Akamai brings together web application and API security
Akamai Technologies, Inc. this week launched a service that consolidates the process of securing web applications and application programming interfaces (APIs).
Amol Mathur, vice president of product management and strategy at Akamai, said that with the launch of App & API Protector, the managed security service provider is making it easier for IT teams to adopt DevSecOps best practices through Converged Web Application and Service API (WAAP). rather than using separate tools and services to secure them individually.
The service is also designed to continuously discover API requests which are then automatically inspected for malicious code. Optional API security controls can be applied based on policies defined by internal IT teams.
In addition, the company provides access to a multidimensional threat assessment model, called Adaptive, which combines the data Akamai collects with the data and metadata from every web and API request to help organizations better understand which threats require attention. immediate attention. Security events are also continuously analyzed using machine learning algorithms to provide very precise policy-by-policy tuning recommendations that can be implemented with just one click.
Akamai security researchers also use machine learning and data mining techniques to continuously analyze over 303TB of daily attack data which is used to automatically update protections. Companies can also choose to manually evaluate this data themselves to minimize the unintended impacts these updates could have on their applications.
Other features include built-in bot mitigation tools that are informed by a directory of over 1,500 known bots, integrations with Akamai Command Line Interface (CLI), Terraform, or scripts used to drive automated pipelines covering continuous integration / continuous delivery (CI / CD platform).
A recent report released by Akamai found that between January 2020 and June 2021, more than 11 billion attempted attacks in total were made over an 18-month period. The most common attack vector was SQL injection (SQLi) with 6 billion attacks, followed by local file inclusion (LFI) with 3.3 billion attacks and cross-site scripting (XSS ) with 1.019 billion attacks.
The report also found that credential stuffing attacks reached over a billion attacks and peaked between January 2021 and May 2021. Distributed Denial of Service (DDoS) attacks peaked from 90 in January 2021.
Akamai advocated for the outsourcing of web application security management and APIs through the content delivery network (CDN) it created. Its CDN provides an isolation layer between web applications and the rest of the business. The challenge that organizations now face on a regular basis is that, as they migrate to deploying cloud-native, microservice-based applications, the responsibility for security has become more decentralized. Security services provided by Akamai create an opportunity to better manage application security through a single window at a time when the focus is more than ever on securing software supply chains, said Mathur.
It is not clear to what extent organizations will rely more on managed security services as part of a larger effort to adopt DevSecOps best practices. However, in an age when application security expertise is hard to come by, it is becoming evident that in many cases relying on an external service provider to secure application environments is the easiest way. rapidly improve the overall security posture of any organization.