Google Cloud Announces Advanced API Security

Google-Cloud-Announces-Advanced-API-Security-through-Apigee

Advanced API Security capability in Apigee specialises in detecting bots and identifying API misconfigurations

Google recently announced the public preview of Advanced API Security, a comprehensive set of API security capabilities built on Apigee, their API management platform. With the new capability, customers can detect security threats more efficiently.

The company acquired Apigee in 2016, integrating the startup’s cloud-based API creation and management platform into a service available for Google Cloud Platform customers. Subsequently, more capabilities and features were added to the service, such as monitoring capabilities and more security enhancements with the integration of Cloud Armor and Cloud Identity and Access management. The latest addition is Advanced API Security.

“Advanced API Security can make it easier for API teams to identify API proxies that do not conform to security standards. To help identify APIs that are misconfigured or experiencing abuse, Advanced API Security regularly assesses managed APIs and provides API teams with a recommended action when configuration issues are detected,” said Vikas Anand, Director of Products, Google Cloud.

Advanced API Security capability in Apigee specialises in detecting bots and identifying API misconfigurations. When it detects configuration issues, the service assesses managed APIs and recommends actions, and it uses pre-configured rules to identify malicious bots within API traffic. Each rule represents a specific type of unusual traffic from a single IP address; if an API traffic pattern matches any of the regulations, Advanced API Security flags it as a bot. Google brings the Advanced API Security to respond to increasing API-driven attacks.

According to a recent Cloudentity study, 44 per cent of companies have experienced significant API authorisation issues involving privacy, data leakage, and object property exposure with internal and external-facing APIs. Companies like LinkedIn, Peleton, Marriott, and Parler have fallen victim to API-driven attacks within the last few months. Gartner forecasts that APIs will be the most common point of attack this year.

Furthermore, Google is facing more competition in the API security segment with newly API-focused cybersecurity products such as Salt Security, Noname Security, and Neosec. At the same time, established vendors like Barracuda, Akamai, and Cloudflare have expanded their offerings. Lastly, Advanced Security API is free of charge during the public preview.