Upwind Introduces API Security Solution With Real-Time Insights at the Runtime Level
Web API Attacks Are Up By 20% In January 2024 Compared To January 2023
SAN FRANCISCO, March 13, 2024 (Newswire.com) - Today, Upwind is announcing the addition of API security to its Cloud Security Platform. These new capabilities, paired with Upwind’s advanced eBPF-based sensor, make Upwind the only Cloud Security Platform on the market able to detect API threats and respond to them in real time, directly at the runtime level.
In today's world, it has become the norm for companies to build their systems using APIs(Application Programming Interfaces). These APIs are used for services to communicate with each other, both internally and externally. According to recent studies, the number of APIs used by companies has increased by over 200% between July 2022 and July 2023. The rapid adoption of AI might increase the rate even more - with Gartner predicting more than 80% of enterprises will have used generative AI APIs or deployed generative AI-enabled applications by 2026.
As API usage rises, so does the number of security incidents. According to Checkpoint, in the first month of 2024, attempts to attack Web APIs impacted 1 in 5 organizations worldwide every week, marking a 20% increase compared to January 2023, highlighting the growing risk associated with API vulnerabilities. As organizations increasingly rely on APIs to power their digital operations, the need for a robust and adaptive API security has become paramount.
By expanding from runtime workload protection to API security within the same platform, Upwind can use the rich data and context from workload behavior and its infrastructure in order to effectively secure against API-based threats and attacks. Upwind’s new API Security solution dynamically catalogs and maps any organization’s APIs in real-time by analyzing actual traffic, using eBPF to ensure minimal performance overhead and provide unparalleled visibility. By using eBPF, Upwind avoids relying on expensive, traditional techniques such as traffic mirroring or relying only on static API definitions, which are often incomplete or out-of-date.
Upwind’s API Security capabilities give organizations visibility of their full API catalog. This enables them to detect attacks, test APIs to identify new vulnerabilities with workload context, continuously discover if an API is receiving requests from the Internet including malicious access attempts from external attackers, and assess the level of exposure of each endpoint to the Internet. By leveraging the runtime context provided by our eBPF sensor, Upwind cuts through the noise and minimizes alerts by 95%, pointing security teams at the information they need to understand and fix API risks that could actually be exploited while deprioritizing those that don’t pose a threat to the organization.
These new API security capabilities will also enable customers to analyze real-time API threats and attacks and focus on the most critical API vulnerabilities and threats outlined by OWASP (The Open Worldwide Application Security Project) and application security organizations for comprehensive protection. By continuously automating scans for ongoing vulnerability assessments, Upwind reduces manual effort and ensures real-time protection, with no need for external mirrors or complex provisioning.
Amiram Shachar, Upwind Co-Founder and CEO: “Upwind API security uses runtime insights to give full visibility into the threats that actually put our customers at risk. With Gartner predicting APIs to be the #1 vector of attack in the next few years, it's imperative security teams know which threats are most critical, so they know where to best invest their time and effort.”
About Upwind
Upwind is the runtime-powered cloud security platform that leverages runtime data to secure your cloud infrastructure, saving security teams countless hours of work by pointing them directly to the root cause of critical risks. It was founded by Amiram Shachar and his founding partners from Spot.io (which was sold to NetApp for $450 million) and is backed by top cybersecurity investors Greylock, Cyberstarts, Leaders Fund, Craft Ventures, Cerca Partners, Sheva, a VC fund founded by former NBA player Omri Casspi, and Penny Jar, a VC fund backed by NBA superstar, Steph Curry. The company secured $80 million in funding within only 11 months.
Source: Upwind