Partner POV | Protect Every API Anywhere With API Security
In this article
This was written by Abigail Owed at Akamai.
As customers seek to secure their entire API estate in light of the 2.5x growth in web app and API attacks in the past year in the financial sector alone, we now offer Akamai API Security to extend more API protections to customers. API Security discovers, audits, and monitors all APIs and their activity using behavioral analytics to detect and respond to threats and abuse.
APIs connect applications and transfer data, powering the connections within an organization, between partners, and among businesses and customers. More APIs result in API sprawl, which creates a larger attack surface and increases the risk of data theft and business disruption.
The 2023 OWASP Top 10 API Security Risks categorizes the major vulnerabilities that are found and exploited in APIs. As attackers continue to use this vector for malicious activity, businesses have suffered from:
- Revenue loss
- Reputation damage
- Customer and employee personally identifiable information (PII) exposure
- Violation of compliance requirements
The good news is that protecting against these risks and closing security gaps is not complicated. With API Security, organizations can discover their APIs, record API activity, monitor that activity with behavioral analytics, and configure automated responses.
API Security discovers APIs, uses behavioral analytics to detect abnormal activity, and automatically responds to threats and abuse, which solves three major issues for businesses:
- Shadow APIs
- Vulnerable APIs
- API abuse
API Security moves beyond traditional API discovery to locate API endpoints that are authenticated but still exploitable as part of API sprawl, solving the first two problems:
Shadow APIs. You don't know how many APIs you have, and you don't have an inventory.
Vulnerable APIs. You don't know which APIs are vulnerable and need to be fixed, or which contain PII and are riskier if compromised.
Once API Security identifies all discovered APIs within an organization, it can start protecting them from the third problem, API abuse, by recording all activity from those APIs.
Impressively, this recording is so granular that every API call is documented and displayed in a convenient timeline for users. Once a baseline for normal and expected API activity is established, any abnormal API activity will trigger a high-fidelity alert.
Based on the type of alert, API Security enables a series of responses that security teams can take to investigate the issue, saving the time and headache of threat tracking.
If you're familiar with the API security market, you'll be interested in the unique aspects of this solution.
Better identify future threats. Historical API activity is stored in a data lake to develop a dataset that better identifies future threats. Instead of operating on single requests or short sequences of requests, API Security examines this historical API dataset, increasing the accuracy of the solution. Over time, the efficacy of detection models continually improves as more data is analyzed.
Get differentiated threat hunting. Investigations and threat hunting are differentiated capabilities available to all customers and are only possible because API Security is a data-rich solution that stores historical data.
Augment with human threat hunting expertise. For security teams without threat hunting or API experts, API Security's ShadowHunt managed services provide human threat hunting expertise to augment the analyses of potential threats to the organization. Analysts familiar with customer API estates hunt for threats lurking in your API dataset and provide explanations, alerts, reports, and threat updates.
Use one convenient interface. Get your delivery, web application and API protection (WAAP), and detection and response solutions all in one place with one interface. Closing gaps between technologies in your organization can help mitigate stress, time spent, and budget, and Akamai brings the best of WAAP and API security to your organization at the same time.
API Security complements our flagship WAAP offering, Akamai App & API Protector, which protects websites, applications, and APIs by blocking incoming malicious traffic in real time. Together, API Security and App & API Protector deliver the most comprehensive global protection, combining enterprise-wide visibility, behavioral analysis of API activity, and the prevention of attacks and abuse.