Latin America. This year there have been more than 9 billion attempts to attack web applications and APIs in the world, which is why Guardicore calls on the region, as APIs in Latin America are gaining maturation and great adoption in different industries.
APIs (application programming interface) in Latin America are mainly being used in the financial, ICT and e-commerce sectors. That is why the security company has indicated as recommended an effective microsegmentation approach, as one of the measures that security teams can take to protect essential applications.
To better understand the subject, it is necessary to expose that APIs are basically mechanisms that allow two software components to communicate with each other, through a set of definitions and protocols. The crucial thing about this is that due to their varied usability they stopped being treated as an isolated technological issue, to become products and facilitators of new business models.
That's where they became attractive to cybercriminals, because of access to information and the functioning of organizations.
Oswaldo Palacios, Senior Account Executive for Guardicore said: "An API built securely from the start can be the strongest cornerstone of every application; poorly developed, can multiply the risks. Therefore, it will be important to verify that API developers, both internal and third-party, comply with the most robust cybersecurity measures possible."
However, according to Akamai's report on API and web application threats, for the first half of 2022, there has been a significant increase in attacks on web applications and APIs worldwide, with more than 9 billion attack attempts, three times more than the figures for the first half of 2021. In addition, attacks against web application customers grew by more than 300 %, with the retail sector being the most affected, with 38 % of the most recent attacks.
This is a primary issue for Latin America, according to a study by the firm Sensedia, the financial sector is the one that was more mature in its API programs, using more advanced technologies, well-defined processes and bold strategies based on APIs.
For e-commerces and retailers, the main concern is to use APIs to reach new channels, expand revenue streams, integrate into marketplaces or position themselves as marketplaces, and streamline partner onboarding.
Faced with this panorama, Oswaldo Palacios emphasized that as the use of the cloud expands and the pace of application deployment and update accelerates, many security teams are focusing more on application segmentation. However, since there are several approaches to such segmentation, confusion can be generated in security teams.
He explained that traditional application segmentation approaches are primarily based on layer 4 controls, which are becoming less effective and more difficult to manage.
In comparison, micro-segmentation technologies offer security teams a more effective approach to application segmentation by providing a detailed visual representation of the environment.
"The most effective micro-segmentation technologies use an application-centric approach that extends all the way to layer 7. Visibility and control at the individual process level make application segmentation more efficient and easier to manage. Authorized activities can be regulated with very specific policies that are not affected by IP address spoofing or attempts to execute attacks through allowed ports."
Thus, the expert suggests the implementation of a microsegmentation approach mainly for its characteristics and benefits:
• Provides process-level detail analysis that aligns security policies with application logic.
• Enables consistent implementation of security policies from the data center to the cloud.
• Provides consistent security across the different underlying platforms, regardless of operating system, version or manufacturer.
• It is very easy to implement unlike traditional segmentation.
• Provides fast and accurate detection of security breaches, attempts at lateral movements, activation and spread of any type of threat, including Ransomware.
• No changes to the network.
• Facilitates the "Zero Trust" environment.
Leave your comment