Most Security Professionals Focus on API Vulnerabilities and Web API Traffic and have a Blind Spot to Activity within Internal or Authenticated B2B APIs
PALO ALTO, Calif., March 28, 2023 -- Neosec, the pioneer in discovering and identifying API threats using behavioral analytics with its API Detection and Response solution, today announced insights into a report it co-sponsored with Enterprise Management Associates (EMA) entitled, API Security: Debunking the Myths. The report indicates that there is a “remarkable disconnect between perception and reality” in today’s API security practices versus the reality of security challenges. In particular, most organizations lack the ability to discover and document all APIs they currently have in use, leaving them with no way to protect them. In addition, organizations are focused on external, consumer, internet-facing APIs and leave internal, authenticated B2B APIs unaddressed. The gap has created a false sense of security in what an organization believes about their API security posture.
The study by EMA confirms that every organization (98.7% of respondents) exposes applications to the internet via APIs and 98.3% see an increase in API usage. APIs are full of sensitive data, with 80.8% of respondents saying this data was personally identifiable information.
Worryingly, every organization has documentation gaps, with 40.6% of respondents having less than half their known APIs documented. More concerning, over a quarter (25.3%) have no visibility into which applications are processing sensitive data, and 22.3% don’t know if their applications make sensitive data available to third parties. Visibility into API traffic is clearly a blindspot.
Reassuringly, 97.4% have a plan to protect the APIs, but over half (52.7%) will initiate a project to execute the plan this year, meaning that today APIs continue to be unprotected.
“The use of APIs is growing exponentially, but it seems that many think existing tools, that were never built to protect APIs, are going to be sufficient. The amount of breaches involving APIs shows this assumption is wrong”, said Giora Engel, CEO and co-founder of Neosec. “Compiling a comprehensive inventory of your APIs and having visibility into the traffic within each API is becoming essential to protecting data and business processes from abuse and theft.”
More information:
- Download Report: API Security: Debunking the Myths
- Blog: Understanding the EMA research report on ‘API Security: Debunking the Myths’
- Learn about API Security Fundamentals
About Neosec
Neosec is reinventing application security with a powerful platform that unifies security and development teams to protect modern applications from threats. The foundation of the SaaS platform is built on data and analytics to manage security at scale. Neosec prevents threats from abusing the complex network of APIs that connect today's businesses. The platform helps organizations discover every API and audit risk. Neosec has pioneered the use of behavioral analytics to understand normal versus abnormal API usage and delivers powerful threat hunting capabilities. Neosec prevents threats and stops abuse hiding within APIs and brings new intelligence to application security. Neosec is based in Palo Alto, California with R&D in Tel Aviv, Israel. To learn more, visit Neosec.com.
