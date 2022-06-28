



Google today announced a preview of Advanced API Security, a new product for Google Cloud designed to detect security threats related to APIs. Built on Google’s API management platform Apigee, the company says customers can request access today.

An abbreviation for “Application Programming Interface”, an API is a documented connection between computers or computer programs. API usage is increasing, and one study found that more than 61.6% of developers were dependent on APIs in 2021 rather than 2020. However, APIs are becoming more and more the target of attacks. According to a 2018 report commissioned by cybersecurity vendor Imperva, two-thirds of organizations expose unsecured APIs to the general public and partners.

Advanced API Security specializes in two tasks: identifying API misconfigurations and detecting bots. This service periodically evaluates managed APIs and provides recommended actions when it detects configuration issues. It also provides a way to identify malicious bots in API traffic using preconfigured rules. Each rule represents different types of anomalous traffic from a single IP address. If the API traffic pattern meets any of the rules, Advanced API Security reports it as a bot.

“API misconfigurations are one of the main reasons for API security incidents. Identifying and resolving API misconfigurations is a top priority for many organizations, but the configuration management process is time consuming and resource-intensive. It’s necessary, “said Vikas Ananda, Head of Product at Google Cloud. He said in a blog post shared with TechCrunch prior to the announcement. “Advanced API security makes it easy for API teams to identify API proxies that do not comply with security standards …. In addition, advanced API security identifies bots that have succeeded in HTTP 200 OK. Speeds up the process of identifying data breaches. Status response code. “

With the launch of Advanced API Security, Google seems to be looking to enhance its security products under Apigee, which it acquired in 2016 for more than $ 500 million. However, the company is also responding to intensifying competition in the API security segment. Startups that offer API-focused cybersecurity products include Salt Security, Noname Security, and Neosec. Many established vendors such as Barracuda, Akamai, 42Crunch, Traceable, Ping Identity and Signal Sciences have also expanded their offerings in recent years.

In March, Cloudflare launched a new gateway aimed at enhancing API security. And in May, Imperva acquired API security company CloudVector.

Jury trials are considering whether these products perform relatively well, but the threat of attacks via APIs is very real. Companies such as Peloton, Parler, and LinkedIn have been victims of API-driven attacks within the last few months. They are not the only ones. According to a recent survey by Cloudentity, 44% of companies are experiencing “substantial” API approval issues related to privacy, data breaches, and disclosure of object properties through internal and external APIs.

