News, news analysis, and commentary on the latest trends in cybersecurity technology.
Wallarm Aims to Reduce the Harm From Compromised APIs
API Leak Management software discovers exposed API keys and other secrets, blocks their use, and monitors for abuse, the company says.
Just as pants are most likely to split along the seam, enterprise also risks holes opening up along the seam between systems: APIs. The scope of the potential problem is clear, with 78% of engineering teams managing upward of 250 API keys, tokens, or certificates. It makes sense that API leaks are becoming more common — with a reported rise of 681% in 2021 alone — as tech stacks get more complex and software supply chains grow longer.
To help organizations ward off these intrusions, API security company Wallarm recently added a feature called API Leak Management to its End-to-End API Security bundle. Now in early release, the solution will alert you when it detects a leak, allowing security staff to quickly revoke and block the leaked key through a unified interface.
The new capability automates detection, remediation, and control to protect API secrets. It continuously monitors public sources for leaked API keys and resources. If any are found, the software revokes the key and blocks requests that reference it across the client's entire presence. API Leak Management then continues to automatically monitor and block future attempts to use leaked secrets.
Numerous high-profile breaches in 2022 trace back to losing control of API keys and other secrets, including CircleCI, Twitter, and Optus. Such breaches cost companies an average of $1.2 million annually, which makes API security an imperative priority for enterprises.
Attackers commonly target API keys and secrets because they provide direct access to the data and infrastructure, according to Ivan Novikov, CEO and co-founder of Wallarm. "Our API Leak Management solution allows enterprise customers to automatically detect and block the use of leaked API keys, providing an additional layer of security for their data to reduce organizational risk," he said in a statement.
About the Author
You May Also Like
Securing Tomorrow, Today: How to Navigate Zero Trust
Nov 13, 2024The State of Attack Surface Management (ASM), Featuring Forrester
Nov 15, 2024Applying the Principle of Least Privilege to the Cloud
Nov 18, 2024The Right Way to Use Artificial Intelligence and Machine Learning in Incident Response
Nov 20, 2024Safeguarding GitHub Data to Fuel Web Innovation
Nov 21, 2024