Enterprises are starting to catch on to the massive security risk that the pervasive use of application programming interfaces (APIs) can create, but many still need to get up to speed.
Poorly secured APIs have been recognized as an issue for years. Data breaches of T-Mobile and Facebook discovered in 2018, for instance, both stemmed from API flaws.
But API security has now come even more to the forefront with enterprises across all industries in the process of turning into digital businesses — a shift that necessitates lots and lots of APIs. The software serves as an intermediary between different applications, allowing apps and websites to access more data and gain greater functionality.
The implication of APIs in high-profile hacks such as the SolarWinds attack is also spurring more companies to pay attention to the issue of API security — though many still have yet to take action, says Gartner’s Peter Firstbrook.
“In most organizations, when I ask them who’s responsible for API security, there are blank stares around the table,” he said at the Gartner Security & Risk Management Summit — America’s virtual conference this week.
That needs to change, said Firstbrook, a vice president and analyst at the research firm. API security vendor Salt Security reported that its customer base saw a 348% increase in API-based attacks over the course of the first six months of 2021.
“APIs are an increasing attack point,” Firstbrook said. “The internet runs on APIs. There’s a huge need for API security.”
About Neosec
Neosec is reinventing application security with a powerful platform that unifies security and development teams to protect modern applications from threats. The foundation of the SaaS platform is built on data and analytics to manage security at scale. Neosec prevents threats from abusing the complex network of APIs that connect today's businesses. The platform helps organizations discover every API and audit risk. Neosec has pioneered the use of behavioral analytics to understand normal versus abnormal API usage and delivers powerful threat hunting capabilities. Neosec prevents threats and stops abuse hiding within APIs and brings new intelligence to application security. Neosec is based in Palo Alto, California with R&D in Tel Aviv, Israel. To learn more, visit Neosec.com.
