APIs – application programming interfaces – are ubiquitous.
Consider the following:
- A web application displaying a map and location data relies on the Google Maps API.
- An ecommerce application offering multiple payment options such as the “Pay with PayPal” feature is using an API.
- Retailers use APIs to work with couriers and delivery companies to ensure package are picked up and delivered correctly.
- Companies may send software via API. That’s what Tesla does.
Enterprises rely on APIs to connect their applications to multiple data sources and services to build new features and products. By tapping into the functionality of existing applications, developers don’t need to build the features from scratch. Not many organizations have the resources or data to maintain detailed maps, but they don’t need to because Google Maps offers the information via an API.
“APIs connect the critical data and services that drive today’s digital innovation,” Roey Eliyahu, CEO and co-founder at Salt Security, said in a statement. However, increased usage has its downsides, because attackers are increasingly targeting APIs.
Since APIs allow access to sensitive data and systems, if they are somehow compromised or abused, that can result in a data breach. Gartner estimates that API attacks will become the most-frequent attack vector, causing data breaches for web applications. Recent API attacks come to mind: Peloton and Capital One.
CrowdStrike’s announcement that it is investing in Sal Security through its strategic investment arm Falcon Fund highlights the importance of API security. In addition to the investment, CrowdStrike says it plans to work with Salt Security on security testing to harden APIs and API discovery and runtime protection for applications.
From a financial perspective, CrowdStrike’s investment makes sense. The API security market is expected to grow 26.3% between 2022 and 2032, according to research from Future Market Insights earlier this month.
“With the proliferation and use of SaaS applications, API’s are becoming a key target for adversaries,” CrowdStrike CTO Michael Sentonas said in a statement.
Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.