SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
Upwind adds API security to its cloud platform amidst rising threats
Fri, 15th Mar 2024

Upwind, a cloud security firm, has announced the addition of Application Programming Interface (API) security to its Cloud Security Platform. The firm states that this update makes it the only platform in the market with the ability to detect and respond to API threats in real-time at the runtime level. This advancement stands as a milestone against the backdrop of rising API use and related security incidents.

In the present digital era, companies typically design their systems using APIs to allow services to communicate with each other. Studies suggest that companies' use of APIs rose by more than 200% from July 2022 to July 2023. This rate could see a further surge due to rapid AI adoption. Gartner anticipates that over 80% of enterprises will have used generative AI APIs or deployed AI-enabled applications by 2026.

While API usage provides a plethora of benefits, it also inadvertently opens doors to security threats. According to Checkpoint, in January 2024, attempts to attack web APIs impacted one in five organisations worldwide every week. This represented a 20% increase compared to the same month in 2023, emphasising the growing security threats associated with API vulnerabilities. As more organisations heavily depend on APIs for digital operations, it is clear the need for strong and adaptive API security measures is at an all-time high.

Upwind uses rich data and workload behaviour context to effectively secure against API-based threats by integrating runtime workload protection and API security within a single platform. The new API Security solution dynamically catalogues and maps any organisation's APIs in real-time by analysing actual traffic. It uses eBPF to guarantee minimum performance overhead and offers unrivalled visibility, steering clear of cost-intensive traditional techniques like traffic mirroring and outdated static API definitions.

The new security features empower organisations to have visibility on their entire API catalogue, enabling them to identify attacks, test APIs for new vulnerabilities, continuously discover API requests from the internet and gauge the exposure level of each endpoint to the internet.

Furthermore, Upwind's new API security capabilities help organisations to analyse real-time API threats and focus on key vulnerabilities highlighted by OWASP (Open Worldwide Application Security Project) and other application security organisations for complete protection.

Amiram Shachar, the Co-Founder and CEO of Upwind, discussed how their innovation in API security provides comprehensive visibility into real-time threats, effectively positioning the firm at the forefront of API security solutions. With Gartner forecasting APIs to become the primary target for cyberattacks in the future, Upwind's approach empowers security teams to prioritise and address the most critical threats efficiently, optimising their resources and efforts for enhanced protection.

Shachar explained, "Upwind API security uses runtime insights to give full visibility into the threats that actually put our customers at risk. As Gartner is predicting APIs to be the most significant vector of attack in the coming years, it is crucial for security teams to know which threats are most critical. This allows them to best utilise their time and effort."