• Latest
  • Trending
Is Continuous Discovery Needed to Detect Rogue APIs?

Is Continuous Discovery Needed to Detect Rogue APIs?

July 11, 2022
Co-Creation Hub’s edtech accelerator puts $15M towards African startups

Co-Creation Hub’s edtech accelerator puts $15M towards African startups

February 20, 2023
Data Leak Hits Thousands of NHS Workers

Data Leak Hits Thousands of NHS Workers

February 20, 2023
EU Cybersecurity Agency Warns Against Chinese APTs

EU Cybersecurity Agency Warns Against Chinese APTs

February 20, 2023
How Your Storage System Will Still Be Viable in 5 Years’ Time?

How Your Storage System Will Still Be Viable in 5 Years’ Time?

February 20, 2023
The Broken Promises From Cybersecurity Vendors

Cloud Infrastructure Used By WIP26 For Espionage Attacks on Telcos

February 20, 2023
Instagram and Facebook to get paid-for verification

Instagram and Facebook to get paid-for verification

February 20, 2023
YouTube CEO Susan Wojcicki steps down after nine years

YouTube CEO Susan Wojcicki steps down after nine years

February 20, 2023
Inaugural AfCFTA Conference on Women and Youth in Trade

Inaugural AfCFTA Conference on Women and Youth in Trade

September 6, 2022
Instagram fined €405m over children’s data privacy

Instagram fined €405m over children’s data privacy

September 6, 2022
8 Most Common Causes of a Data Breach

5.7bn data entries found exposed on Chinese VPN

August 18, 2022
Fibre optic interconnection linking Cameroon and Congo now operational

Fibre optic interconnection linking Cameroon and Congo now operational

July 15, 2022
Ericsson and MTN Rwandacell Discuss their Long-Term Partnership

Ericsson and MTN Rwandacell Discuss their Long-Term Partnership

July 15, 2022
  • Consumer Watch
  • Kids Page
  • Directory
  • Events
  • Reviews
Wednesday, 29 March, 2023
  • Login
itechnewsonline.com
  • Home
  • Tech
  • Africa Tech
  • InfoSEC
  • Data Science
  • Data Storage
  • Business
  • Opinion
Subscription
Advertise
No Result
View All Result
itechnewsonline.com
No Result
View All Result

Is Continuous Discovery Needed to Detect Rogue APIs?

by ITECHNEWS
July 11, 2022
in Leading Stories, Opinion
0 0
0
Is Continuous Discovery Needed to Detect Rogue APIs?

A smart and scalable API security strategy has many factors. But even the most sophisticated API security approach needs a full and current API inventory. This might not sound difficult, particularly with mature API processes, governance, and documentation. But as with most aspects of security, planning for the unexpected is critical. In the case of APIs, this means implementing broad and continuous API discovery across your on-premises and cloud environments.

APIs are a moving target

One of the most challenging aspects of securing APIs is that APIs themselves – and the infrastructure foundation they sit on top of – seem to be constantly changing. Modern applications are deployed and changed daily through fast-moving DevOps processes. Meanwhile, IT infrastructure is continuously evolving as organizations shift to hybrid-cloud architectures and embrace new application deployment models like microservices.

YOU MAY ALSO LIKE

Co-Creation Hub’s edtech accelerator puts $15M towards African startups

Data Leak Hits Thousands of NHS Workers

Organizational adoption of principles like DevSecOps that make security integral to the application lifecycle might still result in overlooking APIs since they straddle the line between software development and security.

Meanwhile, API risk may differ significantly from one organization to the next — or based on the type of API. For example, many organizations place most of their emphasis on protecting north-south APIs that communicate with outside parties. But east-west APIs that expose more sensitive data and business workflows to internal users and systems may pose similar risks given the inevitability of infrastructure breaches and other factors like insider threats.

Even well-intentioned teams have process lapses

Development teams face daily trade-offs between perfect and fast, and APIs are not an exception. Even with mature and well-defined API practices, developers may occasionally implement workarounds to address an emergency fix or meet time-to-market pressure, with an intention to revisit and refactor later to bring into compliance. But these situations can easily slip through the cracks and be left unaddressed and undocumented.

Rogue APIs pose hidden risks

Many organizations are lulled into a false sense of security by sound API deployment and documentation practices, even as they have rogue APIs in their environments.

Rogue, sometimes called shadow, APIs aren’t typically created with malicious intent. But that doesn’t mean that a threat actor with malicious intent won’t try to exploit them. And because they are unknown to the security team – and potentially lacking best API deployment practices and  operating outside the view of API security monitoring tools— attacks on rogue APIs on  may go undetected long enough to cause severe business impact.

Zombie APIs are another common pitfall

Zombie APIs are a close relative of shadow APIs and present many of the same risks. “Zombie” refers to APIs that may have served a purpose, but as applications are decommissioned, APIs that offer access to data and business logic might be overlooked. Like rogues, zombie APIs can fly under security team radar and tools of security teams and tools, and are as susceptible to abuse and exploitation.

Broad and continuous discovery yields good API hygiene

While it is always advisable to implement robust protections for business-critical, sanctioned APIs, broad and continuous API discovery must be included in your API security strategy.

Consider breadth. Even with basic monitoring in place for sanctioned APIs, it’s essential to augment this with inspection of all activity in your environments for signs of unexpected API activity. This may be accomplished with the capture and analysis of log and traffic data from sources such as:

  • API gateways
  • Content delivery networks
  • Cloud provider logs
  • Log management systems
  • Orchestration tools

Once you have this more complete picture, it’s also important to refresh it continuously. Continuous API discovery will future-proof your API risk posture against newly created rogue APIs. It will also spotlight zombie APIs created as your applications evolve or as new technology is introduced to your environments through mergers and acquisitions.

Put a spotlight on your rogue and zombie APIs today

While implementing a broad and continuous API discovery capability may seem like a complex and time-consuming proposition, it doesn’t have to be. We’ve created a 100 percent SaaS-based approach to API discovery and protection that you can have up and running in minutes.

Source: Eric Wolff
Via: Security Boulevard
Tags: Is Continuous Discovery Needed to Detect Rogue APIs?
ShareTweetShare
Plugin Install : Subscribe Push Notification need OneSignal plugin to be installed.

Search

No Result
View All Result

Recent News

Co-Creation Hub’s edtech accelerator puts $15M towards African startups

Co-Creation Hub’s edtech accelerator puts $15M towards African startups

February 20, 2023
Data Leak Hits Thousands of NHS Workers

Data Leak Hits Thousands of NHS Workers

February 20, 2023
EU Cybersecurity Agency Warns Against Chinese APTs

EU Cybersecurity Agency Warns Against Chinese APTs

February 20, 2023

About What We Do

itechnewsonline.com

We bring you the best Premium Tech News.

Recent News With Image

Co-Creation Hub’s edtech accelerator puts $15M towards African startups

Co-Creation Hub’s edtech accelerator puts $15M towards African startups

February 20, 2023
Data Leak Hits Thousands of NHS Workers

Data Leak Hits Thousands of NHS Workers

February 20, 2023

Recent News

  • Co-Creation Hub’s edtech accelerator puts $15M towards African startups February 20, 2023
  • Data Leak Hits Thousands of NHS Workers February 20, 2023
  • EU Cybersecurity Agency Warns Against Chinese APTs February 20, 2023
  • How Your Storage System Will Still Be Viable in 5 Years’ Time? February 20, 2023
  • Home
  • InfoSec
  • Opinion
  • Africa Tech
  • Data Storage

© 2021-2022 iTechNewsOnline.Com - Powered by BackUPDataSystems

No Result
View All Result
  • Home
  • Tech
  • Africa Tech
  • InfoSEC
  • Data Science
  • Data Storage
  • Business
  • Opinion

© 2021-2022 iTechNewsOnline.Com - Powered by BackUPDataSystems

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In
Go to mobile version