With the gradual increase in the number of APIs (Application Programming Interface), spreading across the corporate infrastructure, API is also emerging as the largest attack surface in applications and a big target for threat actors and cyber attackers.
According to industry experts, the increase in integrated web and mobile offerings that requires data exchange between products of multiple organizations and the reliability of mobile apps on APIs, has eventually led to growth, making API security a huge challenge for CIOs today.
A 2022 survey by 451 Research found that 41% of organizations surveyed had an API security incident in the last 12 months; 63% of respondents said the incident involved a data breach or loss.
Consequently, cybersecurity startup Wib is looking to zero in on API security. Wib further announced a $16 million investment led by Koch Disruptive Technologies (KDT), the growth and venture arm of Koch Industries, Inc, with participation from Kmehin Ventures, Venture Israel, Techstars, and existing investors.
Blocking API attacks in the network:
According to a report by GigaOm research, API security products were developed before API use expanded to the extent seen today and “were based upon the idea that it is asking for failure to insist developers secure the code they write. The report added that “most developers do not knowingly create insecure code,” if they inadvertently develop code with vulnerabilities, most likely because they are unaware of what vulnerabilities an API might suffer from.
“Once API security was in use, though,” the report said, “IT quickly discovered a new reason to use a security product: Some vulnerabilities are far easier blocked in the network than in each and every application.”
The report inferred that the idea that it is more effective in blocking some attacks in the network, including data centers, cloud vendors, and SaaS providers — before access to the API occurs, has spurred demand for products that can do this.
According to Wib, its API security platform aims at providing visibility across the entire API landscape, right from code to production. This would help unify software developers, cyber defenders, and CIOs around a single holistic view of their complete API domain.
The platform could leverage real-time inspection, management, and control at every stage of the API lifecycle to automate inventory and API change management, according to the company. Wib was created to identify rogue, zombie, and shadow APIs and analyze business risk and impact, helping organizations reduce and harden their API attack surface.
According to Gil Don, CEO, and co-founder of Wib, API has moved into the spotlight in the past years. “Organizations are using them as the basis of a new generation of complex applications, underpinning their move to competitive and agile digital business models,’’ says Don.
A Whole New Category of Cyber Threat
Don explains that APIs account for 91% of all web traffic and they fit with the trend towards microservices architectures and the need to respond dynamically to rapidly changing market conditions. But APIs have given rise “to a whole new category of cybersecurity threats that explicitly targets them as a primary attack vector. Web API traffic and attacks are growing in volume and severity.”
Over half of APIs are invisible to business IT and security teams. “These unknown, unmanaged, and unsecured APIs are creating massive blind spots for CIOs that expose critical business logic vulnerabilities and increase risk,’’ Don continues.
On the other hand, GigaOm report called out Wib for its API source code scanning and analysis “with an eye toward API weaknesses.” Wib’s platform “provides automatic API documentation to create up-to-date documentation, as well as snapshots of changes to APIs and their risks every time they see a commit to code,” the report further read.
As its operations grow across the Americas, UK, and EMEA, Wib says the investments will be used in order to improve its comprehensive API security platform and accelerate international growth.
