"Google Launches Advanced API Security to Combat API Threats"

Google has released a preview version of Advanced API Security, a service designed to assist organizations in combating growing threats targeting Application Programming Interfaces (APIs). The service, which is built on the API management platform Apigee acquired by Google in 2016, aims to make it easier to identify API proxies that do not meet security standards. Advanced API Security's key features include the detection of bots and the identification of API misconfigurations. To detect API misconfigurations, the platform scans APIs regularly and provides remediation actions that organizations can take if misconfiguration issues are discovered. This can help reduce security risks to sensitive information, such as patient information found in APIs related to medical coverage information from a healthcare provider. API security teams can also use the pre-configured rules in Advanced API Security to detect malicious bots in API traffic, each representing a different type of unusual traffic from a single IP address. Advanced API Security flags an API traffic pattern as a bot if it matches any of the rules. This service is aimed at financial institutions, which rely heavily on Google Cloud—four of the top five US banks, according to the Federal Reserve, are already using Apigee. The service also accelerates the process of identifying data breaches by identifying bots that returned the HTTP 200 OK success status response code. This article continues to discuss Google's Advanced API Security service as well as how business logic flaws are the root of most API attacks. 

Security Boulevard reports "Google Launches Advanced API Security to Combat API Threats"