micheli

Director of Product Marketing

Carlo is a versatile professional with extensive international experience. His enthusiasm for innovation extends across cybersecurity, automotive, and aerospace, where he actively engages in pioneering projects. Holding a technical background in aerospace engineering and supplementing it with independent studies in programming and security, Carlo has organized and presented at international conferences and established tech startups related to the sharing economy and fashion before embracing marketing and sales.

Zoran Gorgiev

Zoran Gorgiev

Technical Content Specialist

Zoran is a technical content specialist with SEO mastery and practical cybersecurity and web technologies knowledge. He has rich international experience in content and product marketing, helping both small companies and large corporations implement effective content strategies and attain their marketing objectives. He applies his philosophical background to his writing to create intellectually stimulating content. Zoran is an avid learner who believes in continuous learning and never-ending skill polishing.
Security

Others from our blog