RSA Showcases API Security


By: Mary Jander

A series of announcements at the RSA Conference 2022 in San Francisco this week spotlighted the need to secure the application programming interfaces (APIs) that link applications and data sources in cloud environments.

For instance, in a report showcased at the conference, the Cloud Security Alliance (CSA) listed “Insecure Interfaces and APIs” as the second of eleven “Top Threats to Cloud Computing” cited in a recent survey of 700 security professionals. Notably, API security is up from a rank of seven in a similar survey in 2019.

According to the report, the exposure of data by unsecured APIs is the chief business risk of poor API governance. Security gaps exist in missing or weak authentication of endpoints; unpatched systems; suspension of security controls in the development process; and design flaws and misconfigurations.

The CSA report’s results tally with those of a report authored by analyst firms the Aimpoint Group and W2 Research, along with industry group CISO Connect, in which a survey of 400 chief information security officers (CISOs) found that API security topped the list of IT vulnerabilities cited by 42% of those surveyed.

Vendors Seeing Uptick

The RSA Conference was a platform for vendors of API security solutions, including Cequence Security, a vendor specializing in discovery, tracking, risk analysis, and mitigation of API-based attacks. Cequence announced at the show the release of API Spyder, a tool that analyzes the attack surface of a customer’s APIs from the hacker’s perspective.

“APIs are a double-edged sword. On one edge APIs are the currency of business exchange driving innovation and commerce. On the other they are open doorways for attackers, often implemented without security oversight or baseline best practices and standards and are now the number one threat surface under attack,” said Ameya Talwalkar, co-founder and CEO of Cequence, in a statement.

Cequence also announced on June 7 that it’s seen substantial growth in the past year, as companies beef up their API security profiles in the wake of API breaches at Peloton, Clubhouse, Experian, and John Deere, to name a few. Cequence claims that 30% of its customers are paying over $1 million or are on track to do so over the next three years as a result of increased focus on API security. And 75% of Cequence customers are now paying over $100,000 – pointing to the increased value enterprises place on API security.

Another exhibitor at RSA, Noname Security, released version 3.0 of its API Security Platform, which includes a range of functions to help security teams manage APIs with a view to top security. And not to be outdone, competitor Salt Security was also on hand to boast of its platform winning an industry award. Notably, Salt Security also boasted of tech unicorn status after receiving $140 million in Series D funding in February 2022.

These announcements tally with other signs of industry momentum behind API security. In early May, two-year-old startup Traceable AI scored $60 million in Series B funding for its API security tracking solution. Even with the slowdown in tech funding, it’s likely we’ll see ongoing investor interest in API security startups as the need for protection increases.