SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Story image
Akamai enables security teams to rapidly respond to API threats
Thu, 10th Aug 2023

Akamai Technologies has announced the availability of API Security, a product designed to stop application programming interface (API) attacks and detects business logic abuse inside APIs.

In addition, Akamai's API Security discovers, audits and monitors API activity using behavioral analytics to rapidly respond to threats and abuse.

API security has become a critical concern for organisations as API attacks continue to grow, the company states. A recent State of the Internet report by Akamai noted that 2022 was a record year for application and API attacks.

Once an API has been authorised by a web application and API protection (WAAP) product, security teams have no visibility into its use within the organisation. Malicious actors are aware of this blind spot and have shifted to abusing the vast API attack surface.

Akamai's stand-alone API Security solution is a result of Akamai's acquisition of Neosec, announced in April of this year. It works with any API gateway, WAAP or cloud implementation.

Akamai customers can also take advantage of edge connector, the first of its kind easy-button integration that saves the time, energy, and cost of product integration with the click of a button.

The API Security product provides complete visibility into API activity, uses behavioral analytics to detect complex threats and improves detections by analysing historical data uniquely stored in a data lake. The offering delivers API discovery, visibility and risk auditing combined with detection and response capabilities that enable full investigation and threat hunting.

With API Securitys differentiating Shadow Hunt threat hunting managed service, machine learning signals are delivered to human analysts for investigation. Users can see their APIs, which means they can ensure protection by recording API activity, detecting any possible breaches and keeping customer data safe.

Rupesh Chokshi, Senior Vice President and General Manager, Application Security at Akamai, says, "Recent breaches have painfully revealed the necessity of API security solutions. Preventing API-based attacks by guarding endpoints and checking credentials is no longer sufficient. Akamai's API Security gives organisations the ability to monitor API behavior in any platform or gateway to ensure that business processes are running smoothly and securely."

Forrester Research recently noted the importance of API security in light of recent attacks. API security is the hot app-sec tool of 2023. APIs made front-page news in 2022 when 9.8 million Optus customers had personal information stolen and ransomed due to a publicly exposed API that did not require authentication.

Optus wasnt the only one: Twitter, T-Mobile, and a law enforcement app all had API vulnerabilities that exposed data. As a positive, global security decision-makers reported that API security adoption rose from 2020 to 2022 and shows no signs of slowing. 

API Security complements Akamai's existing App & API Protector (AAP) solution. Together, they deliver the most comprehensive global protection, combining enterprise-wide visibility, behavioral analysis of API activity and prevention of attacks and abuse. This joint strategy enables:

  • Broader discovery to see APIs on and off the Akamai content delivery network.
  • Layered detections that are both signature-based and behavioral.
  • Customised responses to block threats in-line or remediate issues.

All of these protections benefit from deployment in one control centre, the company states. Plus, they check the box on both OWASP Top 10 vulnerability lists and ensure access to API threat hunting expertise.