Video

Deep Dive: Why Can't We Solve API Security?

CISOs, Analysts Explore Solutions to Visibility, Governance and Incident Response
Watch this "Deep Dive" special report on API security with Information Security Media Group's Anna Delaney.

APIs are the connections that make digital business happen. Companies on average rely on more than 15,000 APIs to perform transactions and access data, but these interfaces also pose security risks. In this "Deep Dive" special report, ISMG's Anna Delaney explore how security leaders are overcoming problems such as API discovery, testing, governance and incident response.

See Also: Building Better Security Operations Centers With AI/ML

"Everything is API-based, and there are some great advantages and great disadvantages," said Rick Doten, vice president and CISO at Centene Corp., which provides managed care services to the healthcare industry. "The disadvantages, of courses, are the surface area expansion, and you're dealing with external and internal APIs. But the advantage is: It's a lot easier to get telemetry from everything because everything is API-based."

API security poses unique challenges because inventorying and securing APIs requires higher levels of collaboration with the software development team and an understanding of both traditional security controls and potential flaws in business logic that can be exploited.

"Threat actors have understood that they don't need to breach systems at all. They can just siphon off data - right through vulnerable APIs," said Aseem Rastogi, global head of security research at Snowbit by Coralogix, who previously led security for a tech firm that built APIs.

The complexity of today's hybrid IT environments have reduced the visibility of API flaws, and this poses potential risks to operations too, said Dinis Cruz, CISO, OWASP project leader and founder of The Cyber Boardroom. "API security is not a security problem," Cruz said. "API security is an engineering problem."

In this "Deep Dive" report, Delaney spoke with experts and analysts about:

  • The security risks posed by weak encryption, unauthorized access, malicious code injection, poor visibility and an emerging threat - insecure code written by generative AI tools;
  • The strengths and weaknesses of the API security tools available today and the advancements needed in the area of testing;
  • Strategies for improving API visibility and governance across the enterprise.

In This Episode

  • Sandy Carielli is a principal analyst at Forrester advising security and risk professionals on application security, with an emphasis on the collaboration among security and risk, application development, operations and business teams.
  • Doten is a cyber risk management thought leader with more than 30 years of experience in the IT industry, the last 25 focused specifically on cybersecurity. He has worked as both the CISO of a multinational company and a management consultant performing risk management and risk engineering to mature customer security and privacy programs. He is a member of the CyberEdBoard.
  • Rastogi has more than 25 years of experience in all aspects of cybersecurity and compliance with deep experience in defining, building and scaling high-performance security teams and businesses. He has led IT and security programs at a variety of large organizations. He is a member of the CyberEdBoard.
  • Cruz is a CISO and the founder of The Cyber Boardroom startup. He has more than 20 years of experience in security and software development and is focused on creating generative-AI powered teams and environments where engineering and security are enablers and accelerators for the business. He is a member of the CyberEdBoard.

About the Author

Anna Delaney

Anna Delaney

Director, Productions, ISMG

An experienced broadcast journalist, Delaney conducts interviews with senior cybersecurity leaders around the world. Previously, she was editor-in-chief of the website for The European Information Security Summit, or TEISS. Earlier, she worked at Levant TV and Resonance FM and served as a researcher at the BBC and ITV in their documentary and factual TV departments.

Cal Harrison

Cal Harrison

Editorial Director, ISMG

Harrison helps ISMG readers gain new perspectives on the latest cybersecurity trends, research and emerging insights. A 30-year veteran writer and editor, he has served as an award-winning print and online journalist, mass communication professor and senior digital content strategist for DXC Technology, where he led thought leadership, case studies and the Threat Intelligence Report for the Fortune 500 firm's global security, cloud and IT infrastructure practices.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.in, you agree to our use of cookies.