Security Zeitgeist: Unprotected APIs are at high-risk and should be protected by enforcing API Security Policies

API Security

Subscribe to API Security: eMailAlertsEmail Alerts newslettersWeekly Newsletters
Get API Security: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


api security Authors: Elizabeth White, SmartBear Blog, Mamoon Yunus, Stackify Blog, Pat Romanski

Related Topics: API Security

api security: News Feed Item

Distil Networks Launches New API Security Solution Designed to Reduce Risk and Downtime Across Critical API Attack Vectors

Bot Detection and Mitigation Leader Expands Product Portfolio Leveraging Expertise in Device Fingerprinting and Machine Learning to Revolutionize API Security

SAN FRANCISCO, CA--(Marketwired - April 07, 2016) - Distil Networks, Inc., the global leader in bot detection and mitigation, today announced Distil API Security, a service that protects vulnerable Application Programming Interface (API) endpoints from malicious traffic. The Distil API Security solution protects all types of APIs including those serving web browsers, mobile applications, and Internet of Things (IoT) connected devices. Distil API Security defends against developer errors and automated API scraping, as well as web and mobile API hijacking.

Due in large part to a rise in API-centric development, an approach in which web, IoT, and mobile applications are designed to pull data from backend services via API calls, APIs are becoming an increasingly integral part of the digital world. However, many organizations struggle to manage the security of APIs, relying on simple authentication tokens or basic IP rate limiting to guard these critical attack vectors. 

According to a recent Ovum survey of 100 IT and security professionals, 30 percent of APIs are designed without any input from the security team, and 27 percent of APIs proceed through the development stage without the security team weighing in. Even ownership of API security is seemingly up for debate; according to the same Ovum survey, 53 percent of respondents believe security teams should be responsible for API security, while 47 percent believe the developer teams should hold responsibility. Distil API Security addresses this problem by enabling IT Security or Dev teams to quickly add security to any API without any additional development burden and regardless of where they are in their API development cycle.

Distil API Security provides an easy-to-use service which tracks API usage across both identification tokens and IP addresses to detect and block malicious activity, developer errors, and abuse. Unlike competing solutions that only track usage based on IP addresses, Distil API Security also tracks API usage based on ID tokens, which is important as recent findings from the 2016 Distil Networks Bad Bot Landscape Report shows that 73 percent of automated attackers spread their attacks across multiple IP addresses.

"Many API security solutions track API usage through IP addresses which creates a new set of security challenges as users may change IP addresses, or rotate API tokens in order to circumvent rate limits," said Shane Ward from GuideStar, the world's largest source of information on nonprofit organizations. "Distil provides API security based on ID Tokens in addition to IP addresses, which allows me to enforce partner agreements and the terms of service for my APIs, even if a user tries to change tokens or dynamically changes IP addresses. This is a truly unique approach to API security which raises the bar above what has previously been available to secure APIs."

Key Capabilities

Easy configuration, and multiple deployment options (Cloud CDN | Appliance | AWS)

  • Instant-on for existing Distil Networks customers
  • Add to any API in minutes regardless of where APIs are in the development cycle
  • No coding required

Token-based User Tracking

  • Seamless compatibility with existing token names and locations
  • Token-specific tracking enables device level granularity often lost at the IP level

Advanced Rate Limiting

  • Multi-tiered rate limiting provides graduated enforcement options for violations based on tokens or IP addresses
  • Per token and Per IP rate limiting to prevent token cycling and token distribution, two common weaknesses to IP only rate limiting

Dynamic Access Control List

  • Self-deprecating ACLs and dynamic IP addresses ensure that whitelists and blacklists are never stale or affected by IP drift
  • Geofencing by country or organization/ISP

Programmatic Control

  • Full featured public API access provides integration of the Distil API Security service with existing security solutions for on the fly rule changes, event investigation, and ACL updates

"In a recent Ovum survey, only 21 percent of respondents had an API management platform that protected against malicious usage, developer error, automated API scraping and web and mobile API hijacking. Our solution combines these capabilities into a single service which mitigates much of the risk organizations face from API-centric attack vectors," said Rami Essaid, co-founder and CEO of Distil Networks. "We're thrilled to bring our expertise in analyzing automated attackers to the world of APIs, where automation is commonplace but protection against advanced cyber threats is scarce."

To find out more about the Distil API Security solution, visit: http://www.distilnetworks.com/api-security/

To learn more about the findings from the Ovum study, click here: http://resources.distilnetworks.com/h/i/233881696-ovum-survey-on-api-security/185088

About Distil Networks
Distil Networks, the global leader in bot detection and mitigation, is the first easy and accurate way to identify and police malicious website traffic, blocking 99.9% of bad bots without impacting legitimate users. Distil protects against web scraping, brute force attacks, competitive data mining, online fraud, account hijacking, unauthorized vulnerability scans, spam, man-in-the-middle attacks, digital ad fraud, and downtime. Slash the high tax that bots place on your internal teams and web infrastructure and make your online applications more secure with API security, real-time threat intelligence, a 24/7 security operations center, and complete visibility and control over human, good bot, and bad bot traffic. For more information on Distil Networks, visit us at www.distilnetworks.com or follow @DISTIL on Twitter.

Media Contact:
Jim Dvorak
Kulesa Faul for Distil Networks
Email contact

415-735-1622

More Stories By Marketwired .

Copyright © 2009 Marketwired. All rights reserved. All the news releases provided by Marketwired are copyrighted. Any forms of copying other than an individual user's personal reference without express written permission is prohibited. Further distribution of these materials is strictly forbidden, including but not limited to, posting, emailing, faxing, archiving in a public database, redistributing via a computer network or in a printed form.