Google Cloud API Security is undergoing a transformation, the company announced Thursday – a new advanced API security framework will help users identify potential threats, block bot traffic and detect data breaches due to API incorrect configuration or attack.
Advanced API Security is an increase from the company’s 2016 acquisition of Apigee, which became part of Google’s $ 625 million deal. According to Google, the new system allows users to dig deeper into API traffic to detect unusual patterns, which could be a sign of exploitation of progress.
API abuse is one of the main vectors for attacks against web applications, and the company predicts, citing a study by Gartner, that API violations will become the top attack method used against those targets as of this year. The system regularly checks all APIs operated by a given system and automatically flags up issues in the IT department when potential issues are identified. Users can set standard security policies that the API must comply with, which will automatically flag the system if it is violated again.
The system also uses predefined rules to detect bot traffic in information sent or received through the API – abnormal traffic patterns caused by bots will issue a warning and report the incident to the IT team. Even bots that successfully receive an HTTP 200 OK response code can be identified by the system, which Google says will help detect data breaches.
API attacks hit healthcare, financial services
Google has identified both the financial services and pharmaceutical industries as particularly sensitive to API-based threats. The healthcare system uses a broad interconnected API that allows providers to securely share information with insurance companies and provide automated treatment recommendations, creating a vulnerable attacking surface for bad actors to access patient data.
Similarly, the financial services sector handles large amounts of highly valuable transactional data and requires extensive API support for open banking standards to work. Again, this makes it a tempting target for malicious hackers.
“API security has become an important battleground for business risk,” Google Cloud product chief developer Anand said in an official blog post announcing the new security features. “This growing shift in the digital experience has resulted in increased API usage and traffic volume.”
Today’s announcement states that the new system is only a preview version, and does not provide a target date for general availability.
Copyright © 2022 IDG Communications, Inc.