Most Security Professionals Focus on API Vulnerabilities and Web API Traffic and have a Blind Spot to Activity within Internal or Authenticated B2B APIs
Neosec, the pioneer in discovering and identifying API threats using behavioral analytics with its API Detection and Response solution, today announced insights into a report it co-sponsored with Enterprise Management Associates (EMA) entitled, API Security: Debunking the Myths. The report indicates that there is a “remarkable disconnect between perception and reality” in today’s API security practices versus the reality of security challenges. In particular, most organizations lack the ability to discover and document all APIs they currently have in use, leaving them with no way to protect them. In addition, organizations are focused on external, consumer, internet-facing APIs and leave internal, authenticated B2B APIs unaddressed. The gap has created a false sense of security in what an organization believes about their API security posture.
The growth of APIs has created a new conduit for a different type of data breach, yet new research from EMA shows a big gap in understanding on how to solve the problem. A modern API security solution must have the ability to discover and document all APIs in use and monitor internal machine-to-machine APIs for misuse, combined with threat hunting abilities.
The study by EMA confirms that every organization (98.7% of respondents) exposes applications to the internet via APIs and 98.3% see an increase in API usage. APIs are full of sensitive data, with 80.8% of respondents saying this data was personally identifiable information.
Worryingly, every organization has documentation gaps, with 40.6% of respondents having less than half their known APIs documented. More concerning, over a quarter (25.3%) have no visibility into which applications are processing sensitive data, and 22.3% don’t know if their applications make sensitive data available to third parties. Visibility into API traffic is clearly a blindspot.
Reassuringly, 97.4% have a plan to protect the APIs, but over half (52.7%) will initiate a project to execute the plan this year, meaning that today APIs continue to be unprotected.
“The use of APIs is growing exponentially, but it seems that many think existing tools, that were never built to protect APIs, are going to be sufficient. The amount of breaches involving APIs shows this assumption is wrong”, said Giora Engel, CEO and co-founder of Neosec. “Compiling a comprehensive inventory of your APIs and having visibility into the traffic within each API is becoming essential to protecting data and business processes from abuse and theft.”
More information:
- Download Report: API Security: Debunking the Myths
- Blog: Understanding The EMA Research Report on “API Security: Debunking the Myths”
- Learn about API Security Fundamentals
Visit AITechPark for cutting-edge Tech Trends around AI, ML, Cybersecurity, along with AITech News, and timely updates from industry professionals!