Salt Security: API security is a “now” problem in 2023

One of the attendees at the recent Salt Security API Summit was none other than Dr. Anton Chuvakin, Security Advisor in the Office of the CISO, Google Cloud. This event really brought together a who’s who of leading cybersecurity experts, including Joe Martinez, CSO at AON, Ed Amoroso, founder and CEO of TAG Cyber, Michael Sentonas, CTO at CrowdStrike, and Colin Williams, CTO at Computacenter.

Growing attack surfaces require growing awareness of the problem

For the thematic background, as companies continue to drive their digital innovation, the use of APIs is also on the rise. This almost automatically enables growing attack surfaces. Today’s API attacks are very different from those of the last ten to twenty years. Earlier attacks used a “known” gap that propagated as a single transaction. Devices could still be taught how to detect – and stop – these types of preset attacks. Signature-based, rules-based security approaches no longer work this way. Detecting API threats today requires a new approach.

Optus example

Key example: In the case of Australian telecommunications provider Optus, the security breach was due to the disclosure of an unauthenticated API on a test network. Another common vulnerability can be a simple configuration error that leaves an API vulnerable to attack once that error is discovered by an attacker.

Tackle API security now

API security is still a “now” issue in 2023. This is evidenced by the surge in funding for API security. With creative attackers, more attacks, a changing attack surface, and a greater number of APIs carrying the most critical data, 2023 may well be called the year of API security.

Dr. Chuvakin and other experts know what matters today

Dr. Chuvakin’s On Demand session – co-hosted with Michelle McLean, Vice President of Marketing – is an in-depth discussion on why API security has become a major “now” issue.

How API security is evolving
Selection criteria for API security platforms
The tie between API management and API security
What AppSec does and doesn’t do to protect APIs
A Fortune 500 CISO on building an API security strategy

For more information on the topic and a link to the Salt Security API Summit, click here.