Akamai Technologies has entered into a definitive agreement to buy Neosec as it seeks to extend Akamai visibility into the rapidly growing API threat landscape
Israel-based Neosec is a startup that provides an API detection and response platform based on data and behavioural analytics.
The acquisition is expected to close in the second quarter of 2023.
"With rapidly accelerating digital transformation, APIs are the new frontier for digital business and the enablement of critical business functions," said Mani Sundaram, executive vice president and general manager, Security Technology Group, Akamai Technologies.
"Enterprises expose full business logic and process data via APIs, which, in a cloud-based economy, are vulnerable to cyberattacks. Neosec's platform and Akamai's application security portfolio will allow customers to gain visibility into all APIs, analyse their behaviour and protect against API attacks."
Mani Sundaram, Akamai
The combination is designed to make it easy for enterprises to secure their API's by helping them discover all of their APIs, assess their risk, and respond to vulnerabilities and attacks.
Disconnect between perception and reality of API security
A recent study by the Enterprise Management Associates and Neosec revealed that nearly 99% of organisations expose their applications to the internet via APIs and 98.3% see an increase in API usage.
APIs are full of sensitive data, with 80.8% of respondents saying this data was personally identifiable information.
The study indicates that there is a “remarkable disconnect between perception and reality” in today’s API security practices versus the reality of security challenges. In particular, most organisations lack the ability to discover and document all APIs they currently have in use, leaving them with no way to protect them.
In addition, organisations are focused on external, consumer, internet-facing APIs and leave internal, authenticated B2B APIs unaddressed. The gap has created a false sense of security in what an organisation believes about their API security posture.
“The use of APIs is growing exponentially, but it seems that many think existing tools, that were never built to protect APIs, are going to be sufficient. The number of breaches involving APIs shows this assumption is wrong,” said Giora Engel, CEO and co-founder of Neosec.
Worryingly, every organisation has documentation gaps, with 40.6% of respondents having less than half their known APIs documented. More concerning, over a quarter (25.3%) have no visibility into which applications are processing sensitive data, and 22.3% don’t know if their applications make sensitive data available to third parties. Visibility into API traffic is clearly a blind spot.
“Compiling a comprehensive inventory of your APIs and having visibility into the traffic within each API is becoming essential to protecting data and business processes from abuse and theft,” said Engel.
Giora Engel, Neosed
A foothold into the emerging API security market
The combined API solutions are expected to put Akamai at the forefront of a critical emerging category of API security for which customers are actively seeking support.
The rapidly growing global market for API security solutions is driven by the proliferation of APIs and the associated increase in cybersecurity threats.
API-based architectures and microservices are the core of every application developed today, from B2B to web and mobile applications, and therefore are a primary target for attackers. Additionally, regulatory compliance laws such as FFIEC, SOC, GDPR, HIPAA and PCI DSS require enterprises to strengthen their security measures on APIs.
"What sets Neosec apart from other API security providers is the complete visibility into all API activity and the use of behavioural analytics that detect threats others miss," said Engel. “We deliver rich, XDR-like API visibility combined with detection and response capabilities that enable full investigation and threat hunting.”
“Ultimately, Akamai customers will have a better view into all of their API activity, to identify vulnerabilities and threats before they are exposed, and detect attacks in runtime."
Giora Engel, Neosed