Did you miss a session from MetaBeat 2022? Head over to the on-demand library for all of our featured classes right here.
Essentially the most harmful dangers are usually those you can’t see. Sadly, many organizations have such little visibility over their cloud environments that they’re leaving publicly discoverable vulnerabilities and APIs open to exploitation by attackers.
With analysis displaying that the average enterprise has 15,564 APIs, there are many potential entry factors for attackers to select from. Nonetheless, a rising variety of suppliers need to mitigate these potential vulnerabilities by enabling organizations to construct an API stock.
Simply at this time, cloud safety supplier, Orca Security, introduced the discharge of an agentless API safety answer that may present enterprises with a full stock of exterior APIs and their safety posture. It’s designed to allow safety groups to establish, prioritize and remediate API-related dangers and misconfigurations throughout their cloud environments.
For enterprises, proactive API scanning is important for figuring out dangers throughout the multicloud assault floor in addition to for mitigating potential vulnerabilities.
Be part of at this time’s main executives on the Low-Code/No-Code Summit just about on November 9. Register in your free go at this time.
Register Right here
Calculating your group’s API safety posture
The announcement comes as increasingly organizations are rising involved over their API safety posture, with Salt Safety analysis discovering that 20% of organizations truly suffered an information breach because of API safety gaps.
It additionally comes simply after Australian telecommunication supplier Optus skilled an API safety incident, which uncovered over 11.2 million buyer data, together with names, addresses, e mail addresses, date of delivery, passport numbers and different delicate info.
“As we simply noticed within the latest Optus breach, uncovered APIs can result in catastrophic outcomes,” stated Avi Shua, CEO and cofounder of Orca Safety. “On the very least will need to have a whole stock of the APIs within the surroundings, perceive their posture and detect drift.”
With Orca Safety’s SideScanning know-how, a company can create an correct stock of APIs all through their cloud surroundings and detect drift, underpinned by the Unified Information Mannequin.
“Which means that we take information from all layers of the stack-cloud configurations, Kubernetes, the workloads themselves, and the entire dangers talked about beforehand and put it multi functional information mannequin that speaks one language,” Shua stated. “This permits the platform to floor conclusions that span the stack.”
Shua defined that moderately than displaying probably the most extreme vulnerabilities of misconfigurations in isolation, the Orca Platform mechanically uncovers important assault paths, akin to uncovered vulnerabilities that permit an attacker to maneuver laterally.
The API safety market
Researchers anticipate the API security market will develop from a price of $783.9 million in 2021 to a price of $984.1 million in 2022 as extra organizations look to mitigate API-level threats.
Orca Safety has important funding behind it, elevating $550 million and attaining a valuation of $1.8 billion final fall. It’s competing towards a number of different suppliers, together with vulnerability administration and container safety distributors, in addition to cloud-native utility safety platform (CNAPP) answer suppliers.
One of many group’s key opponents is Palo Alto Networks, which provides Prisma Cloud, a CNAPP that may mechanically uncover web-facing providers and APIs, whereas additionally providing enforcement mechanisms like alerting, stopping or banning to assist remediate vulnerabilities and assaults.
Palo Alto Networks lately introduced elevating $1.6 billion in revenue in the course of the fourth fiscal quarter of 2022.
One other competitor is Noname Security, which may establish APIs, vulnerabilities, and misconfigurations, and provides enterprises AI and ML-based automated detection and response capabilities. Noname Safety most lately raised $135 million as a part of a sequence C funding round in December 2021 at a valuation of $1 billion.
The important thing differentiator between Orca Safety and these different options, is that it’s agentless, and constructed on its patented SideScanning know-how.
“We’re the primary CNAPP to supply agentless API Safety capabilities,” Shua stated.