Security News

All the things we have come to expect from a modern Internet service now depend on open computing and APIs. More recently, API usage has seen even greater exponential growth driven by several factors - the first of which is the ubiquitous mobile device.

The UK has decided to break with growing international consensus and insist its upcoming coronavirus contact-tracing app is run through centralised British servers - rather than follow the decentralized Apple-Google approach. Within the details over how it would work, the memo revealed the NHS and UK government reckon the contact-tracing protocols built by Apple and Google protect user privacy under advisement only.

Researching the wide range of API security alternatives can be confusing - even to seasoned experts. The target reader includes software developers who depend on and use APIs every day, as well as technical managers who might have responsibility for API security in their organization.

There has been an increasing number of high-volume attacks in Q1 2020, with 51 attacks over 50 Gbps. The average bandwidth of attacks also rose, reaching 5,0 Gbps versus 4,3 Gbps in the same quarter in 2019. Key findings Maximum bandwidth nearly doubles: In Q1 2020, the maximum bandwidth nearly doubled in comparison to the previous year; the biggest attack stopped was 406 Gbps. In Q1 2019 the maximum bandwidth peaked at 224 Gbps. Complex multi-vector attacks rising: The share of multi-vector attacks rose to 64% in Q1 2020 up from 47% in Q1 2019.

Research from Akamai recently found that up to 75 percent of all credential abuse attacks against the financial services industry in 2019 targeted APIs directly. "We talk about API attacks and the reason why criminals are using targeted methods against API because the traditional 'throw it and hope it sticks' against financial services just isn't cutting it anymore, they have to be more creative," Steve Ragan, security researcher with Akamai, told Threatpost.

APIs are exposing a lot of business logic to exploitation, says Shreyans Mehta, co-founder and CTO at Cequence Security, who offers insights on enhancing API security. "There is a lack of visibility in the way the APIs are being exposed." Mehta says.

FireMon announced at RSA Conference 2020 expanded capabilities for API integrations with ServiceNow, Cisco ACI and Swimlane to help customers improve network security visibility, control, and efficiency while maximizing the value of their investments in security and IT service management systems. The FireMon API provides security professionals unlimited flexibility to customize change management workflows, increase visibility across tools and infrastructures, and maximize resources and cost efficiencies.

At RSA Conference 2020, API security leader and creator of the industry's first API Firewall - 42Crunch - announced the launch of its new self-registration feature for their API Security Platform. 42Crunch has made this easy by creating a platform based around the industry standard OpenAPI Specification, and now opening it to the public with self-registration to continue their mission of providing the most comprehensive tools for implementing API security best practices.

At RSA Conference 2020, Wallarm released an expanded set of parsers, detection of API-specific vulnerabilities and API schema analysis for gRPC and GraphQL. With Wallarm context-specific protection is delivered both for externally-facing APIs and for service-to-service internal APIs for a true zero trust use case. "More than half of our customers are actively moving to the cloud-native stack. For them support for gRPC and GraphQL is not just a"nice-to-have", but a strong requirement for all the security solutions, including WAF and DAST. Wallarm is stepping up to provide just that.

Take your SOC to the next level of effectivenessOrganizations are turning to Breach and Attack Simulation integration with the SOC. BAS integration with SIEM and SOAR solutions enables SOC teams to continually evaluate the effectiveness of their security controls and improve the company's security posture with real-time, accurate metrics. SecOps teams face challenges in understanding how security tools workSecurity professionals are overconfident in their tools with 50% reporting that they have experienced a security breach because one or more of their security products was not working as expected, according to Keysight.