Google Cloud has announced a preview of Advanced API Security built on Apigee – an application programming interface management platform for detecting and fixing API misconfigurations and thwarting malicious bots.
APIs are used for the automated data flow that empowers digital experiences. healthcare and financial sectors also increasingly use APIs to share data between businesses and customers, making them more vulnerable to potential cyberattacks.
As businesses scale their capabilities and add functionality to their platforms they often pile on more numerous APIs and create a larger attack surface for malicious parties and open up more opportunities for misconfigurations and it’s difficult to keep up with manual updates with securities policies for a large number of APIs at scale.
The year 2021 was a big year for data breaches as per the report, up more than 68% over 2020. Data breaches led to the leaks of databases filled with usernames, passwords, emails, and sometimes addresses or other sensitive user information.
Apigee’s Advanced API Security product has two parts that give information technology teams a chance to get ahead of the curve and take mitigation actions before they become a problem.
The first is an API scanner that checks the current API configurations that don’t conform to security standards and allow the team to adhere to best practices and provides the security score of the APIs
The second part of the new product can detect malicious bots by examining API traffic and comparing it to pre-configured rules garnered from historical Apigee usage that provides users warning.
Bots are particularly common in the financial services sector thanks to the high-value data being processed. Even if bots are unable to break into a secured and well-built API, they can still slow down the interface with their probing. So having an early detection system for malicious attempts that can properly identify and block them and let good traffic through can provide a smoother experience for customers.
Apigee team will focus on its own security processes to address the most common pain points and mitigate misconfigured APIs and malicious bots, with more features planned in the future.
Documentation for the new Apigee Advanced API Security previewed by registering for the preview and then viewing it through Google’s developer portal.