Insufficient logging and monitoring combined with missing or ineffective integration with incident response, allows attackers to perform reconnaissance, exploit or abuse APIs, compromise systems, maintain persistence, advance attacks, and move laterally across environments without being detected. The longer an attacker is present in an environment the higher the likelihood the attack will result in a breach, brand or reputation damage, or some other negative impact to the company or its service.
Without visibility over ongoing malicious activities, attackers have plenty of time to perform reconnaissance, pivot to more systems, and tamper with, extract or, destroy data.
Traditional security controls like WAFs and API gateways provide limited logging, monitoring, alerting and incident response capabilities. These security controls alert based on every anomaly without the ability to decipher between benign and malicious abnormal behavior. This results in an overwhelming number of alerts that can be seen as “noise” by SOC and incident response teams, lead to SecOps fatigue and result in the organization missing high priority security incidents that turn into breaches.
API security solutions must be able to monitor and analyze all API activity and provide proper logging and incident response capabilities, such as feeding actionable security events into the organization’s security information and event management (SIEM). By analyzing all API activity, an API security solution can differentiate between benign and malicious abnormal behavior, reducing false positives and low priority alerts. These solutions must also correlate event data to provide a consolidated view of attacker activity, consolidated alerts, and detailed attacker timelines to help accelerate incident response and forensic investigations.
Salt Security streamlines API security with automated protection for TripActions
Salt Security named by CRN as a top emerging vendor in security for our leadership role in API security