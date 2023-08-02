Americas

Akamai unveils API Security solution to stop API attacks, detect abuse

The solution works with any API gateway, WAAP, or cloud implementation and features a managed threat hunting service.

shutterstock 1850095465 internet API application programming interface
Credit: Photon photo

Cloud security vendor Akamai has announced the release of API Security, a product built to stop application programming interface (API) attacks and detect business logic abuse inside APIs. Akamai's stand-alone API Security solution compliments its existing App & API Protector (AAP) solution, and is a result of the firm's acquisition of API security company Neosec. It works with any API gateway, web application and API protection (WAAP), or cloud implementation. API Security provides visibility into API activity using behavioral analytics to detect threats, and it analyzes historical data uniquely stored in a data lake, Akamai said.

API growth triggering increasing attacks, security risks

APIs are used to access and query data as well as perform activities such as enrichment and data modifications as part of processes. This means the APIs themselves must be secured as well as the data that is flowing through them. Growing use of APIs gives attackers more ways to break authentication controls, exfiltrate data, or perform disruptive acts, while the traditional approaches to web application security often don't apply to API security.

APIs made the headlines last year when 9.8 million Optus customers had personal information stolen and ransomed due to a publicly exposed API that did not require authentication. Meanwhile, Twitter, T-Mobile, and a law enforcement app all had API vulnerabilities that exposed data.

API attackers targeting financial services and insurance APIs have become increasingly active, with a 244% increase in unique attackers between the first and second halves of last year, according to the 2023 State of API Security for Financial Services and Insurance report from Salt Security. What's more, 92% of financial/insurance respondents said they have experienced a significant security issue in production APIs over the past year, and nearly one out of five have suffered an API security breach. Meanwhile, 71% of respondents said their existing tools are not very effective in preventing API attacks.

Akamai API security solution features managed threat hunting service

Akamai's new API Security offering delivers API discovery, visibility, and risk auditing combined with detection and response capabilities that enable full investigation and threat hunting, the firm said in a press release. It features Shadow Hunt, a managed threat hunting service that delivers machine learning signals to human analysts for investigation, Akamai said.

The combination of Akamai's AAP solution and new API Security offering also gives customers:

  • Broader discovery to see APIs on and off the Akamai content delivery network
  • Layered detections that are both signature-based and behavioral
  • Customized responses to block threats in-line or remediate issues
  • Easy deployment in one control center
  • Alignment with OWASP Top 10 vulnerability lists

Akamai customers can also take advantage of edge connector, an integration that helps save the time, energy, and cost of product integration, the firm said.

Michael Hill is the UK editor of CSO Online. He has spent the past 8 years covering various aspects of the cybersecurity industry, with particular interest in the ever-evolving role of the human-related elements of information security. A keen storyteller with a passion for the publishing process, he enjoys working creatively to produce media that has the biggest possible impact on the audience.

