Google Cloud previews advanced new API security features

Google Cloud API security is getting a facelift, the company announced Thursday— a new Advanced API Security framework will help users identify potential threats, weed out bot traffic and identify data breaches caused by API misconfigurations or attacks.

Advanced API Security is an outgrowth of the company’s 2016 acquisition of Apigee, which became part of Google in a $ 625 million deal. According to Google, the new system allows users to dig more deeply into API traffic to detect unusual patterns, which may be signs of an exploit in progress.

API abuse is one of the major vectors for attacks against web applications, and the company cited a Gartner study as predicting that API breaches will become the top attack method used against those targets as of this year. The system regularly checks all APIs managed by a given system and automatically flags up issues to the IT department if potential problems are detected. Users can also designate standard security policies to which APIs must conform, which, again, the system will flag automatically if violated.

The system also uses preset rules to identify bot traffic within information being sent or received via API — unusual traffic patterns caused by bots will throw an alert and report the incident to the IT team. Even bots that successfully receive an HTTP 200 OK response code can be identified by the system, which Google says will help identify data breaches after the fact.

API attacks hits healthcare, financial services

Google cited financial services and medicine as two industries particularly susceptible to API-based threats. The healthcare system uses a wide range of interconnected APIs to allow providers to safely share information with insurance companies, and provide automated treatment recommendations, creating a vulnerable attack surface for bad actors looking to access patient data.

Similarly, the financial services sector handles large amounts of highly valuable transactional data, and open banking standards require extensive API support in order to function. Again, this creates a tempting target for malicious hackers.

“API security has become an important battleground over business risk,” said Google Cloud head of product Vikas Anand in an official blog post announcing the new security features. “This increasing shift to digital experiences has grown API usage and traffic volumes.”

Today’s announcement said that the new system is a preview version only, and did not provide a target date for general availability.

Copyright © 2022 IDG Communications, Inc.

Source

Google Cloud API security is getting a facelift, the company announced Thursday— a new Advanced API Security framework will help users identify potential threats, weed out bot traffic and identify data breaches caused by API misconfigurations or attacks.

Advanced API Security is an outgrowth of the company’s 2016 acquisition of Apigee, which became part of Google in a $ 625 million deal. According to Google, the new system allows users to dig more deeply into API traffic to detect unusual patterns, which may be signs of an exploit in progress.

API abuse is one of the major vectors for attacks against web applications, and the company cited a Gartner study as predicting that API breaches will become the top attack method used against those targets as of this year. The system regularly checks all APIs managed by a given system and automatically flags up issues to the IT department if potential problems are detected. Users can also designate standard security policies to which APIs must conform, which, again, the system will flag automatically if violated.

The system also uses preset rules to identify bot traffic within information being sent or received via API — unusual traffic patterns caused by bots will throw an alert and report the incident to the IT team. Even bots that successfully receive an HTTP 200 OK response code can be identified by the system, which Google says will help identify data breaches after the fact.

API attacks hits healthcare, financial services

Google cited financial services and medicine as two industries particularly susceptible to API-based threats. The healthcare system uses a wide range of interconnected APIs to allow providers to safely share information with insurance companies, and provide automated treatment recommendations, creating a vulnerable attack surface for bad actors looking to access patient data.

Similarly, the financial services sector handles large amounts of highly valuable transactional data, and open banking standards require extensive API support in order to function. Again, this creates a tempting target for malicious hackers.

“API security has become an important battleground over business risk,” said Google Cloud head of product Vikas Anand in an official blog post announcing the new security features. “This increasing shift to digital experiences has grown API usage and traffic volumes.”

Today’s announcement said that the new system is a preview version only, and did not provide a target date for general availability.

Copyright © 2022 IDG Communications, Inc.

Source

More from author

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Related posts

Advertismentspot_img

Latest posts

Multiple Vulnerabilities Discovered in Device42 Asset Management Appliance

A series of vulnerabilities on the popular asset management platform Device42 could be exploited to give attackers full root access to the system, according...

Top 5 best backup practices

Give yourself peace of mind by implementing a new backup strategy with our tips....

Indian Power Sector targeted with latest LockBit 3.0 variant

Estimated reading time: 5 minutesAfter the infamous Conti ransomware group was disbanded, its former members began to target the energy and power sectors...

Want to stay up to date with the latest news?

We would love to hear from you! Please fill in your details and we will stay in touch. It's that simple!