Seattle, WA — July 5, 2023 — APImetrics and Contxt today announced a partnership to help enterprises gain continuous visibility, security, and assurance for business-critical services delivered via application programming interfaces (APIs).
“Working with Contxt is a natural step in our mission to help APIs serve the business,” said David O’Neill, co-founder and CEO at APImetrics. “APIs are increasingly being used for high-value business transactions within regulated industries such as FinTech, healthcare, and insurance. It’s critical for the enterprises to be able to continuously evaluate API behavior, especially during change.”
“Enterprises need APIs that are performant as well as compliant,” said Mayur Upadhyaya, co-founder and CEO at Contxt. “Partnering with APImetrics brings critical API observations together to make it easy to see where teams should invest energy in hardening their API products. This gives every team the ability to move faster.”
The partnership allows both products to be used seamlessly, with Contxt telemetry and analysis appearing as native alerts inside the APImetrics’ platform, which allows customers to:
- Review existing APIs for any leaks or PII exposure: By leveraging APImetrics’ validation infrastructure, Contxt can quickly add visibility into over-exposed sensitive data.
- Trace performance issues as APIs are updated: Contxt can add critical telemetry on API changes from ongoing development from the application team. As new changes are confirmed by developers, APImetrics can showcase any performance issues that were a result of the code updates. This reduces the time to investigate development issues, as sensitive data changes and performance impacts can be reviewed and compared simultaneously.
- Enforce policy and conformance: Contxt builds policies around permissible data transfer based on business logic, standards, and laws. APImetrics can monitor those policies and allow for deeper visibility into operational conformance.
API providers are challenged to ensure and validate that APIs are secure and behaving as designed. Even in small organizations, it is possible for APIs to be misconfigured and for implementation to drift from design-time intentions.
“Poor authorization of API endpoints can lead to a range of security issues, such as rogues, zombies, and legacy attacks,” said Upadhyaya. “Vulnerable APIs can be exposed to the public internet, which leads to leaked identities and other misconfigurations such as the OWASP API Top 10.”
Permissive APIs are a significant risk to businesses when developers share more data than necessary or reuse APIs for multiple purposes.
A report by Akamai Technologies found that there was a 180% increase in attacks against APIs from December 2019 to June 2021. According to Contxt, 86% of API attacks use known vulnerabilities, and more than 140 million records have leaked due to weak API authentication.
“APIs have undergone significant transformation, emerging as a pivotal component in the functioning of businesses,” said O’Neill. “The era of relying on a universal security approach is behind us, as ensuring comprehensive protection for design, runtime, and other crucial requirements becomes indispensable in providing confidence to users and stakeholders.
“Companies can no longer simply certify their own compliance. They must now substantiate it to themselves, their customers, and regulatory bodies.”
- Salt Security’s “2021 State of the API Report”: https://www.saltsecurity.com/resources/state-of-the-api-report-2021
- Akamai Technologies’ “State of the Internet / Security: Web Attacks and Gaming Abuse – 2021 Midyear Report”: https://www.akamai.com/us/en/multimedia/documents/state-of-the-internet/state-of-the-internet-security-web-attacks-and-gaming-abuse-2021-midyear-report.pdf
- Imperva’s “2021 Cyber Threat Index: Web Application Attacks”: https://www.imperva.com/resources/reports/2021-cyber-threat-index-web-application-attacks/
David O’Neill | +1 206 972 1140 | email@example.com
APImetrics offers the industry’s only intelligent, analytics-driven API governance solution built specifically for the enterprise. By interfacing with current and legacy API protocols, APImetrics helps CIOs, customer success teams, developers, and vendors validate that their APIs perform as designed. Monitoring is supported by analytics and fully customizable downtime alerts to deliver the actionable intelligence needed by the enterprise to meet service level agreements and customer expectations. APImetrics offers cross-cloud governance services for some of the largest banks, telecommunications providers and IoT providers in the world. The company is headquartered in Seattle, WA. More information is available at APImetrics.io.
Jamie Beckland | +1 971 533 7767 | firstname.lastname@example.org
Contxt protects and secures sensitive data in motion. Contxt supports API architects, engineering teams, security, and compliance to have a common understanding of data available on their APIs, and allows them to control data transfer. Integrating at any level of the network traffic, including CDN, API Gateway, containers, or directly into the application via SDK, Contxt shares alerts to resolve misconfigurations in any environment across the development lifecycle. Contxt is headquartered in London, UK, with offices in Edinburgh, Scotland and Portland, OR. More information is at www.bycontxt.com.