Wallarm API Attack Surface Management mitigates API leaks

Wallarm announced its latest innovation: API Attack Surface Management (AASM). This agentless technology transforms how organizations identify, analyze, and secure their entire API attack surface.

Designed for effortless deployment, Wallarm AASM empowers organizations to discover all of their externally-facing APIs and web applications, identify where they are missing critical web application firewalls (WAF)/web application and API protection (WAAP) coverage, and mitigate API leaks.

API attacks are the primary target for web application exploits and are now one of the leading causes of data breaches. A typical enterprise has hundreds of APIs, yet their visibility and protection lags far behind other security initiatives. These organizations often don’t know where to get started, or they lack the visibility needed to assess whether their current WAAP/WAF solutions are capable of getting the job done.

API security is hindered by manual security processes, and keeping track of and documenting APIs is challenging as projects scale with new endpoints, parameters and functionalities being added.

“Even though APIs are a well-known source of application vulnerabilities, and we’ve seen a more than 30% increase in API vulnerabilities in 2023 alone, too many organizations are operating without adequate detection and response capabilities. They either don’t know where to get started, or they mistakenly think that their current solutions have them protected, which is usually not the case,” says Ivan Novikov, CEO of Wallarm.

“And for organizations that do have API detection and response capabilities, they are often dependent on too many manual processes that are distributed between multiple tools. This is far too time-consuming for most security teams and leads to inefficient security operations, missed detections and unacceptably slow response times,” added Novikov.

Wallarm has officially launched its AASM solution, a platform engineered to empower organizations to rapidly and seamlessly address the growing challenge of API vulnerabilities without deploying agents / sensors with minimal effort. Wallarm AASM delivers valuable capabilities to help customers discover their external API Attack Surface, test its security, assess its risk and enable customizable remediation strategies. They include:

• Automated API Attack Surface Discovery that identifies all external hosts with their web apps and APIs, including specific API protocols (REST API, GraphQL, SOAP, XML-RPC and more).
• Scanning public repositories for leaked API secrets, including API keys, PII (usernames and passwords, authorization tokens (Bearer/JWT) and other targets).
• Identification of which API hosts are secured with WAFs and testing to identify which types of threats their WAFs can detect.

New users can enable AASM within minutes and Wallarm offers a free, 7-day trial to help organizations get started have instant access to API attack surface visibility and results.