Black Hat 2022 Recap: API Security and Data Security Top the List
The Black Hat Conference for 2022 has concluded and, once again, there was no shortage of new emerging security technologies, informative sessions, and broader concerns surrounding APIs, data security, the software supply chain and code security. The conference was also ripe with insights about recent ransomware attacks and new indicators of compromise that organizations are now contending with. One of those growing entry points in the industry are APIs.
API Security
API Security was a huge theme at Black Hat this year. The industry has seen a huge uptick in data exfiltration attempts and overall data security incidents via API, compared to prior years. Organizations across multiple industries have either experienced an actual data breach via API, or an attempt to compromise their APIs for fraudulent activities or exfiltrating sensitive data.One of the biggest and most consistent concerns we heard from our visitors is that most security leaders still have little or no knowledge of what APIs are in their environment. They often had many different tools to manage their application security, but sometimes, not one solution in place to identify and secure their APIs. As we all know, the two are different, and appsec tooling does not cover APIs. In addition, given that most sensitive data is transmitted via API, this is a scary reality to know that so many large organizations that handle sensitive consumer data, don’t have a solution in place to protect APIs.
Data Security
Data security and API security go hand-in-hand. This is still a somewhat new concept in the security industry, but it’s quickly taking hold. API abuse and fraud have become the top data security issue across multiple industries. Even Gartner acknowledged this topic, years ago, in one of their predictions – that API abuse will be the most common type of attack seen in 2022. And here we are.
Traceable’s Exciting Announcements
Traceable announced enhanced API Protection capabilities to our API security platform. This was in direct response to the industry epidemic of threat actors abusing APIs to carry out large-scale attacks against organizations. We are painfully aware of how APIs are the new weapon of choice for cyber attacks, and there is no evidence of those attack methods slowing down anytime soon. These enhanced data security capabilities address the fundamental business and financial risks, and operational downtime often associated with API data breaches.In terms of features and capabilities, this release includes the following:
- Track volumes of sensitive data traversing between APIs over time
- Users can establish a baseline of API sequences and user behavior to detect fraudulent activities.
- Categorize users’ accessing data through APIs (e.g., partners, data owners, threat actors, and more)
- Create customizable data sets for enhanced data protection and compliance capabilities
- Enhanced detection accuracy is also available with various sensors including geolocation, Tor, Botnet, proxy, and malicious bots (e.g., scraper, spam, botnet).
- Additional capabilities include the ability to correlate with increases in account takeover or excessive login attempts.
- Detection of fraud for materially significant data (e.g., gift cards, loyalty points, free credits, and much more).
Another exciting announcement came from our friends at ArmorCode, “ArmorCode Adds Traceable AI Integration, Improving Application Security Posture From Code to Cloud”. With the integration, ArmorCode is now able to leverage Traceable’s deep API discovery capabilities for their customers.The press release quotes both Upendra Mardikar, Chief Security Officer of Snap Finance, and Jyoti Bansal, Traceable’s CEO and Co-founder."Agile DevOps, Cloud Deployment, Microservices, API adoption, and Open Source have all dramatically accelerated application delivery and application risk posture. ArmorCode's platform provides us with a unified visibility into applications, microservices, and automates complex DevSecOps workflows. Traceable AI solves for us one of the biggest problems security teams face, which is distinguishing between valid and malicious use of an application's APIs. The ArmorCode and Traceable AI combination helps us do this at a fraction of the cost and time.", said Upendra Mardikar, Chief Security Officer of Snap Finance."The broad use of APIs in cloud-native applications has greatly expanded the attack surface for enterprises. Traceable monitors end-to-end application activity, from the user and session all the way through the application code. Traceable's integration with ArmorCode simplifies AppSec and Development teams workflows, removing friction between these teams to further accelerate the delivery of secure APIs." Jyoti Bansal, CEO and Co-founder of Traceable AI.
Start Your API Security Journey Today
With the API threat landscape increasing in scope and sophistication, we are thrilled to continue delivering API security solutions to address your growing challenges. We encourage you to request a demo to get the full experience of how it can address your API Security needs.
Multiple Options to Get Started
Depending on your role and the needs at your organization, we offer multiple options to get started with Traceable AI:
- If you’re a CISO or DevSecOps security leader and want to evaluate your API security risks, try our API Security Posture Assessment.
- To start your journey, sign up for our Free Tier and learn all about your APIs — internal, external, third-party, and even the shadow or rogue APIs you may not even be aware of.
- If you want to compare different API security solutions in the market, check out our API Security Tools comparison guide.
- You can also view a demo or book a meeting to learn more and ask your questions on how Traceable can meet your API security requirements.
The Inside Trace
Subscribe for expert insights on application security.