Cloud security vendor Akamai has announced the release of API Security, a product built to stop application programming interface (API) attacks and detect business logic abuse inside APIs. Akamai’s stand-alone API Security solution compliments its existing App & API Protector (AAP) solution, and is a result of the firm’s acquisition of API security company Neosec. It works with any API gateway, web application and API protection (WAAP), or cloud implementation. API Security provides visibility into API activity using behavioral analytics to detect threats, and it analyzes historical data uniquely stored in a data lake, Akamai said.
API growth triggering increasing attacks, security risks
APIs are used to access and query data as well as perform activities such as enrichment and data modifications as part of processes. This means the APIs themselves must be secured as well as the data that is flowing through them. Growing use of APIs gives attackers more ways to break authentication controls, exfiltrate data, or perform disruptive acts, while the traditional approaches to web application security often don’t apply to API security.
APIs made the headlines last year when 9.8 million Optus customers had personal information stolen and ransomed due to a publicly exposed API that did not require authentication. Meanwhile, Twitter, T-Mobile, and a law enforcement app all had API vulnerabilities that exposed data.
API attackers targeting financial services and insurance APIs have become increasingly active, with a 244% increase in unique attackers between the first and second halves of last year, according to the 2023 State of API Security for Financial Services and Insurance report from Salt Security. What’s more, 92% of financial/insurance respondents said they have experienced a significant security issue in production APIs over the past year, and nearly one out of five have suffered an API security breach. Meanwhile, 71% of respondents said their existing tools are not very effective in preventing API attacks.
Akamai API security solution features managed threat hunting service
Akamai’s new API Security offering delivers API discovery, visibility, and risk auditing combined with detection and response capabilities that enable full investigation and threat hunting, the firm said in a press release. It features Shadow Hunt, a managed threat hunting service that delivers machine learning signals to human analysts for investigation, Akamai said.
The combination of Akamai’s AAP solution and new API Security offering also gives customers:
