Akamai launches new API security tool
APIs have become an important mechanism in the modern web, allowing organizations to create powerful web and mobile experiences, using back end data and logic to create new and innovative offerings.
But in order to use them safely they need to be secured and that means understanding what APIs there are in your environment, what their function is and what their traffic profile looks like.
In order to tackle this, Akamai is launching an update to its Intelligent Edge Platform which includes a new API security tool. The API Discovery and Profiling capability automatically and continuously discovers APIs based on a scoring mechanism that takes into account response content-type, path characteristics and traffic patterns.
The discovery information covers information including the hostname, basepath, resource path, parameters and their data type and the format of the API itself. The traffic profile looks at total requests since the API was first discovered, in the last 24 hours and trend over time; the date the API was initially discovered and last seen, the number of response errors, number of hits from known bad actors and more.
The tool's UI provides an easy one-click workflow to register the newly discovered API or resource for an already registered API. The API can then be protected against Injection attacks, credential abuse, brute force, denial or service and the specification of the API can be enforced at the Akamai edge.
Amol Mathur, senior director at Akamai writing on the company's blog says:
Protecting APIs can be a significant hurdle if you lack visibility. How can you protect what you can't see? Visibility is the first step in protecting your application, infrastructure, and end-user data. With Akamai, you can automatically and continuously discover and profile APIs, including their endpoints, definitions, and resource and traffic characteristics. Akamai's cloud- and origin-agnostic approach allows for easy discovery across your entire application estate without any additional configuration required by the end user. This visibility enables developers, application owners, and security teams to stay ahead of new, unknown, or changing APIs and easily register them for protection. Once APIs are identified, Akamai provides broad protection to deal with DoS, malicious injection, credential abuse attacks, and API specification violations.
The tool will be showcased at Edge Live |Adapt on November 10 and 11.