Entertainment
Google launches Advanced API Security to protect APIs from growing threats
Google today announced a preview of Advanced API Security, a new product headed to Google Cloud that’s designed to detect security threats as they relate to APIs. Built on Apigee, Google’s platform for API management, the company says that customers can request access starting today.
Short for “application programming interface,” APIs are documented connections between computers or between computer programs. API usage is on the rise, with one survey finding that more than 61.6% of developers relied on APIs more in 2021 than in 2020. But they’re also increasingly becoming the target of attacks. According to a 2018 report commissioned by cybersecurity vendor Imperva, two-thirds of organizations are exposing unsecured APIs to the public and partners.
Advanced API Security specializes in two tasks: identifying API misconfigurations and detecting bots. The service regularly assesses managed APIs and provides recommended actions when it detects configuration issues, and it uses preconfigured rules to provide a way to identify malicious bots within API traffic. Each rule represents a different type of unusual traffic from a single IP address; if an API traffic pattern meets any of the rules, Advanced API Security reports it as a bot.
“Misconfigured APIs are one of the leading reasons for API security incidents. While identifying and resolving API misconfigurations is a top priority for many organizations, the configuration management process is time consuming and requires considerable resources,” Vikas Ananda, head of product at Google Cloud, said in a blog post shared with TechCrunch ahead of the announcement. “Advanced API Security makes it easier for API teams to identify API proxies that do not conform to security standards. . . . Additionally, Advanced API Security speeds up the process of identifying data breaches by identifying bots that successfully resulted in the HTTP 200 OK success status response code.”
With the launch of Advanced API Security, Google is evidently seeking to bolster its security offerings under Apigee, which it acquired in 2016 for over half a billion dollars. But the company is also responding to increased competition in the API security segment. Startups delivering API-focused cybersecurity products include Salt Security, Noname Security and Neosec. Many established vendors have expanded their offerings in recent years, too, including Barracuda, Akamai, 42Crunch, Traceable, Ping Identity and Signal Sciences.
In March, Cloudflare launched a new gateway aimed at boosting API security. And in May, Imperva acquired API security company CloudVector.
While the jury’s out on just how well these products perform comparatively, the threat of API-borne attacks is very real. Companies like Peloton, Parler and even LinkedIn have fallen victim to API-driven attacks within the last few months. They’re not the only ones. According to a recent study by Cloudentity, 44% of companies have experienced “substantial” API authorization issues pertaining to privacy, data leakage and object property exposure with internal and external-facing APIs.
-
Entertainment7 days ago
Black Friday 2024: The greatest early deals in Australia – live now
-
Entertainment6 days ago
How to watch ‘Smile 2’ at home: When is it streaming?
-
Entertainment5 days ago
‘Wicked’ review: Ariana Grande and Cynthia Erivo aspire to movie musical magic
-
Entertainment4 days ago
A24 is selling chocolate now. But what would their films actually taste like?
-
Entertainment5 days ago
New teen video-viewing guidelines: What you should know
-
Entertainment4 days ago
2024 Black Friday ads: Greatest deals from Target, Greatest Buy, Walmart, Kohls, and more
-
Entertainment4 days ago
Greatest Amazon Black Friday deals: Early savings on Fire TVs, robot vacuums, and MacBooks
-
Entertainment3 days ago
‘Spellbound’ review: Netflix’s animated adventure finds its magic right at the end