Imperva launches API security solution as threats rise
Imperva launched Imperva API Security with continuous API discovery and data classification. The product is deployed in any environment to provide data visibility and protection in legacy and cloud-native applications.
As a service offering, it can be enabled by Imperva Cloud Web Application Firewall (WAF) customers or deployed standalone to gain visibility into all API traffic.
Imperva API Security provides protection for application programming interfaces (APIs) in development environments that often lack adequate security controls and are vulnerable to malicious or inadvertent exposure.
According to Gartner, “By 2024, API abuse and related data breaches will nearly double,” predict Mark O’Neil and Shameen Pillai, in the May 2021 report, “The 10 Things Engineering Leaders software should know about APIs”.
The volume of APIs is multiplying as organizations accelerate digital transformation and adopt modern approaches to application development. The proportion of web traffic originating from APIs increased by 30% in 2022, compared to the same period last year, according to an analysis of WAF cloud traffic by Imperva Research Labs.
As the volume of API traffic increases, it becomes a greater threat to an organization’s sensitive data. Motivated attackers will increasingly target APIs as a route to the underlying infrastructure and database, Imperva says.
Imperva API Security enables rapid and secure development by providing continuous visibility and protection for all APIs. The product mitigates the risk of data breaches and data leaks by discovering phantom APIs and suggesting corrective actions to software developers and security administrators.
According to the company, key benefits of Imperva API Security include:
- Identify and classify data flowing through any API: API protection should be a direct extension of an organization’s strategy for securing sensitive data. Imperva API Security automatically discovers the full schema of each API while identifying and classifying the data that passes through it.
- Continuous discovery of APIs and schema changes: After activation, REST APIs are quickly discovered to help build a positive security model. API inventories are automatically updated, helping the security team keep pace with developers who frequently change APIs in production.
- Flexible deployment model: Imperva API Security works in legacy, hybrid, and cloud-native environments including: Kubernetes, legacy monolithic applications, standalone microservices, web proxies, or API gateways that integrate with other existing infrastructure . The flexible deployment model provides protection for public and backend APIs in a single solution without slowing down development teams.
- Enable API Governance: Gain visibility beyond the API endpoint and into the underlying payload of each API. This background will help business leaders in highly regulated industries apply a governance model and stop a possible data breach.
Imperva’s General Manager of Application Security, Karl Triebes, said, “Organizations need a new approach to protecting APIs as attacks grow in number and become more sophisticated.
“It’s not enough to know how many APIs you have in your environment. With a focus on protecting the underlying data, Imperva API Security is designed to help security and development teams work cooperatively without change the code or slow down the development life cycle.”
Imperva API Security is a product designed to benefit security and development teams. As a core component of the Imperva Web Application & API Protection Platform, customers can protect critical applications and infrastructure against online fraud, DDoS attacks and API abuse, the company says.
Chris Rodriguez, director of cybersecurity product research at IDC, said, “API security management is one of the top business risks facing enterprises today as they accelerate the pace of development. of software. API protection should be considered an essential dimension of a strong data security strategy.
“API security tools must discover and classify every API in production and out of production. Organizations must act quickly because APIs will be the source of more data breaches in the years to come.”