1、W H I T E PA P E R11 Critical Capabilities of API Detection and Response Evolving your API security |2IntroductionAPIs play a critical role in every application your organization builds for customers,uses internally,and makes available to vendors and suppliers.Their job:exchange information(often se

2、nsitive data)between technologies.Their location:not only in your applications but also across your cloud migrations,generative AI tools,and digital supply chain.The challenge is,APIs have also taken a prominent spot in your organizations attack surface.As enterprises rush to innovate,APIs are often

3、 hastily developed,insufficiently tested,and released into production with misconfigurations and missing security controls.Whats more,these APIs have amassed into a sprawl-like dynamic to the point security teams lack visibility into a major portion of their API estates.And without proper visibility

4、,organizations:Until recently,organizations have felt comfortable relying on a commonly used roster of tools for managing APIs and gaining baseline of protection.However,with 84%of organizations having experienced an API security incident in the past 12 months,up from 78%in 2023,something needs to c

5、hange.As API attacks increase in number and sophistication,its time to explore adding new layers of protection to tools such as API gateways,web application firewalls(WAFs),and web application and API protection(WAAP)platforms.Cannot detect APIs that are unmanaged,forgotten,and lingering with unchec

6、ked exposure to sensitive data,to the internet,and to attackersIn turn,cannot assess APIs risks for example,only 27%of enterprises with full API inventories know which of their APIs return sensitive data,down from 40%in 2023End up with an attack surface full of API-centric vulnerabilities that attac