Google today announced a preview of Advanced API Security, a new offering from Google Cloud designed to detect API-related security threats. Based on Google’s API management platform, Apigee, customers can apply for access starting today, the company said. API, short for “Application Programming Interface”, is a file connection between computers or between computer programs.
The concept of APIs has been on the rise since its invention, with a survey finding that more than 61.6% of developers will rely on APIs more in 2021 than in 2020. But they are also increasingly being targeted. According to a 2018 report commissioned by cybersecurity vendor Imperva, two-thirds of organizations are exposing insecure APIs to the public and partners.
Advanced API Security specializes in two jobs: identifying API misconfigurations and detecting bots. The service periodically evaluates managed APIs and provides recommended actions when configuration issues are detected, and it also provides a way to identify malicious bots in API traffic using pre-configured rules. Each rule represents a different type of unusual traffic from an IP address; if an API traffic pattern matches any of the rules, Advanced API Security will report it as bot access.
“Misconfigured APIs are one of the leading causes of API security incidents. While identifying and resolving API misconfigurations is a top priority for many organizations, the configuration management process is time-consuming and resource-intensive,” said Google Cloud Product Lead Vikas Ananda said in a blog post shared with TechCrunch ahead of the announcement.
“Advanced API Security makes it easier for API teams to identify API proxies that do not meet security standards… In addition, Advanced API Security speeds up the process of identifying data breaches by identifying bots that successfully result in an HTTP 200 OK success status response code.”
With the introduction of Advanced API Security, Google is clearly looking to strengthen the security offerings under the Apigee umbrella, which it acquired in 2016 for more than $500 million. But the company is also dealing with growing competition in the API security space.
Startups offering API-focused cybersecurity products include Salt Security, Noname Security, and Neosec. A number of established vendors have also expanded their offerings in recent years, including Barracuda, Akamai, 42Crunch, Traceable, Ping Identity and Signal Sciences.
In March, Cloudflare launched a new gateway designed to improve API security. And in May, Imperva acquired API security company CloudVector. While the performance comparisons of these products are inconclusive, the threat of API attacks is real and growing. Companies like Peloton, Parler, and even LinkedIn have all fallen victim to API-driven attacks over the past few months.
They are not the only victims. According to a recent study by Cloudentity, 44% of companies experienced “substantial” API authorization issues related to privacy, data leakage, and object property exposure for both internal and external-facing APIs.
If you like our news and you want to be the first to get notifications of the latest news, then follow us on Twitter and Facebook page and join our Telegram channel. Also, you can follow us on Google News for regular updates.