Gravitee, the API management platform, launched Federated API Management, which provides a single pane of governance for companies leveraging multiple API gateways and event brokers. Enterprises are often managing tens of thousands of APIs – with different teams each using their own API gateway of choice – creating the problem of API sprawl that until today made it impossible to have governable API security, visibility, and management.

“We built federated API management because we know that various teams across a given organization leverage myriad tools to manage their APIs,” said Rory Blundell, CEO of Gravitee. “Even if a team isn’t using Gravitee as their API Gateway, they can still take advantage of having a central source of truth for visibility, subscription control, governance, and more.”

Federated API Management enables organizations to centrally manage, secure, and publish all of their APIs – no matter what API Gateways and event brokers are being used across the organization. With Gravitee, API and Platform teams can now use a single solution to discover all APIs across the organization, import those APIs into a single subscription control and management layer, and then publish them all in a unified Developer Portal for self-service discovery, documentation, and subscription. This “multi-gateway” approach is a key pillar of modern API Management.

The Three Pillars of Modern API Management (APIM)

1 – Multi-Gateway and Multi-Broker: API Management, as a practice, must support the ability for API publishers to manage, secure, and govern APIs and services from multiple different API Gateways and event brokers.

2 – Event-Native: API Management must treat event streams and event APIs as first-class citizens on par with synchronous APIs, as more and more organizations introduce event streaming. This will enable teams to get more ROI out of their initial investment in streaming.

3 – AI-forward: API Management vendors must find ways to both (1) improve their API Management offerings through AI and (2) better enable organizations to leverage AI as a force-multiplier.

“Federation enables us to feed everybody: our customers, our developers, our support people, our partners – there’s a single pane of glass and a single point of entry,” said Melvin Stephen, VP of Product Development at Blue Yonder. “It doesn’t matter what the API is implemented on and this is going to be a huge advantage.”

Gravitee continues to be acknowledged with industry recognition. The company was the sole vendor positioned in the Customers’ Choice Quadrant in the 2024 Gartner Peer Insights ‘Voice of the Customer’ for API Management Report with a ‘willingness to recommend’ score of 100%¹ — the highest of all vendors recognized in the report. Gravitee was also named as a Visionary in Gartner’s Magic Quadrant for API Management Report.

The company is demonstrating Federated API Management at their flagship event Gravitee Edge 2024. Edge is a premier 3-day virtual conference covering a range of topics related to modern API management, and is free and open to the public. Keynote speakers include Emily Pfeiffer, Principal Analyst at Forrester; Matt Houser, VP of Global Engineering at Tealium; and Mathieu Croissant, Head of API Strategies at Roche.

Explore AITechPark for the latest advancements in AI, IOT, Cybersecurity, AITech News, and insightful updates from industry experts!

The post Gravitee Launches Federated API Management first appeared on AI-Tech Park.

Salt Security, the leading API security company, today unveiled the findings from the Salt Labs State of API Security Report, 2024. The research, which analyzed survey responses from 250 IT and security professionals, combined with anonymized empirical data from Salt customers, highlights a lack of API security maturity and posture governance across organizations, leading to a rise in API security incidents and attack traffic.

The research found that almost all (95%) survey respondents experienced security problems in production APIs, with 23% suffering breaches as a result of API security inadequacies. The volume of APIs within organizations is also accelerating, with Salt customer data showing a 167% increase in API counts over the past 12 months, and nearly two-thirds (66%) of survey respondents indicating that they are managing more than 100 APIs. With increased API usage, comes an expanded API attack surface putting malicious activity on the rise.

The 2024 report also highlights the ongoing lack of API security maturity. Only 7.5% of organizations consider their API security programs to be ‘advanced’ and alarmingly, over one-third (37%) of the respondents, who have APIs running in production, do not have an active API security strategy in place. Despite this, nearly half (46%) of respondents stated that API security is a c-level discussion within their organization.

According to the research, API posture governance strategies, which provide a structured framework for managing and securing the entire API ecosystem from design to deployment, also remain a relatively new phenomenon. Only 10% of organizations currently have an API posture governance strategy in place. However, realizing its critical importance, almost half (47%) plan to implement such a strategy within the next 12 months. By deploying and implementing a robust API posture governance engine, organizations can gain complete visibility into their API landscape, eliminate blind spots, and establish corporate-wide security standards and regulations across their entire API ecosystem.

“The volume of APIs within organizations are showing no sign of decline, and security teams are struggling to keep pace with the sheer breadth and depth of modern API ecosystems,” said Roey Eliyahu, co-founder and CEO, Salt Security. “As illustrated by the findings of our research, attackers are continuing to take advantage of this, leveraging weak spots within APIs to execute malicious attacks and gain access to company and customer data. With bad actors constantly refining their tactics to discreetly launch API attacks, often through legitimate means, it requires organizations to take a more sophisticated approach to securing APIs. One that encompasses strong API discovery capabilities, a posture governance strategy, and the ability to quickly and efficiently detect active threats and malicious API traffic.”

Additional key findings from the 2024 State of API Security Report include:

The threat of API attacks is growing
The research revealed that API security incidents are on the rise.

• API security incidents more than doubled within the past 12 months, with 37% of respondents experiencing an incident, compared to just 17% in 2023.
• Salt Labs analysis of customer data found that attackers are using a diverse range of tactics, with a significant portion bypassing authentication protocols. Almost two-thirds (61%) of attacks are unauthenticated.
• Internal APIs are also vulnerable, with 13% of attack attempts explicitly targeting them.

Zombie APIs remain a top concern amongst respondents
Respondents expressed high levels of concern about the potential risks associated with “Zombie” APIs -the outdated, forgotten APIs within ecosystems.

• An alarming 70% highlight Zombie APIs as a great or strong concern, up from 54% in 2023.
• Account takeover and denial of service top the second and third concern, respectively.

API discovery remains a challenge
API discovery was highlighted as an ongoing hurdle for many organizations.

• Only 58% of organizations have processes in place to discover APIs across their infrastructure.
• Less than 15% of respondents are very confident that they understand which APIs expose personal identifiable information (PII).

Traditional methods are insufficient for protecting against modern attacks

• Only 21% of respondents believe that their current API security approaches are effective in protecting against API attacks, signaling issues with existing methods.
• API gateways (54%), analyzing log files (45%) and web application firewalls (WAFs) (42%) are the most common tools organizations are leveraging to detect and prevent malicious API activity but remain insufficient and lack user confidence.

API updates take place more frequently and organizations struggle to keep pace with documentation
The rapid change of APIs, combined with the increasing use of AI-generated APIs, has rendered traditional documentation methods obsolete.

• Over a third of organizations update their APIs at least once a week (38%), and a significant portion (13%) make daily updates.
• Only 12% of respondents feel very confident in the accuracy of their API inventory, highlighting a widespread lack of trust in security posture.

Attackers are following OWASP Top 10
A large percentage of API attacks target well-known security weaknesses outlined in the OWASP API Security Top 10 list.

• 80% of attack attempts leverage one or more of the Top 10 methods outlined on the list.
• Despite this established knowledge base, only 58% of organizations prioritize protection against the API threats outlined by OWASP.

The State of API Security Report, 2024, was compiled by researchers from Salt Labs, the research division of Salt Security, utilizing survey data from nearly 250 respondents across a range of job responsibilities, industries, and company sizes, globally. 20% of respondents were executive-level security or IT leaders, and another 18% within platform or DevOps teams. Technology and financial services companies—widely viewed as the forefront of API usage —comprised 37% of respondents. Companies large and small were evenly represented. The report also includes real-world API attack attempt data from the Salt Security API Protection Platform. This customer data is anonymized, aggregated, and then analyzed by Salt’s researchers to identify critical trends that can help educate the broader security industry.

To download a copy of the full report, please visit: https://content.salt.security/state-api-report.html

A comprehensive blog exploring the findings also be found here: https://salt.security/blog/increasing-api-traffic-proliferating-attack-activity-and-lack-of-maturity-key-findings-from-salt-securitys-2024-state-of-api-security-report

Explore AITechPark for the latest advancements in AI, IOT, Cybersecurity, AITech News, and insightful updates from industry experts!

The post 95% Report API Security Issues Due to Increased API Usage first appeared on AI-Tech Park.

Cequence, a pioneer in API security and bot management, today announced a new partnership with Singularity Tech, a leading Australia-based professional services company providing unparalleled expertise in APIs and DevOps. This collaboration delivers a comprehensive solution that empowers organisations to conquer challenges associated with leveraging an ever-increasing number of applications to drive our organisations forward. Handling API sprawl, navigating compliance complexities, and seamlessly bridging the gap between critical security needs and available technical resources is no small feat.

Today, many organisations lack awareness of the interconnectedness between API security and overall cybersecurity risks. This knowledge gap exposes them to vulnerabilities from uncontrolled APIs and hinders regulatory compliance, especially for highly regulated fields such as critical infrastructure. According to the Annual Cyber Threat Report from the Australian Signals Directorate, Australia saw a 50% increase in cyber security incidents related to critical infrastructure in 2023.

Today’s partnership brings together Singularity’s unmatched expertise and Cequence’s industry-leading Unified API Protection (UAP) platform empowering clients to confidently navigate the complexities of API discovery, risk assessment, governance, and threat protection. The new partnership enables clients to leverage market-leading tools, industry experts, and rigorous processes for reliable delivery of a complete and continuous API lifecycle management solution. The six stages of the Continuous API Protection lifecycle that every organisation should adopt to securely protect their APIs are:

1) Discovery: Continuous evaluation of an organisation’s API attack surface and discovering unknown or shadow APIs implemented without security oversight.

2) Inventory: Compilation of Discovered endpoints, and both managed and unmanaged APIs, providing security teams and analysts with a single cohesive view of their enterprise’s API Inventory.

3) Compliance: Ensure that your APIs are compliant with the organisation’s security policy and industry best practices that include data governance, access control, API specification conformance, and visibility into where your API map relative to the OWASP API Security Top 10.

4) Detection: Detect real-time API threats that target applications without the need for mobile SDK, JavaScript, or app instrumentation, allowing new APIs to be onboarded within minutes rather than days or weeks.

5) Prevention: Provide real-time inline prevention and mitigation of API attacks that target mission-critical applications.

6) Testing: Evaluate APIs for conformance, risks, and sensitive data exposure before pushing to production.

“Cequence is laser-focused on empowering organisations with the most robust API security solutions, and this partnership with Singularity perfectly aligns with our mission,” said Glen Maloney, ANZ Country Lead at Cequence. “This partnership is more critical than ever for the Australian market, where a defined critical infrastructure landscape and stricter compliance requirements necessitate a targeted approach.”

API Security Redefined: Unified API Protection

Cequence’s UAP platform provides comprehensive discovery of the entire API attack surface, encompassing both external and internal APIs. It ensures compliance with security and governance best practices, eliminating unknown and unmitigated API security risks. The solution offers native real-time inline protection, blocking API attacks before they reach applications.

Cequence Security’s UAP platform is unparalleled in addressing all phases of the API protection lifecycle. It provides:

• Discovery: A continuous API attack surface discovery management product that assesses your application footprint, offering a complete inventory of external APIs.
• Compliance: A security posture management product that identifies security risks in APIs, ensuring compliance with specifications, security test requirements, and governance best practices.
• Protection: Detects and prevents sophisticated automated API attacks and business logic abuse using advanced machine learning rules, providing real-time protection without relying on third-party components.

“Our collaboration with Cequence fills a crucial void in the API security landscape,” said Nick Blyth, Managing Director at Singularity Tech. “Often, security and delivery teams operate in silos. By combining Singularity’s focus on technology implementation with Cequence’s best-in-class API security solutions, we provide a unified approach that empowers clients to navigate the complexities of API security, cybersecurity and compliance effectively.”

Explore AITechPark for the latest advancements in AI, IOT, Cybersecurity, AITech News, and insightful updates from industry experts!

The post Cequence and Singularity announced new Strategic Partnership first appeared on AI-Tech Park.

Sensedia, a global leader in API and integration solutions, today announced the launch of Sensedia AI Copilot, a groundbreaking AI assistant designed to facilitate all steps of API Management, Governance and Application Integrations.

The solution embeds over 17 years of Sensedia’s expertise in designing API strategies and best practices. Sensedia AI Copilot can be tuned to understand each customer’s business context and combine API Management and Governance best practices to suggest improvements, design APIs from scratch, detect security flaws and increase documentation accuracy. The solution can assess APIs published across multiple Gateways, ensuring comprehensive API management.

Unveiled at the APIX 2024 global customer conference, AI Copilot supports customers in aligning their API and integration strategies with business goals, transforming digital channels and integrated ecosystems.

“Sensedia’s AI Copilot leverages what generative AI does best — best practice assistance for developers and platform engineers to elevate API design through customized journeys, but more than that, the solution will impact every step of their API Journey. This solution leverages years of API design experience to deliver a simple, custom and ethically human-driven AI API experience to improve how businesses innovate,” says Lisa Arthur, Sensedia’s US Director and Global CMO.

How it works

Sensedia AI Copilot simplifies the entire API creation journey – from planning and design to implementation, testing and validation, documentation, deployment and management steps – and can now be navigated with simplicity, speed, and intuition with the assistance of artificial intelligence.

By applying years of industry best practices, the AI assistant enhances productivity and outcomes, resulting in robust and effective APIs that are easy to customize, adjust, publish and govern.

Users can securely upload their data to create custom APIs, with the AI suggesting journeys and access points aligned with market best practices for ease of use and security. The solution then generates APIs automatically, ready for customization and integration with Sensedia’s API Manager, allowing for flexible documentation management and automated contract creation.

“Sensedia AI Copilot is developed with a clear focus on assuring responsible AI. Our practices follow strict ethical guidelines to ensure transparency, equity and safety. We maintain human supervision at all critical stages of the process to avoid errors and ensure quality,” explains Kleber Bacili, CEO of Sensedia.

Bacili also points out other key capabilities for designing and creating APIs aligned with each company’s strategies. “Another significant differentiator of the solution is the secure uploading of documents into private databases. This new capability allows users to customize APIs to best support their business, strategy and planning processes. Sensedia customers will also see an improved response process as all captured data is authenticated and encrypted for the ultimate in security and risk mitigation.”

The Gartner® “Hype Cycle for Artificial Intelligence, 2023” shows that “AI engineering enables organizations to establish and grow high-value portfolios of AI solutions. Most AI development is currently limited by significant operational bottlenecks. With AI engineering methods — DataOps, ModelOps and DevOps — it is possible to deploy models into production in a structured, repeatable factory-model framework to realize significant value.”

Proven benefits

Sensedia customer uisa, one of the largest biorefineries in Brazil, successfully tested Sensedia AI Copilot, demonstrating several advantages. The solution accelerated uisa’s development process for creating and launching APIs. Sensedia AI Copilot simplified adherence to industry best practices, resulting in more robust and efficient APIs, reduced human errors and automation of repetitive processes, easier customizing and adjusting journeys and endpoints, and easier integration with Sensedia’s API Manager (complete API management platform).

According to Rodrigo Gonçalves, Technology and Innovation Director at uisa, Sensedia AI Copilot is not just an API creation tool; it generates business. “The solution helps us simplify our development and creation processes. Creating an API can be done by everyone. In other words, we are democratizing, putting more governance in the processes.”

Gonçalves adds that, with the solution, uisa’s technology team has more time to think about the business. “Something that used to take five or six days can now be completed in an hour or two hours, saving time. Putting intelligence into our processes offers enormous savings and efficiency for the company.”

Sensedia AI Copilot is a tool for increasing efficiency in delivering results, commented Gonçalves, “Here at uisa, our board is not only focused on technology and innovation but also on efficiency and increasing the company’s profitability. Sensedia AI Copilot frees up human resources to think about operational efficiency points and automates a usually complicated process. The solution simplifies business transformation.”

Next steps

Sensedia looks forward to further enhancing Sensedia AI Copilot’s functionalities and user experience through self-learning. The product can adopt the latest improvements, providing more accurate and contextualized predictions and suggestions in line with the continuous evolution of AI models.

“Sensedia AI Copilot does not replace human work but complements it by automating repetitive and error-prone tasks and allowing developers and architects to focus on the more strategic and creative aspects of the API Management and Governance initiatives. Using the solution enhances the user experience and adds value for the business,” Bacili highlights.

Gartner, Hype Cycle for Artificial Intelligence, 2023, By Afraz Jaffri, 19 July 2023.
GARTNER is a registered trademark and service mark of Gartner and Magic Quadrant is a registered trademark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and are used herein with permission. All rights reserved.

Explore AITechPark for the latest advancements in AI, IOT, Cybersecurity, AITech News, and insightful updates from industry experts!

The post Sensedia Launches AI Copilot to Accelerate and Enhance API Development first appeared on AI-Tech Park.

Check Point Software Technologies Ltd. (NASDAQ: CHKP), a leading AI-powered, cloud-delivered cyber security platform provider, reinforces its Web Application Firewall with the powerful API Discovery feature, aimed at strengthening organizations’ cloud assets. This innovative tool, combined with its cloud native prevention first capabilities, has positioned Check Point as a leading performer in GigaOm’s latest Radar for Application and API Security.

Amidst mounting concerns regarding cloud security, Check Point continues to focus on preventing cyber threats and safeguarding digital assets through a prominent Cloud Native Application Protection Platform (CNAPP) solution. Check Point CloudGuard WAF is an integral part of the CNAPP platform, offering robust cloud web application an API security and effectively preventing attacks from infiltrating the cloud environment. Unlike traditional Web Application Firewalls (WAFs), CloudGuard WAF leverages advanced machine learning instead of relying on traditional signatures to block known and unknown attacks, ensuring real-time threat detection and protection against zero-day attacks such as Log4j and MOVEit.

For two consecutive years, Check Point has been selected as a leader. This year, GigaOm analyst Don MacVittie notes that, “the biggest strength for Check Point CloudGuard WAF/open-appsec solution is API protection earning the highest score due to its innovative API import and API discovery.” MacVittie also highlights that, “Check Point is one of several vendors that flipped from Feature Play to Platform Play,” emphasizing our collaborative Infinity Platform.

The new API discovery feature provides organizations with comprehensive insight into their API inventory across cloud environments. It enables security teams to effortlessly identify publicly exposed or vulnerable APIs. Leveraging its AI-optimized Schema, CNAPP empowers organizations to access and enforce API security effectively, thereby reducing the risk of unauthorized access and data breaches. The significance of these capabilities is clear, as Check Point’s 2024 Cloud Security Report revealed a significant increase in cloud security incidents, from 24% in 2023 to 61% in 2024 (a 154% increase), highlighting the increasing complexity and frequency of cloud threats.

“API Discovery completes our CloudGuard CNAPP and WAF solution, offering an impressive level of protection for cloud-native applications,” said Oded Gonda, VP Technology & Innovation at Check Point Software Technologies. “By focusing on the needs of modern enterprises, Check Point provides both API Discovery and protection for known attacks as well as pre-emptive protection countering future attacks.”

Read a complimentary copy of the GigaOm Radar for Application and API Security (AAS) here.

Follow Check Point via:
LinkedIn: https://www.linkedin.com/company/check-point-software-technologies
Twitter: https://www.twitter.com/checkpointsw
Facebook: https://www.facebook.com/checkpointsoftware
Blog: https://blog.checkpoint.com
YouTube: https://www.youtube.com/user/CPGlobal

Explore AITechPark for the latest advancements in AI, IOT, Cybersecurity, AITech News, and insightful updates from industry experts!

The post Check Point Software Advances API Security for Digital Transformation first appeared on AI-Tech Park.

Leveraging 25 years of industry expertise, Costa has played a pivotal role in crafting a vibrant and highly effective channel program at Salt Security. A crucial aspect of Costa’s work has been focused on raising awareness in emerging markets around the critical importance of ensuring robust security for APIs. This emphasis is particularly timely, given the exponential demand for API security solutions. By championing this cause, she has not only strengthened long-term relationships with partners but also positioned them as thought leaders in their regions.

“It is an honor to be named as a Woman of the Channel once again, representing Salt Security.” said Daniela Costa, Sales Director, Latin America at Salt Security. “My 25-year career in technology has been composed through close collaboration with partners and I am very grateful to everyone who has supported me throughout my journey. Future success with partners hinges on building trust and establishing a continuous exchange of experiences. By fostering an ongoing exchange of experiences, we can create an ideal scenario where everyone benefits and thrives.”

In this last year, Costa also spearheaded the Sales Certification – Associate Level, an entry-level sales training program. This comprehensive initiative covered how to effectively position and license Salt’s platform, and highlighted unique technical differentiators. To better serve local partners in Latin America, the program was delivered in both Portuguese and Spanish. This strategic approach led to remarkable success, with over 170 sales certifications issued to LATAM partners within the year.

“It is a great privilege to honor the remarkable achievements of these women leaders in the IT channel,” said Jennifer Follett, VP, U.S. Content and Executive Editor, CRN at The Channel Company. “Each woman on the list has demonstrated a deep commitment to innovation and leadership that advances their organizations and drives transformation and success across the IT channel.”

Annually, CRN recognizes women from vendor, distributor, and solution provider organizations whose vision and leadership positively impact the technology industry. Through this acknowledgment, CRN celebrates these women for their steadfast commitment to advancing channel excellence.

Explore AITechPark for the latest advancements in AI, IOT, Cybersecurity, AITech News, and insightful updates from industry experts!

The post Salt Security’s Daniela Costa named in CRN Women of the Channel 2024 first appeared on AI-Tech Park.

Akamai Technologies, Inc. (NASDAQ: AKAM), the cloud company that powers and protects life online, announces that it has entered into a definitive agreement to acquire application programming interface (API) security company, Noname Security. Noname, one of the top API security vendors in the market, will enhance Akamai’s existing API Security solution and accelerate its ability to meet growing customer demand and market requirements as the use of APIs continues to expand. Akamai also expects to gain greater scale with Noname’s additional sales and marketing resources, and established channel and alliance relationships.

“Applications run our world, but as applications and users proliferate, so do security risks,” said Mani Sundaram, executive vice president and general manager, Security Technology Group, Akamai Technologies. “Akamai has seen a growing need for API protection with our own data showing 109% year over year growth in API attacks. With the addition of Noname, Akamai believes it will have the breadth of integrations and deployment choices needed to deliver comprehensive API protection for customers across all environments.”

As a result of the acquisition, Akamai expects to offer a complete API security suite enabling customers to better discover “shadow” APIs and detect vulnerabilities and attacks. Akamai’s enhanced offering expects to have greater deployment choices for customers and access to a portfolio of technology integrations that is unrivaled in the market. Akamai also plans to integrate Noname for use by customers of Akamai’s Application and API platform shortly after the acquisition is closed.

“API development continues to proliferate as customers prioritize their investments in application modernization and digital transformation initiatives,” said Oz Golan, chief executive officer and co-founder, Noname. “Combining Noname with Akamai’s API Security offering will provide a solution for any type of customer. No matter where the customer’s applications reside – be it in the cloud, natively on the edge, on-premise, or on other vendor platforms – they will be protected.”

Under terms of the agreement, Akamai has agreed to acquire all of the outstanding equity of Noname for approximately $450 million, after customary purchase price adjustments. The closing of the transaction, which is subject to customary closing conditions, is expected to occur in the second quarter of 2024.

For the fiscal year 2024, the acquisition is anticipated to deliver approximately $20 million of revenue, be dilutive to non-GAAP operating margin by approximately 0.50%, and be dilutive to non-GAAP net income per diluted share by approximately $0.10. On its upcoming quarterly earnings call scheduled for May 9, 2024, Akamai plans to provide first quarter financial results and second quarter and full year 2024 financial guidance, including any expected impact from Noname.

Noname, headquartered in San Jose, California, is a privately funded company. Noname’s over 200 employees, including CEO and Co-founder, Oz Golan, are expected to join Akamai’s Security Technology Group.

For more information, visit the Akamai application and API security page.

Explore AITechPark for the latest advancements in AI, IOT, Cybersecurity, AITech News, and insightful updates from industry experts!

The post Akamai Announces Intent to Acquire API Security Company Noname first appeared on AI-Tech Park.

Salt Security, the leading API security company, today announced the debut of its AI-infused API Security Protection Platform powered by Pepper, the company’s Large Language Model (LLM) artificial intelligence. The launch of the platform marks the next generation of API security, leveraging AI throughout every aspect of the API lifecycle, to streamline and bolster API discovery, posture assurance, and threat detection, to mitigate risks faster.

Generative AI has enabled developers to create applications and APIs faster than ever before and at a vast scale. With the speed of API creation dramatically increasing, new risks are created that current technology is not equipped to keep pace with.

According to Gartner^®, “The soaring prevalence of APIs, along with the lack of organizational awareness as to their extent, has created an expansive attack surface just waiting to be exploited by malicious actors*.”

“Our business depends on securely and quickly delivering finance-related APIs for our partners and customers as we provide banking as a service,” said Nuno Teodoro, Vice President, Group Cybersecurity. “With the GenAI landscape evolving at a fast pace, especially targeting, directly or indirectly, software development of critical products, we must lean on core capabilities from our technological partners, especially where API security is considered. Salt’s AI-infused API security platform is a perfect example of supporting the delivery of secure APIs that adhere to our policies and best practices, thus giving us the confidence that cyber resilience is incorporated into the APIs security life-cycle.”

Leveraging generative AI, Salt’s platform protects organizations from the risks associated with the speed and scale of new application development. As APIs are the nucleus of current and future applications, with the launch of Salt’s new platform, the company is uniquely positioned to deliver the next phase of application security.

With the latest expansion to its offering, the Salt platform now delivers:

• Enhanced API Continuous Discovery: At the outset, Salt Security’s AI engine excels in the discovery phase by acting as an exhaustive investigator across the application landscape. It leverages machine learning to automatically detect all APIs, including those that are undocumented or embedded within microservices, ensuring comprehensive visibility over the network, leaving no API hidden and vulnerable. This level of comprehensive discovery is unparalleled in the industry, ensuring that no API remains unnoticed or vulnerable. While APIs are continuously created at speed by GenAI, the Salt Platform continually analyzes the API ecosystem to ensure the inventory is up to date.
• API Posture Assurance: Moving to the next phase, Salt Security employs its AI-driven Posture Governance to monitor and analyze API configurations proactively. This AI system is adept at identifying deviations from security best practices and highlighting insecure configurations. By maintaining continuous surveillance, Salt Security aids organizations in upholding a robust API security posture, thus preventing potential breaches.
• Robust API Behavioral Threat Protection:   In the crucial phase of threat detection, Salt Security’s patented Behavioral Threat Protection comes into play. The AI system analyzes API traffic in real-time, drawing from extensive datasets of known attack patterns. It is capable of detecting anomalies, suspicious activities, and potential zero-day exploits. Moreover, its adaptive learning algorithm, which evolves based on new data and past incidents, provides a dynamic and robust defense mechanism that is critical in today’s fast-paced threat environment.

And to bolster the risk reduction, the Salt Labs team continues to discover API security flaws that translate to functionality added to the product.  A recent example is with the critical security flaws within ChatGPT plugins, which could have allowed unauthorized access to third-party accounts and sensitive user data.  Salt now has advanced OAuth protection built into the platform.

According to the Salt Labs State of API Security Report, Q1 2023, 59% of respondents manage more than 100 APIs, and 25% manage more than 500. 27% also stated that they’ve more than doubled their API count over the past year. This number is only set to increase as organizations leverage generative AI within business operations, which can lower the timeline of code and API creation from days to minutes or even seconds. Traditional API security solutions, such as API gateways, web application firewalls (WAFs) and content delivery network (CDN) solutions, already struggle to keep pace with the expanding API attack surface and the introduction of generative AI further impedes their ability to deliver robust API protection.

With these enhancements, customers can now deliver an API-first model for modern applications to quickly and securely scale business operations, while simultaneously ensuring that they remain compliant with company as well as industry API policies and standards. Salt is the first security vendor to utilize AI throughout an API security platform. The new offering is available to organizations as a SaaS solution or managed security service delivered by Salt.

“Since founding the API security market, AI and ML have always been core components of our platform in order to provide organizations with the deep context and behavioral insights needed to mitigate the most sophisticated API security threats,” said Michael Nicosia, COO and co-founder, Salt Security. “The recent growth of utilizing generative AI within business operations has not only expedited the volume of APIs, but also given attackers the means to launch more tactical attack campaigns. Leveraging generative AI for good, we have instilled our own LLM, Pepper, into our platform to help organizations solve the complex problems which generative AI creates in an easy to use and understand interface. With Pepper, organizations will experience enhanced API inventory management and documentation, streamlined threat and incident response, as well as robust API posture governance.”

Salt will be hosting a webinar showcasing the new platform capabilities on Thursday, May 30 at 9am PT/12pm ET. To register for the webinar, “How Salt Security Uses AI for API Discovery, Posture Governance & Threat Detection,” please visit: https://content.salt.security/salt_security_ai_webinar.html

To learn more about Salt Security or to request a demo, please visithttps://content.salt.security/demo.html.

*Gartner, API Security Maturity Model, By William Dupre, Gary Olliffe 2 April 2024
GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.

Explore AITechPark for the latest advancements in AI, IOT, Cybersecurity, AITech News, and insightful updates from industry experts!

The post Salt Security announced First AI-Infused API Security Platform first appeared on AI-Tech Park.

Traceable AI, the industry’s leading API security company, today announced a $30 million strategic investment from a group of investors, including Citi Ventures – the venture arm of Citigroup, lead investor IVP, Geodesic Capital, Sorenson Capital, and Unusual Ventures.

This strategic investment highlights the growing recognition of API security as a critical challenge for enterprises across industries, particularly within the heavily-regulated financial sector. Traceable’s impressive 300% year-over-year growth further demonstrates its ability to deliver comprehensive API security solutions and excel in the enterprise market.

“Traceable has set the benchmark for API security across a wide range of enterprises, including financial institutions, healthcare providers, retail giants, and global telecom providers. Traceable’s commitment to serving customers in nearly every sector reflects their deep understanding of the diverse API security challenges businesses face. Their platform delivers the visibility and protection required to secure thousands of API endpoints and over 500 billion API calls per month,” said Matt Carbonara, Managing Director at Citi Ventures. “Traceable’s commitment to innovation and focus on customer success are why we’re excited to partner with them. Citi Ventures looks forward to supporting Traceable’s growth as they address a critical challenge in the industry and scale solutions that empower businesses worldwide.”

This investment will propel Traceable’s next growth phase, empowering the company to supercharge product innovation, bolster security research initiatives, and strategically scale its sales, marketing, and channel partner programs worldwide.

“At Traceable, we’re driven by the mission to make every API a source of secure innovation and remove any potential risks,” said Jyoti Bansal, CEO and co-founder of Traceable. “The recent attention Traceable has received from enterprise customers, security practitioners, and investors alike underscores that organizations understand the strategic importance of API security. This investment accelerates our ability to help businesses innovate fearlessly with APIs, knowing they have unmatched protection. It strengthens our commitment to serve large enterprise customers and pioneer new solutions in API security.”

“The explosive growth of APIs presents both huge opportunities and critical security challenges. Traceable’s leadership in this space is undeniable, delivering an innovative and differentiated solution that organizations need to thrive in this API-driven world,” said Steve Harrick, general partner at IVP. “IVP is proud to back Traceable and Jyoti once again to fuel their continued success and rapid progress. Traceable’s mission to secure APIs is transforming the way businesses operate and helping organizations innovate with confidence.”

This investment comes at a time when organizations are urgently seeking solutions to address the escalating risks of API attacks. This urgency is underscored by Traceable’s recent 2023 Global State of API Security Report, which revealed that 60% of organizations experienced a data breach in the past two years, with 74% having at least three API-related breaches. These findings reinforce the growing recognition that a proactive approach to API security is essential for safeguarding businesses in a world increasingly dependent on APIs.

Explore AITechPark for the latest advancements in AI, IOT, Cybersecurity, AITech News, and insightful updates from industry experts!

The post Traceable AI secures $30M Strategic Investment Round first appeared on AI-Tech Park.

ThreatX, a visionary innovator in application and API security, today announced it has extended its Runtime API and Application Protection (RAAP) offering to provide always-active API security from development to runtime, spanning vulnerability detection at Dev phase to protection at SecOps phase of the software lifecycle.

By combining runtime detection and dynamic scanning with protection, ThreatX’s RAAP solution empowers DevSecOps to detect and remediate vulnerabilities earlier, while protecting vulnerable APIs – all within one platform. Leveraging extended Berkeley Packet Filter (eBPF) technology, RAAP enables real-time, persistent observability into API/App architecture, traffic data exchanges, vulnerabilities, and threats (including zero-day attacks). It endlessly observes application/API security posture, east-west and north-south, so that vulnerabilities and attacks cannot take place unnoticed from development to production environments, thus fostering collaboration between DevOps and Sec teams through a unified platform. The latest Always-Active API Security capabilities enable Dev to remediate vulnerabilities early and Sec to protect what has not been remediated.

Traditional application and API security solutions fall short in providing one essential element: real-time, continuous observability across the entire DevOps cycle. On one hand – monitoring technologies, such as WAF/WAAP – inspect security posture continuously, but only at SecOps phase and without deep insight into application/API architecture. On the other hand – scanning technologies, such as SAST, DAST, and SCA – provide insight into application/API architecture but do it only at Dev phase and on an intermittent, non-continuous basis. With the latest Always-Active API Security capabilities, ThreatX RAAP offers a solution to those deficiencies by combining the best of monitoring and scanning capabilities.

“The CISOs I speak to consistently emphasize the need for a solution that combines the functionalities of WAF, RASP, and DAST or SAST, rather than having multiple standalone AppSec tools. Having the ability to consolidate all these functions into one platform will decrease operational burden, reduce complexity, and foster collaboration between DevOps and security teams,” said Gene Fay, CEO at ThreatX. “We are excited to provide these unified runtime and dynamic API testing capabilities by extending ThreatX’s RAAP offering, enabling DevSecOps to remediate vulnerabilities like never before.”

ThreatX RAAP is easily deployed as a sidecar container within a Kubernetes (K8) environment without requiring an in-line deployment. It may be installed as a standalone solution or coupled with the ThreatX API & Application Protection – Edge solution.

Learn more about ThreatX Always-Active API Security capabilities by taking a product tour or visiting us at RSA Conference (Booth 3103) May 6^th – 9^th in San Francisco, CA. Follow ThreatX on LinkedIn for more event details.

Explore AITechPark for the latest advancements in AI, IOT, Cybersecurity, AITech News, and insightful updates from industry experts!

The post ThreatX extends RAAP for API security from development to runtime first appeared on AI-Tech Park.