- Considering that API traffic grew 321% the previous year and API traffic increased by 681%, organizations must be prepared to diminish API-level threats to protect their data.
- The secret to addressing these threats is for security teams to document and discover APIs thoroughly.
Recently, cyber security provider Radware released the 2022 State of Application Program Interface (API) Security report, a study that accumulates input from security leaders from global organizations covering North America, EMEA, and APAC. The report discovered that enterprises have a false sense of security regarding their API security posture.
One of the most concerning findings of the study was the existence of a gap between the level of API documentation and the level of protection that organizations believe they have.
For example, while 92% of the surveyed believed they had sufficient protection for their APIs, 62% admitted that a third or more APIs are not documented.
This shows that many organizations are in denial about their actual API security posture, choosing to ignore the lack of transparency over a large number of undocumented APIs.
The need for API security
As more organizations operate in the cloud than ever, API security is critical to prevent data breaches and keep negative threat factors at bay. However, many organizations failed to make strategic alterations needed to secure their APIs.
Even leading companies like Parler, Peloton and even LinkedIn have fallen prey to high-profile API-driven attacks committed by cybercriminals who know that APIs are commonly neglected entry points to enterprise environments.
Considering that API traffic grew 321% the previous year and API traffic increased by 681%, organizations must be prepared to diminish API-level threats to protect their data.
Getting to grips with securing APIs
The secret to addressing these threats is for security teams to document and discover APIs thoroughly, as ignoring them can offer a source to an attacker with everything they need to breach the environment.
Chief operations officer and head of research and development at Radware, Gabi Malka, in the official announcement, said, “For many companies, there is unequivocally a false sense of security that they are adequately protected from cyberattacks. In reality, they have significant gaps in the protection around unknown and undocumented APIs”.
“API security is not a ‘trend’ that is going away. APIs are a fundamental component to most of the current technologies, and security must be a priority for every organization,” Malka said.
Malka highlighted that organizations often believe their API protection posture is better, which is wrong. This is because they make a false assumption, like believing API gateways and traditional WAFs protect their environment instead of onboarding dedicated API protection solutions with bot protection capabilities.
A look at the API security market
It is certain that many providers recognize the risk posed by API-driven threats and are in the process of developing their solutions to address these new threats.
Salt Security is a crucial player in this market, with the Salt API Protection platform that discovers APIs and exposed data, creating a catalog of APIs for security teams to monitor.
Recently, Salt Security announced that it had raised USD 140 million in funding as a part of a Series D funding session.
Yet another API security competitor is Wallarm, which offers an API-security platform designed to safeguard APIs in cloud-native environments, securing them against the API OWASP Top 10, offering bot mitigation, and automated API security testing. Wallarm recently announced raised eight million dollars as part of a Series A funding round in 2018.
As the market is further developing, enterprises will be able to distinguish between tools much like traditional vulnerability scanning tools; based on how effective they are at scanning and identifying vulnerabilities in exposed APIs.