Akamai Technologies announced the availability of API Security, a product that stops application programming interface (API) attacks and detects business logic abuse inside APIs. In addition, Akamai’s API Security discovers, audits and monitors API activity using behavioral analytics to rapidly respond to threats and abuse.
2022 was a record year for app and API attacks
API security has become a critical concern for organizations as API attacks continue to grow. A recent State of the Internet report by Akamai noted that 2022 was a record year for application and API attacks. Once an API has been authorized by a web application and API protection (WAAP) product, security teams have no visibility into its use within the organization. Malicious actors are aware of this blind spot and have shifted to abusing the vast API attack surface.
Akamai’s stand-alone API Security solution is a result of Akamai’s acquisition of Neosec, announced in April of this year. It works with any API gateway, WAAP or cloud implementation. Akamai customers can also take advantage of edge connector, an integration that saves the time, energy, and cost of product integration with the click of a button.
The API Security product provides complete visibility into API activity, uses behavioral analytics to detect complex threats and improves detections by analyzing historical data uniquely stored in a data lake. The offering delivers API discovery, visibility and risk auditing combined with detection and response capabilities that enable full investigation and threat hunting. With API Security’s differentiating Shadow Hunt threat hunting managed service, machine learning signals are delivered to human analysts for investigation. Users can see their APIs, which means they can ensure protection by recording API activity, detecting any possible breaches and keeping customer data safe.
Stan Lee, CISO of Earnin, a financial technology company said,
“Akamai’s API Security helps us with discovering and monitoring our critical APIs for all applications. It helps us to improve compliance and risk management while enabling business process agility and outcomes.”
Rupesh Chokshi, Senior Vice President and General Manager, Application Security at Akamai said,
“Recent breaches have painfully revealed the necessity of API security solutions. Preventing API-based attacks by guarding endpoints and checking credentials is no longer sufficient. Akamai’s API Security gives organizations the ability to monitor API behavior in any platform or gateway to ensure that business processes are running smoothly and securely.”
API Security complements Akamai’s existing App & API Protector (AAP) solution. Together, they deliver the most comprehensive global protection, combining enterprise-wide visibility, behavioral analysis of API activity and prevention of attacks and abuse. This joint strategy enables:
- Broader discovery to see APIs on and off the Akamai content delivery network
- Layered detections that are both signature-based and behavioral.
- Customized responses to block threats in-line or remediate issues.
- All of these protections benefit from easy deployment in one control center. Plus, they “check the box” on both OWASP Top 10 vulnerability lists and ensure access to API threat hunting expertise.