How big of a problem is API security? Simply put: It’s massive.
Globally, over $12.2 billion dollars has been invested into cybersecurity companies so far this year. What’s driving this frenetic pace of activity? The harsh reality is that security problems are complex and technology is always evolving. This digital transformation, as it is commonly known, is changing everything about how business is done today.
In the past, businesses built their own data centers that housed databases, web servers, and application servers and were protected by traditional security like firewalls and intrusion prevention systems. The security philosophy was to protect the perimeter–or more simply–stop access to the datacenter.
Today, the perimeter is an archaic memory. Applications are now built in third party clouds, using shared micro-services from a partner located in a different private cloud, which access a database in yet another different location. For many organizations, the notion of a datacenter and a perimeter no longer exist. The connective tissue that shares all the information between all these businesses and applications is Application Programming Interfaces (APIs) — and APIs are largely unprotected.
Digital transformation is underpinned by this new “API economy” which has demonstrated how APIs positively affect an organization’s profitability. Any organization that has digitized their operations is likely using APIs to share and enrich data. Any time a consumer is using a mobile or web-based application, you can be sure that the application is using one, if not many, APIs in the transaction.
With such proliferation of APIs, it begs the question: what about API security? How big of a problem is API security? Simply put: It’s massive. Playfully, many have referred to the growth in APIs as the internet’s yellow brick road. The data shows that 83% of internet traffic is through APIs. But here’s the problem: traditional security tools were not built to detect APIs, let alone protect the abuse and threats that lurk within them.
NeoSec is focused on the problem of preventing API abuse. Its AI-driven API security platform is a cloud-native SaaS service that gives businesses visibility into, and discovers, the APIs they use or make available to partners, suppliers, and other end-users. But discovery of all APIs is only the beginning.
NeoSec’s behavioral analytics engine tracks how all these different groups interact with the business process made available through the API. This depth of analysis is a key differentiator. If the API carries a service like invoicing, NeoSec identifies anomalous behavior and allows you to know which partner or supplier is responsible for abusing your invoicing API.
This is a security product that doesn’t just understand the technical elements of API traffic, it also understands and protects the business logic. If someone is enumerating through hundreds of invoices, your business should be able to detect and understand the context of this use and determine if it is abusive.
Leading the NeoSec effort is founder and CEO Giora Engel, a cybersecurity veteran who invented XDR and previously founded LightCyber, which was acquired by Palo Alto Networks. His co-founder, Ziv Sivan is also a 2-time entrepreneur with an impressive background in managing large teams in the Israel Defense Force.