Defining Good: A Strategic Approach to API Risk Reduction

A good API security strategy starts with a well thought out API security posture governance program that spans from design to deployment.
That standard, if communicated and enforced effectively, will not only positively affect how a developer designs and codes an API to be compliant with that standard, but also how an architect designs their solutions, and influences how appsec tests the API. In another example, consider a manufacturing company that mandates an API standard that requires that all external facing APIs that deliver CAD design documents be over an encrypted channel, authenticated via JWT, and must always be served by a particular API gateway, behind a particular CDN. That policy would directly impact and influence the behaviors of the various lifecycle stakeholders, ensuring the production of a low risk API product.
An effective API posture governance program should not only have the ability to author and set policies, but should also have the ability to continuously assess if APIs in use are in compliance with corporate standards, best practices, and regulatory requirements.
API posture governance is foundational to behavioral threat protection.
An API posture governance program provides the foundation for a successful behavioral threat protection program by supplying it with the context rich API intelligence needed to help distinguish between benign anomalies and malicious intent.
At Salt, we created the API security space and have analyzed trillions of API calls in the wild.
As the application world has shifted and transformed, and as API-first has accelerated, it is more apparent than ever that a well executed, risk reducing API security strategy must consist of a progressive journey that addresses both API posture governance and API behavioral threat protection.
We are thrilled to announce advancements in the Salt API Security Platform that help better guide our customers through that API risk reduction journey, ensuring secure API driven success for their businesses.
Industry's first API posture governance engine - Which helps organizations minimize risk on their API first journey, by having the ability to author corporate standards for API posture, and assess compliance with those standards, along with industry best practices, and regulatory requirements.
Unlike typical API security solutions that focus primarily on detection and mitigation of threats, Salt's platform introduces the first-ever engine dedicated to API posture governance.
The new functionality helps ensure that all API lifecycle stakeholders are in sync and security standards are followed as an API makes its way through its lifecycle.
New API filtering and querying capabilities - Which provides context rich API asset discovery and management, helping organizations mine more intelligence from their discovered API assets.
Enhanced behavioral threat response capabilities - Which will provide SecOps personnel with the capability to more effectively prioritize, triage, and analyze API related security events, and drastically reduce mean time to respond and resolve.
More API sprawl means more opportunity for threat actors targeting APIs.
This trend will continue in 2024, as evidenced by Salt Security's latest State of API Security Report, Q1 2023, which found a 400% increase in unique API attackers this last year and its State of API Security for Financial Services and Insurance Report where 92% of respondents say they have experienced a significant security issue in production APIs over the past year, with nearly one out of five have suffered an API security breach.
The platform's enhanced integrations with application security testing platforms, data enrichment through its public API, and advanced outbound integrations are designed to ensure that API security is not a standalone effort but an integrated part of the broader security infrastructure.
This holistic approach to API security, focuses on both internal asset management and external ecosystem integration.
All of these improvements help organizations more easily share and operationalize Salt's API asset and threat intelligence with existing security technology investments.
Enterprise onboarding and operationalization improvements - Which reduce API risk quickly with minimal operational friction.
Contact us to learn more about these new capabilities and how the Salt Security API Protection Platform can help your organization realize short and long term API risk reduction and achieve secure API driven success.


This Cyber News was published on securityboulevard.com. Publication date: Thu, 18 Jan 2024 20:43:04 +0000


Cyber News related to Defining Good: A Strategic Approach to API Risk Reduction

Defining Good: A Strategic Approach to API Risk Reduction - A good API security strategy starts with a well thought out API security posture governance program that spans from design to deployment. That standard, if communicated and enforced effectively, will not only positively affect how a developer designs ...
1 year ago Securityboulevard.com
Master Security by Building on Compliance with A Risk-Centric Approach - In recent years, a confluence of circumstances has led to a sharp rise in IT risk for many organizations. That's why a proactive approach to seeing, understanding, and acting on risk is key to improving the effectiveness of defenses in place to meet ...
1 year ago Cyberdefensemagazine.com
How to Build a Cyber Risk Tolerance Statement for Your Organization as a CISO - Creating an effective cyber risk appetite statement requires a structured approach that begins with a thorough understanding of your organization’s risk profile, business model, and strategic objectives. A well-defined cyber risk appetite ...
1 week ago Cybersecuritynews.com
ProcessUnity Introduces Industry's All-In-One Third-Party Risk Management Platform - PRESS RELEASE. BOSTON-(BUSINESS WIRE)- ProcessUnity, provider of comprehensive end-to-end third-party risk management and cybersecurity solutions to leading enterprises, today announced the completed integration of the Global Risk Exchange. The newly ...
1 year ago Darkreading.com
Critical Start Implements Cyber Risk Assessments With Peer Benchmarking and Prioritization Engine - PRESS RELEASE. PLANO, Texas, Jan. 11, 2024 /PRNewswire/ - Today, Critical Start, a leading provider of Managed Detection and Response cybersecurity solutions and pioneer of Managed Cyber Risk Reduction, announced general availability of Critical ...
1 year ago Darkreading.com
Building a Cyber Risk Appetite Statement for Your Organization - Designing a meaningful cyber risk appetite statement requires careful consideration of the organization’s unique context, industry, and risk landscape. The true value of a cyber risk appetite statement is realized only when it is actively ...
1 day ago Cybersecuritynews.com
Imperva Named an Overall Leader in the KuppingerCole Leadership Compass: API Security and Management Report - We're thrilled to share that Imperva has achieved the prestigious status of Overall Leader in the KuppingerCole Leadership Compass: API Security and Management report. A notable achievement is being recognized as one of the few non-gateway-first ...
1 year ago Imperva.com
16 top ERM software vendors to consider in 2024 - Enterprise risk management software helps organizations identify, mitigate and remediate business risks, which can lead to improved business performance. The risk management market is rapidly evolving from separate tools across different risk domains ...
1 year ago Techtarget.com
20 Best Remote Monitoring Tools - 2025 - What is Good ?What Could Be Better ?Strong abilities to keep an eye on devices and systems.Some parts may take time to figure out.It gives you tools for remote control and troubleshooting.There could be more ways to change things.Lets you automate ...
3 weeks ago Cybersecuritynews.com
20 Best Endpoint Management Tools - 2025 - What is Good?What Could Be Better?Comprehensive endpoint security against many threats.The user interface may overwhelm some users.Machine learning for real-time threat detection.Integration with existing systems may be complex.A central management ...
2 weeks ago Cybersecuritynews.com
Unified API Protection - A massive segment of organizations' digital footprint today is built around internal and external APIs. As more IT leaders realize and acknowledge the size of APIs' influence, it's become clear that new methods are needed to secure those APIs. While ...
2 years ago Cequence.ai
Key elements for a successful cyber risk management strategy - In this Help Net Security interview, Yoav Nathaniel, CEO at Silk Security, discusses the evolution of cyber risk management strategies and practices, uncovering common mistakes and highlighting key components for successful risk resolution. Nathaniel ...
1 year ago Helpnetsecurity.com
API Security: The Big Picture - Given this, it is no surprise that API security is a top priority for many security teams in the coming year. Here are 10 strategic things to look for in an API security offering. Multiple Environment Capability API security isn't very helpful if it ...
1 year ago Darkreading.com
A Plan to Protect Critical Infrastructure from 21st Century Threats - On April 30th, the White House released National Security Memorandum-22 on Critical Infrastructure Security and Resilience, which updates national policy on how the U.S. government protects and secures critical infrastructure from cyber and ...
10 months ago Cisa.gov
Three Things to Know About the New SEC Rules on Sharing Information and Breach Disclosure Deadlines - Recently, the Securities and Exchange Commission adopted rules about the handling and reporting of cyber risks and breaches. With these new guidelines and regulations, public companies and organizations must disclose cybersecurity incidents ...
1 year ago Cyberdefensemagazine.com
How to Complete an IT Risk Assessment - An effective security strategy needs to put managing risk at the heart of its approach. An IT risk assessment process is used by organizations to identify and prioritize the most pressing risks to their IT environment. Naturally, it focuses on IT ...
1 year ago Heimdalsecurity.com
Salt Security Delivers API Posture Governance Engine - PRESS RELEASE. PALO ALTO, Calif., Jan. 17, 2024 /PRNewswire/ - Salt Security, the leading API security company, today announced multiple advancements in discovery, posture management and AI-based threat protection to the industry leading Salt ...
1 year ago Darkreading.com
Key Takeaways from the Gartner® Market Guide for Insider Risk Management - Insider risk incidents are on the rise and becoming more costly to contain. As a result, earlier this year, Gartner predicted that 50% of all medium to large enterprises would adopt insider risk programs. The report reveals several key findings about ...
1 year ago Securityboulevard.com
How a Risk-Based Security Approach can Change Your Mindsettitle - The ever-evolving threat landscape of cyber security has resulted in a need for a more robust security strategy than strictly a threat-based approach. A risk-based security approach is focused on proactively identifying and responding to potential ...
2 years ago Securityweek.com
The Future of GRC - Integrating ESG, Cyber, and Regulatory Risk - Chief Risk Officers increasingly serve as strategic advisors to the C-suite, helping executives understand how seemingly disparate risks from climate change to ransomware to regulatory enforcement could collectively impact strategic objectives. The ...
5 days ago Cybersecuritynews.com
That time I broke into an API and became a billionaire - This included an internal API with a dependency on a third-party banking API. We'll get to the banking API later in this story. That's all thanks to developers embracing agile development, microservices, and API gateway redirection that exposed ...
1 year ago Securityboulevard.com
A Cybersecurity Risk Assessment Guide for Leaders - Now more than ever, keeping your cyber risk in check is crucial. In the first half of 2022's Cyber Risk Index, 85% of the survey's 4,100 global respondents said it's somewhat to very likely they will experience a cyber attack in the next 12 months. ...
2 years ago Trendmicro.com
Cyber Risk Quantification - Turning Security into Business Language - Cyber Risk Quantification calculates risk exposure and its potential financial impact on an organization in business-relevant terms, providing a way for organizations to drive alignment between security strategy and business objectives. By expressing ...
1 week ago Cybersecuritynews.com
What do CISOs need to know about API security in 2024? - According to Postman's 2023 State of the API Report, roughly 66% of participants indicated that their APIs contribute to generating revenue. A recent ESG survey on API security showed that 92% of organisations using APIs have experienced a breach in ...
1 year ago Cybersecurity-insiders.com
Third-Party Security Assessments: Vendor Risk Management - As businesses rely more heavily on external vendors to provide critical services and support, the importance of effective vendor risk management strategies becomes paramount. This article explores the significance of third-party security assessments, ...
1 year ago Securityzap.com

Latest Cyber News


Cyber Trends (last 7 days)