Protecting and managing APIs is a massive challenge for every company

Budapest, 19 May 2022 - Balasys, one of Central Europe's leading IT security software vendors, has unveiled a new solution to manage, protect and mitigate fraudulent transactions through application programming interfaces (APIs) widely used by financial institutions, telecoms and other companies.

According to a global survey conducted about a month ago, the average company uses more than 15,000 APIs – more than double the number used a year ago. The proliferation of APIs is no surprise, as companies in every sector are empowered to offer their users convenient, modern, truly 21st-century solutions – whether it's sending a friend some money from your phone, ordering vegetables and other food from a department store to your apartment at a specific time, or analyzing every bit of your latest physical training session on your mobile device.

However, this rampant growth also has its dangers: the data flowing through APIs is of enormous value to cybercriminals. Perhaps the best-known example of the latter is LinkedIn, which has had more than 700 million of its users' data stolen through its APIs. It's no coincidence that Gartner, the IT industry's best-known analyst firm, predicts that APIs will be the most popular target for cybercriminals in 2022.

We wanted to address these challenges with the Proxedo API Lifecycle Platform (PALP). It features API Security, a dedicated security gateway that controls, analyzes and audits application communication, and also provides detailed control, encryption and analysis of API traffic using Deep Packet Inspection (DPI) technology. As external attacks most often come from the internet, this is complemented by a Web Application Firewall (WAF), further reducing the risk of commonly exploited vulnerabilities. Furthermore, Proxedo API Lifecycle Platform’s API management module efficiently and securely design, deploy, monitor, document and manage APIs. The solution also includes a built-in fraud detection module that helps identify suspicious activities carried out with stolen or maliciously created user accounts.

The Zero Trust security model has been the most talked-about concept in the IT security industry since President Joe Biden's Executive Order 14028 of May 2021, which mandated its implementation by all federal government agencies. It is based on the premise that security strategies focused on protecting network perimeters are doomed to fail, as cybercriminals may already be in our systems. The permissions required to move and act in the IT system should be granted only to whom, when and for as long as it is necessary to reduce the attack surface and fully detect and repair the damage caused. The Proxedo API Lifecycle Platform is built according to Zero Trust principles, as it allows network micro-segmentation, something which drastically limits further movement of potential attackers into the network.