A good API security strategy starts with a well thought out API security posture governance program that spans from design to deployment.
That standard, if communicated and enforced effectively, will not only positively affect how a developer designs and codes an API to be compliant with that standard, but also how an architect designs their solutions, and influences how appsec tests the API. In another example, consider a manufacturing company that mandates an API standard that requires that all external facing APIs that deliver CAD design documents be over an encrypted channel, authenticated via JWT, and must always be served by a particular API gateway, behind a particular CDN. That policy would directly impact and influence the behaviors of the various lifecycle stakeholders, ensuring the production of a low risk API product.
An effective API posture governance program should not only have the ability to author and set policies, but should also have the ability to continuously assess if APIs in use are in compliance with corporate standards, best practices, and regulatory requirements.
API posture governance is foundational to behavioral threat protection.
An API posture governance program provides the foundation for a successful behavioral threat protection program by supplying it with the context rich API intelligence needed to help distinguish between benign anomalies and malicious intent.
At Salt, we created the API security space and have analyzed trillions of API calls in the wild.
As the application world has shifted and transformed, and as API-first has accelerated, it is more apparent than ever that a well executed, risk reducing API security strategy must consist of a progressive journey that addresses both API posture governance and API behavioral threat protection.
We are thrilled to announce advancements in the Salt API Security Platform that help better guide our customers through that API risk reduction journey, ensuring secure API driven success for their businesses.
Industry's first API posture governance engine - Which helps organizations minimize risk on their API first journey, by having the ability to author corporate standards for API posture, and assess compliance with those standards, along with industry best practices, and regulatory requirements.
Unlike typical API security solutions that focus primarily on detection and mitigation of threats, Salt's platform introduces the first-ever engine dedicated to API posture governance.
The new functionality helps ensure that all API lifecycle stakeholders are in sync and security standards are followed as an API makes its way through its lifecycle.
New API filtering and querying capabilities - Which provides context rich API asset discovery and management, helping organizations mine more intelligence from their discovered API assets.
Enhanced behavioral threat response capabilities - Which will provide SecOps personnel with the capability to more effectively prioritize, triage, and analyze API related security events, and drastically reduce mean time to respond and resolve.
More API sprawl means more opportunity for threat actors targeting APIs.
This trend will continue in 2024, as evidenced by Salt Security's latest State of API Security Report, Q1 2023, which found a 400% increase in unique API attackers this last year and its State of API Security for Financial Services and Insurance Report where 92% of respondents say they have experienced a significant security issue in production APIs over the past year, with nearly one out of five have suffered an API security breach.
The platform's enhanced integrations with application security testing platforms, data enrichment through its public API, and advanced outbound integrations are designed to ensure that API security is not a standalone effort but an integrated part of the broader security infrastructure.
This holistic approach to API security, focuses on both internal asset management and external ecosystem integration.
All of these improvements help organizations more easily share and operationalize Salt's API asset and threat intelligence with existing security technology investments.
Enterprise onboarding and operationalization improvements - Which reduce API risk quickly with minimal operational friction.
Contact us to learn more about these new capabilities and how the Salt Security API Protection Platform can help your organization realize short and long term API risk reduction and achieve secure API driven success.
This Cyber News was published on securityboulevard.com. Publication date: Thu, 18 Jan 2024 20:43:04 +0000