Google today released a sneak peek of Advanced API Security, a new product coming into Google Cloud that’s designed to find security risks as they pertain to APIs. Based on Apigee Google’s platform for API management, Google says that users have the ability to access it from today.
The acronym stands for “application programming interface,” APIs are the official means of connecting PCs or computer software. API use is growing as evidenced by a study showing that over 61.6 percent of developers depended on APIs more than they did in 2020. However, they’re also becoming targets of hacks. According to a report that was commissioned by the cybersecurity company Imperva nearly two-thirds (65%) of businesses expose their APIs insecurely to the public and their partners.
Advanced API Security specializes in two areas that include finding API errors and identifying bots. The service continuously evaluates managed APIs and offers recommended actions when it spots configuration problems, and employs pre-configured rules in order to to detect malicious bots in API traffic. Each rule represents a specific kind of traffic that is unusual from one IP address If the API traffic pattern is in line with any of the criteria, Advanced API Security reports it as bots. Also Read
“Misconfigured APIs are among the most common causes of API security breaches. While identifying and fixing API configuration issues is a top priority for many companies but the process of managing the configuration takes a long time and demands substantial budgets,” Vikas Ananda, the head of product for Google Cloud, said in an article on the blog that was shared with TechCrunch in advance of the announcement. “Advanced API Security makes it easier for API teams to detect API proxy servers that do not comply with security standards. . . . In addition, Advanced API Security speeds identification of information breach vulnerabilities by finding bots that produced an “HTTP 200 OK successful response message.”
With the introduction of Advanced API Security, Google is clearly looking to expand its security products under Apigee the company it purchased during 2016 more than half one billion dollars. However, the company is reacting to the increased competitors with its offerings in the API security market. Companies that offer API-focused cybersecurity comprise Salt Security, Noname Security and Neosec. Numerous established companies have increased their offerings over the past few years as well, such as Barracuda, Akamai, 42Crunch, Traceable, Ping Identity and Signal Sciences.
Although the jury is still out on the way these apps compare, the risk of attacks triggered by APIs is real. Companies such as Peloton, Parler and LinkedIn have been victims of attacks that were triggered by APIs within the past few months. But they’re not the only ones. According to an earlier report by Cloudentity 44% of businesses have encountered “substantial” API authorization problems related to security, privacy, leakage of data, and property disclosure of objects with APIs that communicate with external APIs and internal APIs.