Apidays London 2024 - Securing APIs, Beyond the Basics with Advanced Security Practices, Karanvir Attwal

Transcript

1. © 2024 Akamai | Confidential 1 Securing APIs Karanvir Attwal

   API Security Specialist Beyond the basics with Advanced Security Practices

2. © 2024 Akamai | Confidential 2

3. © 2024 Akamai | Confidential 3 Existing application security solutions

   not built for evolution of API attacks 31% of web traffic is APIs 1 Akamai State of the Internet Report 2 Akamai threat researchers have identified that 31% of all traffic protected by Akamai is API traffic More APIs deployed every day More API traffic More API attacks Why API Security is Needed Today 30% of all web attacks targeted APIs in 2023

4. © 2024 Akamai | Confidential 4 Broad product capabilities: Flexible

   deployment, integrations, runtime protection, API testing, etc. API Attacks Are Not An If, But When In the last 12 months, 24 of 70 major data breaches stemmed from API vulnerabilities, impacting 15 different industries.

5. © 2024 Akamai | Confidential 5 Order Coffee Order a

   Car Check the Weather Check in for a flight Use Maps Log in to Social Media APIs are Everywhere Open Internet, Employees, Suppliers, Partners, IoT Massive Attack Surface 31% of all traffic protected by Akamai is API traffic

6. © 2024 Akamai | Confidential 6 API and Web Services

   Protect the client app from compromise Desktops Business Partners Multicloud Application and Data Services API and Web Security • Threat Prot • Bot Prot • Privacy • PCI DSS IoT Devices Internet Defend the applications from unavailability Protect the applications from OWASP, bot, and API attacks Defend APIs from attacks within the perimeter Defend applications against abuse and sensitive data exposure Today’s App and API Landscape

7. © 2024 Akamai | Confidential 7 API and Web Services

   API and Web Security • Threat Prot • Bot Prot • Privacy • PCI DSS AAP protects the “front door” of the application and APIs API Security provides deep visibility and intelligence to what’s occurring inside the application environment Today’s App and API Landscape NEW

8. © 2024 Akamai | Confidential 8 APIs are different They

   require a different approach Unlike web apps, when you expose an API to the internet, it is open for direct calls and subsequent abuse

9. © 2024 Akamai | Confidential 9 © Noname Security. All

   rights reserved. 9 How m any APIs do you have?

10. © 2024 Akamai | Confidential 10 © Noname Security. All

    rights reserved. 10 What type of data is being transm itted?

11. © 2024 Akamai | Confidential 11 API asset inventory, change

    detection, network mapping, reconnaissance. Discovery Configuration control, vulnerability management, remediation prioritization. Posture Management Detection and prevention of attackers and suspicious behavior in real time. Runtime Protection Secure APIs in dev to stop vulnerabilities before production. Testing Complete API Security at any stage of your API Lifecycle The API Security Pillars

12. © 2024 Akamai | Confidential 12 Understand your API ecosystem

    like never before The API Security Pillars • API inventory • Network mapping • Change detection • Reconnaissance Discovery Posture Management Runtime Protection Testing

13. © 2024 Akamai | Confidential 13 Protect what you know

    The API Security Pillars • Proactive monitoring • Configuration control • Severity classification • Remediation Discovery Posture Management Runtime Protection Testing

14. © 2024 Akamai | Confidential 14 Protect what you know

    The API Security Pillars • Real-time detection • Behavior analysis • Detect data exposure • Prevention integrations Discovery Posture Management Runtime Protection Testing Detection and prevention of attackers and suspicious behavior in real time .

15. © 2024 Akamai | Confidential 15 Protect what you know

    The API Security Pillars • CI/CD Integration • Shift left • Reduce risk exposure • Vulnerability labs Discovery Posture Management Runtime Protection Testing Secure APIs in dev to stop vulnerabilities before production.

16. © 2024 Akamai | Confidential 16 Ecosystem Development Platforms Network

    and Cloud Workflow Integrations API Gateway

17. © 2024 Akamai | Confidential 17 • Deploy Noname globally

    at scale in any combination of SaaS, hybrid, or on -premises (including a hardened virtual appliance for public-sector organizations) • Enable local control with global visibility with Remote Engines • Easily comply with multiple regulatory requirements, regional policies, and technical directives Flexible Deployment Options Noname secures your APIs wherever and however you need Noname Hosted Hybrid Customer Hosted

18. © 2024 Akamai | Confidential 18 Summary • Know what

    you have! Build a complete inventory and API catalogue to ensure full control over your API estate • Analyze traffic from all types of environments and enjoy more flexibility • Test APIs and find vulnerabilities during the development cycle to avoid introducing risk into production environments • Leverage out of the box integrations with the existing security stack to accelerate remediation activities • Flexibility around deploying the solution to meet your Data Sovereignty and Governance needs.

19. © 2024 Akamai | Confidential 19 Thank you!

20. © 2024 Akamai | Confidential 20