Edge computing architecture aims to be open and programmable. Application programming interfaces (APIs) are part of that infrastructure and, as such, their security is paramount when considering larger edge applications.
Now, new data from API security firm Salt suggests global attacks against API-based infrastructures have increased by 681% over the last 12 months, hampering innovation for two-thirds of the surveyed organizations.
According to Salt, the figures are an indicator of the fact that reliance on traditional security and API management tools like web application firewalls (WAFs) and API gateways has left many organizations with a false sense of security.
In fact, 95% of respondents said they had experienced an API security incident in the last year, of which 55% were relying on alerts from gateways and 37% were using WAFs to identify attackers shows the gap in capabilities.
“APIs present an attractive attack vector, despite organizations’ best efforts to validate APIs before releasing them into production,” explained Michael Isbitski from Salt.
“Given the inability of traditional security and API management platforms to protect against sophisticated attacks that target the unique business logic of APIs, it’s no surprise that attackers continue to be successful, keeping enterprises at risk,” he noted
The research also sheds some light on the top concerns about API strategies, most of which are security-related.
In this regard, 22% of respondents mentioned insufficient investment in pre-production security as their top concern, followed by 18% saying they were concerned that the program doesn’t adequately address runtime or production security.
When asked about the capabilities of API security platforms, almost half of them (42%) cited stopping API attacks as the most important. A substantial 41% also highlighted the identification of which APIs expose personal identifiable information (PII) and sensitive data.
“We’re seeing API attacks accelerating significantly year over year. Even more concerning, the pace of growth in API usage and attacks continues to outpace enterprise readiness and defenses,” said Salt CEO Roey Eliyahu.
“Organizations must invest the time and effort to understand the API attack landscape and the critical capabilities needed to protect their most vital assets.”
One of the companies specializing in APIs for edge applications is Ericsson, which recently released its Edge Exposure Server platform.
API | DDoS | DevOps | edge API | firewall | market research | Salt Security | security | WAF