APImetrics and Wib Security today announced a partnership to help enterprises gain continuous visibility, security, and assurance for business-critical services delivered via application programming interfaces (APIs).
API providers are challenged to ensure and validate their APIs are secure and behaving as designed. Even in small organizations, it’s possible for APIs to be misconfigured and for implementation to drift from design-time intentions. The result can be so-called orphan or zombie APIs, which are unmonitored, unmanaged, and hence a risk to the business. “Working with Wib is a natural step in our mission to help APIs serve the business,” said David O’Neill, co-founder and CEO at APImetrics. “The API ecosystem has matured and is now deeply embedded in the ways companies do business; the need for comprehensive assurance and security, across both design-time and runtime, has become paramount.”
Real-time API security
“You can’t protect what you can’t see,” said Chuck Herrin, CTO at Wib Security. “Companies need the freedom to innovate while managing their risks. By complementing Wib’s continuous discovery across the entire API lifecycle with APImetrics’ runtime observation of API behavior from multiple regions, our shared customers will gain the benefit of holistic, real-time API security and assurance from code, through testing, to continuous production monitoring of live API performance and uptime from the outside world.”
APImetrics delivers real-time performance data, powerful analytics, and actionable insights to help organizations enhance the reliability and efficiency of their APIs. API product managers, architects, and technical leaders at leading API-first companies trust APImetrics to provide the visibility and control needed to succeed in today’s digital landscape.
Wib provides API integrity and assurance, freeing modern organizations from the security constraints that threaten business evolution, integrity, and growth. Wib’s Fusion platform enables enterprises to define the API attack surface with continuous, automated inventory documentation and expose all APIs, known and unknown.
It also looks for OWASP API security vulnerabilities, weak encryption, and inadequate authorization methods across the entire API lifecycle.
A report by Akamai Technologies found that there was a 180% increase in attacks against APIs from December 2019 to June 2021. Another report by Imperva found that API attacks increased by 54% in the first half of 2021 compared to the same period in 2020.
The most common types of attacks against APIs in 2021 were injection attacks (such as SQL injection and XSS), followed by account takeover attacks, and then denial-of-service (DoS) attacks. The industries most commonly targeted by API attacks in 2021 were financial services, healthcare, and retail.
Moving forward, APImetrics plans to capitalize on its privileged view across the runtime environment to extend its shift-right validation capabilities to ensure that API-native authentication and authorization policies are in force and behaving as expected.
“Now that all businesses are digital, APIs are central to how businesses operate,” said O’Neill. “There is no ‘silver bullet’ for API security, and having design time, run-time and other critical needs covered will become essential to delivering assurance to users and stakeholders alike. With the emergence of open API ecosystems, the days when companies could self-certify the compliance of their designs are gone; companies now need to prove it to themselves, their customers, and regulators.”
APImetrics offers the industry’s only intelligent, analytics-driven API performance solution built specifically for the enterprise. By interfacing with current and legacy API protocols, APImetrics helps CIOs, customer success teams, developers, and vendors validate that their APIs perform as designed. Monitoring is supported by analytics and fully customizable downtime alerts to deliver the actionable intelligence needed by the enterprise to meet service level agreements and customer expectations. APImetrics offers cross-cloud monitoring services for some of the largest banks, telecommunications providers and IoT providers in the world. The company is headquartered in Seattle, WA. More information is available at APImetrics.io and API.expert.
Wib is pioneering a new era in advanced API security with its industry first holistic API security platform. Providing continuous and complete visibility and control across the entire API ecosystem, Wib enables developers to code with confidence and security teams to secure with surety. Wib’s elite team of developers, attackers, defenders, and seasoned cybersecurity professionals draw on real-world experience and expertise to help define and develop innovative technology solutions that enable customers with the identity, inventory and integrity of every API, wherever it may be within the development lifecycle, without compromising development or stifling innovation.