January 2023 - Digital Pathways

How secure are your API’s?

Application programming interfaces (APIs) have become the must have option for many organisations, with enterprise developers relying heavily on them to support the delivery of new products. API’s allow programmers to integrate functionality from externally provided services instead of having to build these functions themselves.

While interconnections offered by APIs have been around since the first programmes were written, the landscape is changing, especially with the rapid growth of mobile applications. Even legacy applications have API’s written for them in-order to extend their life cycle rather than making them redundant.

With the rise of APIs come the potential for more security holes. This requires developers to understand the whole API code and not simply focusing on the part they need to integrate, as other sections could leak data from rogue applications coming from a bad actor. It is this lack of a full code review that is leading to data breaches and the bad press they bring, mandating Boards to review the need to keep corporate and customer information safe. Companies rely on their APIs to build applications that drive innovation and revenue, so there is no room for deployment delays.

The increasing regulatory focus on sensitive data leaks is impacting profitability and, the Public is taking notice. Poor API design and security practices are often at the root of sensitive PII data leaks.

APIs are everywhere, and they exchange highly sensitive data constantly, making them a rich target for attackers, which explains the significant increase in attacks targeting APIs in recent years which have moved beyond methods such as cross-site scripting (XSS) and SQL injection (SQLi) attacks to focus on finding unique vulnerabilities in APIs.

And traditional solutions such as Web Application Firewalls (WAFs), which depend on signatures and known attack patterns, cannot detect or prevent these new attacks targeting the unique nature of APIs. Because they validate transactions individually and cannot correlate activity over time, they cannot detect the reconnaissance behaviour of a bad actor looking for a business logic flow in a company’s APIs.

APIs are incredibly powerful tools that can help an organisation advance its business goals and better integrate with customers, vendors, and business partners. However, in the face of constantly changing application development methods, and pressures for innovation, some organisations have not fully grasped the potential risks associated with making their APIs available to the Public. Regardless of how many APIs are shared publicly, the security considerations should never be forgotten, and it is for the executives, responsible for security and governance, to ensure development and network teams never lose sight of establishing strong security policies upstream and managing them proactively, over time, for each development.

What is the conundrum with consolidation?

The conundrum around individual components verses combined systems continues. Rather than reducing complexity, many businesses are managing multiple point products, incompatible dashboards, and struggling to integrate new systems with existing defences. This applies to all size of business but is especially hard for mid-size enterprise, where resources are stretched and the skills needed to truly understand the information that is being presented, simply not there.

Now there is a focus on Security Service Edge (SSE) which is emerging to reduce complexity and improve detection and response, all in one integrated system. This approach relieves the pressure on IT teams by integrating security from a single cloud-based platform, vital for all businesses but especially those in the mid-sized arena.

The answer to the conundrum of consolidation…..

An autonomous, integrated security platform has the capacity to tackle evolving threats, right across an organisation’s attack surface, around-the-clock and, at lightning speed. Operating a single platform means all your security functions can share relevant data in a single, transparent dashboard, improving speed and accuracy of response and reporting, while helping to mitigate against cross-channel attacks and eliminate complexity.

And, it enables organisations to move away from the more expensive and time-consuming approach of running separate solutions in silos. Instead, it gives companies an integrated strategy that is simpler to use, easier to manage and, reduces the need for manual intervention.

Crucially, a platform approach enables digital business, giving users the freedom to access the applications and data they need, regardless of device or location, whilst providing visibility of threats and the tools to remove them to the IT team, to better utilise their time.

Not every organisation will have a specialist security person for every aspect of the cyber framework, so a single view of the critical aspects of a security in depth cyber plan is vital for every small to medium size company. Thus, the integrated approach presents, in a clear format, the real-world events happening with understandable options on how to defend or mitigate the situation.