Guest: Rupesh Chokshi (LinkedIn)
Company: Akamai (Twitter)
Show: Newsroom

APIs are the backbone of applications and there is a continuous expansion in this space. When looking at how API security helps business processes be more effective, efficient, and secure Akamai has focused primarily on the detection side of things. A lot of effort goes into working out where the abuse is taking place and the mitigation strategy and remediations. There is a significant amount of focus on AI and behavior analytics to help identify those threats.

Akamai is seeing lots of different types of attacks that disrupt the way customers utilize APIs, do business, and serve their end clients. It is getting increasingly difficult due to the massive expansion of APIs as many B2B applications are constantly communicating. It can be challenging to work out what is being abused and what is a valid transaction from a behavioral perspective or an anomaly detection perspective at such a fast pace. Therefore you need a multi-layered approach of detections, mitigations, and remediations to tackle these challenges.

Akamai can discover the APIs and look at the traffic patterns in big datasets, utilizing AI or behavioral analytics. Customers can also store some of the granular historical data so that they can revisit it at a later point to study the patterns and try to identify more threats. Akamai takes all the traffic from the Akamai CDN into the detection cloud for their API security platform. They can then report back to customers and guide them on how to fix the issues that were detected quickly.

Akamai has just announced a technical alliance with Apiiro that stems from the concept of code-to-runtime where the API security can identify risks and remediate them from code to runtime. As an application security posture management provider, Apiiro can identify these situations back to the actual owner of the API, the developer, and the code base to connect the dots. This can help customers remediate quickly and efficiently.

“I think this is the first of a kind in terms of truely demonstrating a code-to-runtime capability where the customer has the ability to have a production runtime view, take what they found over there, bring it back into the developer ecosystem, really execute on the DevSecOps, and being able to drive that kind of risk-based profiling,” said Rupesh Chokshi, SVP and GM, Application Security at Akamai, while commenting on the alliance. “The biggest advantage here is the mean time to remediation (MTTR) of critical API risks.”

Within organizations, there will be people who are responsible for detecting and securing applications and others who are responsible for fixing it and it is crucial to help bring those people together. Akamai and Apiiro’s alliance gives customers a production, runtime view and enables them to take what they have found and bring it back into the developer ecosystem. This helps reduce the MTTR so that organizations can be more agile.

Security needs to be seen as an enabler to business processes rather than something that hinders them. The tools and capabilities in application security posture management aim to help organizations build in the guardrails and guideposts from the start so that organizations can be more efficient.

This summary was written by Emily Nicholls.