Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
News, news analysis, and commentary on the latest trends in cybersecurity technology.
The investment in Salt Security underscores the fact that attacks targeting APIs are increasing.
2 Min Read
Source: KanawaTH via Adobe Stock Photo
The boom in mobile apps, cloud services, and Web applications have led to a worrying trend: Attackers are increasingly targeting the APIs that underpin them. Enterprises need tools in order to secure these data-rich connectors, and CrowdStrike's announcement that it is investing in Salt Security highlights the critical role API security plays in Web application security.
APIs – application programming interfaces – are ubiquitous in the modern enterprise. Consider the following:
A Web application displaying a map and location data relies on the Google Maps API.
An e-commerce application offering multiple payment options, such as the "Pay with PayPal" feature, is using an API.
Retailers use APIs to work with couriers and delivery companies to ensure package are picked up and delivered correctly.
Companies may send software via API. That's what Tesla does.
"APIs connect the critical data and services that drive today's digital innovation," said Roey Eliyahu, CEO and co-founder at Salt Security, in a statement.
Developers rely on APIs to connect their applications to multiple data sources and services in order to build new features and products without having to start from scratch. For example, not many organizations have the resources or data to maintain detailed maps, but they don't need to because Google Maps offers the information via an API. However, the fact that APIs have access to sensitive data and systems makes them vulnerable. If the API is somehow abused, that can expose the underlying data and result in a data breach.
A bug in the Peloton API allowed anyone to pull users’ private account data directly from Peloton’s servers, even if a user's profile was set to private. There was a similar situation involving a financial lending site, where a leaky Experian API allowed anyone to look up credit scores of someone else with only a name and mailing address.
"Enterprises are producing a massive number of APIs at a rate that far outpaces the maturity of network and application security practices," wrote Gartner analysts Jeremy D’Hoinne and Mark O’Neill in a recent "Gartner Predicts" report on API security. "Strong inventory and real-time discovery are both necessary to gain enough visibility into all APIs that the organization produces."
From a financial perspective, CrowdStrike's investment makes sense. The API security market is expected to grow 26.3% between 2022 and 2032, according to research from Future Market Insights earlier this month. Gartner estimates that API attacks will soon become the most-frequent attack vector for Web applications.
In addition to the investment, CrowdStrike says it plans to work with Salt Security on security testing to harden APIs and API discovery and runtime protection for applications.
About the Author(s)
You May Also Like
More Insights
Webinars
Defending Against Today's Threat Landscape with MDR
April 18, 2024The fuel in the new AI race: Data
April 23, 2024Securing Code in the Age of AI
April 24, 2024Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024
Events
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024Black Hat Asia - April 16-19 - Learn More
April 16, 2024