Did you miss a session from MetaBeat 2022? Head over to the on-demand library for all of our featured classes right here.
Essentially the most harmful dangers are usually those you can’t see. Sadly, many organizations have such little visibility over their cloud environments that they’re leaving publicly discoverable vulnerabilities and APIs open to exploitation by attackers.
With analysis displaying that the average enterprise has 15,564 APIs, there are many potential entry factors for attackers to select from. Nonetheless, a rising variety of suppliers wish to mitigate these potential vulnerabilities by enabling organizations to construct an API stock.
Simply at this time, cloud safety supplier, Orca Security, introduced the discharge of an agentless API safety answer that may present enterprises with a full stock of exterior APIs and their safety posture. It’s designed to allow safety groups to determine, prioritize and remediate API-related dangers and misconfigurations throughout their cloud environments.
For enterprises, proactive API scanning is important for figuring out dangers throughout the multicloud assault floor in addition to for mitigating potential vulnerabilities.
Be part of at this time’s main executives on the Low-Code/No-Code Summit just about on November 9. Register on your free move at this time.
Register Right here
Calculating your group’s API safety posture
The announcement comes as increasingly more organizations are rising involved over their API safety posture, with Salt Safety analysis discovering that 20% of organizations really suffered an information breach because of API safety gaps.
It additionally comes simply after Australian telecommunication supplier Optus skilled an API safety incident, which uncovered over 11.2 million buyer data, together with names, addresses, e mail addresses, date of beginning, passport numbers and different delicate info.
“As we simply noticed within the latest Optus breach, uncovered APIs can result in catastrophic outcomes,” mentioned Avi Shua, CEO and cofounder of Orca Safety. “On the very least should have an entire stock of the APIs within the surroundings, perceive their posture and detect drift.”
With Orca Safety’s SideScanning know-how, a corporation can create an correct stock of APIs all through their cloud surroundings and detect drift, underpinned by the Unified Information Mannequin.
“Which means that we take information from all layers of the stack-cloud configurations, Kubernetes, the workloads themselves, and all the dangers talked about beforehand and put it multi function information mannequin that speaks one language,” Shua mentioned. “This enables the platform to floor conclusions that span the stack.”
Shua defined that somewhat than displaying probably the most extreme vulnerabilities of misconfigurations in isolation, the Orca Platform routinely uncovers important assault paths, comparable to uncovered vulnerabilities that permit an attacker to maneuver laterally.
The API safety market
Researchers anticipate the API security market will develop from a price of $783.9 million in 2021 to a price of $984.1 million in 2022 as extra organizations look to mitigate API-level threats.
Orca Safety has important funding behind it, elevating $550 million and attaining a valuation of $1.8 billion final fall. It’s competing towards a number of different suppliers, together with vulnerability administration and container safety distributors, in addition to cloud-native software safety platform (CNAPP) answer suppliers.
One of many group’s key opponents is Palo Alto Networks, which presents Prisma Cloud, a CNAPP that may routinely uncover web-facing companies and APIs, whereas additionally providing enforcement mechanisms like alerting, stopping or banning to assist remediate vulnerabilities and assaults.
Palo Alto Networks lately introduced elevating $1.6 billion in revenue through the fourth fiscal quarter of 2022.
One other competitor is Noname Security, which may determine APIs, vulnerabilities, and misconfigurations, and presents enterprises AI and ML-based automated detection and response capabilities. Noname Safety most lately raised $135 million as a part of a collection C funding round in December 2021 at a valuation of $1 billion.
The important thing differentiator between Orca Safety and these different options, is that it’s agentless, and constructed on its patented SideScanning know-how.
“We’re the primary CNAPP to supply agentless API Safety capabilities,” Shua mentioned.