API security: Shield your APIs from attackers

Why are APIs being targeted? Software AG’s partnership with Salt Security is an example of how we are working to address the growing issue of API Security.

Brenton House Brenton House

APIs are everywhere and many of them handle sensitive and valuable data that can be very attractive to a potential attacker.

This has made them one most frequent cyberattack targets in 2022. So why are APIs being targeted? Part of the reason is that they are powering most things: No matter what industry or government sector you examine, you will find APIs powering the economy. Every mobile app and cloud-native application uses APIs to manage data and add valuable features to each product.

The type of data that is transmitted is one reason, but another is that APIs provide data in a very structured format which makes it easy to use in all types of applications. This ease of use can also make it easier to find vulnerabilities when examined by malicious parties.

Investing in API security

According to a recent Gartner CIO and Technical Executive survey, cyber and information security are at the top of the list for planned investments in 2022. This is not surprising as business leaders are feeling the pressure to put budget and resources behind cybersecurity to protect their APIs, data, customers, and the reputation of their companies.
There are multiple opportunities to protect your APIs throughout the full API lifecycle. The terms “Shift Left” and “Shield Right” are used to describe where and when you should enable protection.

“Shift Left” is referring to shifting your security focus to the beginning of the API lifecycle process and to integrate it into the design and development of an API which works to help protect it in every other step of the API lifecycle all the way to the retirement of an API. If a potential vulnerability can be discovered and fixed before your API is published, you will have eliminated potential runtime threats to your APIs.

“Shield Right” is talking about the emphasis on continuing to protect your APIs at runtime and beyond. An API gateway like Software AG webMethods, provides runtime protection for your APIs and works well with other security products. These can work together to provide a defense against unknown attacks using a combination of AI/ML and defined algorithms and policies.

A seamless integration between Software AG webMethods API Gateway and other API security products can provide a holistic API security solution that aligns with the cybersecurity strategy for your organization. Software AG’s partnership with Salt Security is an example of how Software AG is working to address this rapidly growing issue of API Security.

As you know, an API gateway is a core and essential component of your API security strategy but it is also critical that your API gateway is able to easily integrate with other API security products, such as those provided by Salt Security.

In a recent interview, Michelle McLean, Vice President for Marketing at Salt Security, was able to share how Salt Security is addressing the issue of API Security and how easily Salt Security integrates with webMethods API Gateway to shield and protect your APIs and data.

Watch the full video below to learn more about API Security and the partnership between Software AG and Salt Security.