Leveraging Google Cloud Packet Traffic Mirroring with Salt to Detect API Security Threats
Hundreds of millions of application programming interfaces (APIs) power today’s digital economy, and that figure continues to expand at a relentless pace. While development teams deploy tools to help them conquer the complexity of managing their API inventory and increase their velocity, the resulting sprawl has created far greater concerns. APIs now represent the broadest and riskiest attack surface in the enterprise. Today we’re seeing APIs become a preferred attack vector for cybercriminals and hackers. A recent Salt Security survey showed that 94% of respondents have experienced security problems in production APIs within the past 12 months, and 20% have suffered a data breach resulting from these API security gaps.
Why? Traditional security approaches are not enough to detect and stop API attacks. To protect your business from being a victim of a successful API attack, you need a platform built from the ground up to automatically discover new and changed APIs, detect and stop attacks on APIs in the early stages, and fix vulnerabilities in new and running APIs.
The platform must take a full lifecycle approach to protect all of the APIs running in your environment — and do so without impacting performance or the user experience. Achieving this level of protection requires automation, powered by cloud-scale big data and highly trained artificial intelligence (AI). Humans — even deeply experienced security analysts — simply can’t analyze hundreds of attributes across millions of API calls to uncover the rich context needed to detect threats such as a multi-day credential stuffing attack.
That’s what differentiates the Salt Security API Protection Platform: its ability to collect, store, and analyze millions of attributes and correlate them over time to identify attackers during reconnaissance. Using the most mature AI and machine learning (ML) algorithms, extensively trained through years of exposure to thousands of environments, the Salt Security platform provides all the context needed to protect all of your APIs — even the ones you didn’t know you had.
Collecting the data needed to detect API threats with Google Packet Mirroring
Salt Security’s newest connector enables customers to seamlessly mirror their Google Cloud Virtual Private Cloud traffic to the Salt API context engine to detect threats and improve their API-related security posture. With this integration, customers can quickly begin collecting API traffic quickly and efficiently with no agents, no code changes, and no configuration. During the implementation process, Salt API experts will work with organizations to mirror the most relevant traffic to meet their specific use cases in a low-impact, resource-efficient, offline manner.
Continuously discover all of your APIs leveraging your Google Cloud Packet traffic
Maintaining a complete and current API inventory represents one of the biggest blind spots for cybersecurity teams today. Unless your company already has an advanced API security platform, you almost certainly have unknown or shadow APIs, zombie APIs (those thought to be deprecated but still in use), incorrectly documented or undocumented APIs, and APIs with unknown vulnerabilities such as exposing sensitive data. You can’t protect what you can’t see. The Salt Security platform automatically and continuously discovers all your internal, external, and third-party APIs, including shadow and zombie APIs.
Detect and block attacks on your APIs
Attackers are focused on finding and exploiting vulnerabilities in the business logic of your APIs. Because APIs are unique, attackers take days, weeks, or months to probe and understand how your APIs work and where they may have vulnerabilities. The Salt Security platform detects these low-and-slow attacks, uncovering the reconnaissance actions of bad actors early in their probing. With Salt, you can choose to manually or automatically block attackers using the inline devices you already have deployed. The robust integrations with the Google Cloud products you already leverage allow you to do this with fewer resources and effort.
Accelerate remediation and shift left
It’s not enough to find and block attackers exploiting a vulnerability in your API. You will also want to remediate the security gap in your APIs. The Salt Security platform lets you simulate runtime behavior and attacks as part of your CI/CD pipeline process, so you can bake security into your development cycle. The Salt platform also identifies vulnerabilities found only at runtime and provides clear remediation details dev teams can apply to harden existing APIs.
The Salt Security API Protection Platform is the industry-leading API security solution. If you’re interested in learning more, please contact us for a customized demo today.
Additional Resources:
https://salt.security/blog/how-to-protect-apis
https://salt.security/api-security-trends
https://salt.security/blog/owasp-api-security-top-10-explained