Google launches Advanced API Security to protect APIs from growing threats

2 min

110 shares, 170 points

Google today announced a preview of Advanced API Security, a new product headed to Google Cloud that’s designed to detect security threats as they relate to APIs. Built on Apigee, Google’s platform for API management, the company says that customers can request access starting today.

Short for “application programming interface,” APIs are documented connections between computers or between computer programs. API usage is on the rise, with one survey finding that more than 61.6% of developers relied on APIs more in 2021 than in 2020. But they’re also increasingly becoming the target of attacks. According to a 2018 report commissioned by cybersecurity vendor Imperva, two-thirds of organizations are exposing unsecured APIs to the public and partners.

Advanced API Security specializes in two tasks: identifying API misconfigurations and detecting bots. The service regularly assesses managed APIs and provides recommended actions when it detects configuration issues, and it uses preconfigured rules to provide a way to identify malicious bots within API traffic. Each rule represents a different type of unusual traffic from a single IP address; if an API traffic pattern meets any of the rules, Advanced API Security reports it as a bot.

“Misconfigured APIs are one of the leading reasons for API security incidents. While identifying and resolving API misconfigurations is a top priority for many organizations, the configuration management process is time consuming and requires considerable resources,” Vikas Ananda, head of product at Google Cloud, said in a blog post shared with TechCrunch ahead of the announcement. “Advanced API Security makes it easier for API teams to identify API proxies that do not conform to security standards. . . . Additionally, Advanced API Security speeds up the process of identifying data breaches by identifying bots that successfully resulted in the HTTP 200 OK success status response code.”

With the launch of Advanced API Security, Google is evidently seeking to bolster its security offerings under Apigee, which it acquired in 2016 for over half a billion dollars. But the company is also responding to increased competition in the API security segment. Startups delivering API-focused cybersecurity products include Salt Security, Noname Security and Neosec. Many established vendors have expanded their offerings in recent years, too, including Barracuda, Akamai, 42Crunch, Traceable, Ping Identity and Signal Sciences.

In March, Cloudflare launched a new gateway aimed at boosting API security. And in May, Imperva acquired API security company CloudVector.

While the jury’s out on just how well these products perform comparatively, the threat of API-borne attacks is very real. Companies like Peloton, Parler and even LinkedIn have fallen victim to API-driven attacks within the last few months. They’re not the only ones. According to a recent study by Cloudentity, 44% of companies have experienced “substantial” API authorization issues pertaining to privacy, data leakage and object property exposure with internal and external-facing APIs.

Source: Tech Crunch

Like it? Share with your friends!

110 shares, 170 points

What's Your Reaction?

Cute Cute
Fun Fun
Hate Hate
Confused Confused
Fail Fail
Geeky Geeky
Love Love
Choose A Format
Personality quiz
Series of questions that intends to reveal something about the personality
Trivia quiz
Series of questions with right and wrong answers that intends to check knowledge
Voting to make decisions or determine opinions
Formatted Text with Embeds and Visuals
The Classic Internet Listicles
The Classic Internet Countdowns
Open List
Submit your own item and vote up for the best submission
Ranked List
Upvote or downvote to decide the best list item
Upload your own images to make custom memes
Youtube, Vimeo or Vine Embeds
Soundcloud or Mixcloud Embeds
Photo or GIF
GIF format