Subscribe to the Salt blog

Privacy Policy

Get the latest Gartner® insights on API Protection

Learn more

API10:2019 Insufficient Logging & Monitoring

Michael IsbitskiMichael Isbitski
Feb 18, 2021

Description

Insufficient logging and monitoring combined with missing or ineffective integration with incident response, allows attackers to perform reconnaissance, exploit or abuse APIs,  compromise systems, maintain persistence, advance attacks, and move laterally across environments without being detected.  The longer an attacker is present in an environment the higher the likelihood the attack will result in a breach, brand or reputation damage, or some other negative impact to the company or its service.

Potential Impact

Without visibility over ongoing malicious activities, attackers have plenty of time to perform reconnaissance, pivot to more systems, and tamper with, extract or, destroy data.


Learn how app architecture and attack surfaces are changing, how app security needs to evolve, and how to empower security.

Why Existing Tools Fail to Protect You

Traditional security controls like WAFs and API gateways provide limited logging, monitoring, alerting and incident response capabilities.  These security controls alert based on every anomaly without the ability to decipher between benign and malicious abnormal behavior.  This results in an overwhelming number of alerts that can be seen as “noise” by SOC and incident response teams, lead to SecOps fatigue and result in the organization missing high priority security incidents that turn into breaches.

How to Protect Against Insufficient Logging & Monitoring

API security solutions must be able to monitor and analyze all API activity and provide proper logging and incident response  capabilities, such as feeding actionable security events into the organization’s security information and event management (SIEM).  By analyzing all API activity, an API security solution can differentiate between benign and malicious abnormal behavior, reducing false positives and low priority alerts.  These solutions must also correlate event data to provide a consolidated view of attacker activity, consolidated alerts, and detailed attacker timelines to help accelerate incident response and forensic investigations.

Previous Posts:

OWASP API Security Top 10 Explained

API1:2019 Broken Object Level Authorization

API2:2019 Broken User Authentication

API3:2019 Excessive Data Exposure

API4:2019 Lack of Resources & Rate Limiting

API5:2019 Broken Function Level Authorization

API6:2019 Mass Assignment

API7:2019 Security Misconfiguration

API8:2019 Injection

API9:2019 Improper Assets Management

Tags

OWASP API Top 10
API Attack Methodology
API Security 101
Go back to blog
With Availability on Google Cloud Marketplace, Salt Now Hits the Cloud Trifecta

With Availability on Google Cloud Marketplace, Salt Now Hits the Cloud Trifecta

By having Salt Security available on all three cloud marketplaces, we deliver on our promise to provide customers with the industry’s most comprehensive API security solution.

Gilad Barzilay
January 25, 2023
T-Mobile API Breach – What Went Wrong?

T-Mobile API Breach – What Went Wrong?

In general, most API data breaches are usually the result of one or a combination of four different attack scenarios.

Nick Rago
January 24, 2023
4 Things to Know about Your Car and API Security

4 Things to Know about Your Car and API Security

Technology has advanced incredibly fast in the automotive field, and manufacturers are developing new applications quickly to capitalize on the endless possibilities. But what about security?

Adam Fisher
January 18, 2023

Download this guide for advice on evaluating key capabilities in API Security

Get the guide
Close
Back