The last few years have seen a meteoric rise in the adoption of APIs and the microservices that leverage them to power digital transformation projects and integration. Businesses leveraging the incredible potential of a new generation of straightforward, open, and flexible APIs to speed up the execution of critical business plans are reaping huge rewards in the marketplace. Since almost any program may now access even the most complicated apps and data sets, APIs represent a significant advancement in connectivity. However, this innovation comes with significant risk, as security concerns are the #1 barrier to these digital transformation projects, and for good reason. Security teams need to be aware of how their attack surfaces and architectures are changing, and API adoption changes their security profile substantially. Consequently, security teams must be mindful of these new and changing attack surfaces that expose backend systems and data to the outside world, often to a larger degree than their user interfaces. And the adoption is massive; APIs are already responsible for over 91% of internet traffic. Security teams should not expect their current process or tools to be suitable to deal with these changes, as they were never designed for the distributed attack surfaces these architectural changes expose.
Even with these concerns, continued adoption of APIs is inevitable. APIs are easy to work with, and provide greatly enhanced access to technology resources, bringing value and danger to private and public sector entities. As a result, attacks through APIs are rising, and the industry is trying to tackle them with innovative approaches. Enter Wib, a leader in the API security domain and the only firm extending a solution for the whole API development lifecycle. Wib has carved a niche among its peers with its expertise in both attacking and securing APIs. Wib helps clients secure their enterprises by providing constant visibility into API attack surfaces. As a result, the enterprise extends a unique focus toward eliminating blindspots and understanding the effect of APIs on the risk factor. APIs are already exposing more attack surfaces than user interfaces. Gartner has been predicting for YEARs that APIs would become the #1 attack vector in 2022, and API traffic is already 91% of Internet traffic. But, the industry still somehow considers API security a ‘’niche’’ space instead of what it is – Modern Web Security.
The FBI was recently subjected to an API attack. Its Infragard program fell victim to a combined attack that comprised API data exfiltration and social engineering. Because of the episode, vast amounts of data, including tens of thousands of defender information, were left on the open market. Wib extends a unique approach toward securing APIs. The approach is strengthened by their expertise and understanding of the root causes of the issue troubling API security. “Wib is 100% focused on helping our customers get their arms around their API ecosystem so they can manage their risks. Our goal is to enable them with as close to 100% visibility into their API ecosystem as possible, closing any blind spots their current security or DevSecOps teams may have today. Providing this type of support is certainly helping us establish trust and credibility with our prospects and customers, and ultimately helping them succeed in mitigating threats and protecting their business for the long haul”, adds Chuck Herrin, CTO of Wib. Wib aggressively tests API attack surfaces using some of the best API hackers. Further, continuous assessment of deviations and changes in traffic patterns is a critical part of ongoing monitoring, as changes from normal traffic are often the best indicator of an attack or potential breach. Recently, a large bank contacted Wib. The task was to assess the API security. Wib’s offensive testing team chained logic-based attacks that went straight through the firewall. Wib was also able to identify some flaws that remained undiscovered until then. “We showed them how to fix the code and business logic they were exposing, as well as to put monitoring in place to detect similar attacks in the future,” adds Herrin.
The plans revolve around expansion into other regions. The demand for API security is now a specific aspect transcending part and industry. The enterprise is planning to achieve the target through direct sales. The other area of focus will be substantial investment in critical partnerships.