Highlights –

  • According to a survey conducted in 2022 by 451 Research, 41% of respondent firms experienced an API security issue in the previous 12 months, with 63% of those incidents including a data breach or data loss.
  • Wib was created to help enterprises decrease and secure their API attack surface by identifying rogue, zombie, and shadow APIs and analyzing business risk and effect.

As APIs proliferate across the corporate infrastructure, they are quickly becoming the most significant attack surface in applications and a top target for cyber attackers.

According to industry analysts, a spike in increasingly integrated online and mobile-based solutions that call for data exchange across various products and the reliance on mobile apps on APIs has spurred growth and made API security one of the largest concerns for CIOs today. According to a survey conducted in 2022 by 451 Research, 41% of respondent firms experienced an API security issue in the previous 12 months, with 63% of those incidents involving a data breach or data loss.

Cybersecurity startup Wib, which focuses on API security, is focused on API security and announced a USD 16 million investment headed by Koch Disruptive Technologies (KDT), the growth and venture arm of Koch Industries, Inc. Other investors include Kmehin Ventures, Venture Israel, Techstars, and current investors.

Protecting the network against API attacks

According to a newly published GigaOm research report, API security technologies were often built before API use increased to the extent observed today and “were based upon the idea that it is asking for failure to insist developers secure the code they write.” Since “most developers do not knowingly create insecure code,” if they unintentionally develop code with vulnerabilities, it is probably because they are unaware of an API’s potential vulnerabilities.

“Once API security was in use, though, IT quickly discovered a new reason to use a security product: Some vulnerabilities are far easier blocked in the network than in each and every application,” the research stated.

The very proposition that it is more convenient to block some attacks in the network — which includes data centers, cloud suppliers, and SaaS providers — before access to the API occurs, has led to a huge demand for products that can achieve this, according to a GigaOm report.

Wib claimed its API security platform intends to deliver total visibility across the entire API landscape – from code to production – bringing together software developers, cyber defenders, and CIOs around a single comprehensive view of their whole API domain.

According to the firm, the platform’s capabilities include real-time inspection, management, and control at every stage of the API lifecycle to automate inventory and API modification management. Wib was created to help enterprises decrease and secure their API attack surface by identifying rogue, zombie, and shadow APIs and analyzing business risk and effect.

Gil Don, CEO, and co-founder of Wib, noted that APIs had gained attention during the past few years. According to Don, “Organizations are using them as the basis of a new generation of complex applications, underpinning their move to competitive and agile digital business models.”

A brand-new class of cyberthreats

According to Don, APIs make up 91% of all online traffic and are compatible with the trend toward microservices architectures and the need to react dynamically to changing market conditions. However, APIs have given rise “to a whole new category of cybersecurity threats that explicitly targets them as a primary attack vector. Web API traffic and attacks are growing in volume and severity.”

He says more than half of APIs are invisible to enterprise IT and security departments. “These unknown, unmanaged, and unsecured APIs are creating massive blind spots for CIOs that expose critical business logic vulnerabilities and increase risk,” Don stated.

For instance, possible outcomes of API attacks include account takeovers, data theft, and automated content scraping. As a result, Don explained, API native solutions compete with legacy companies to identify and address them.

According to Don, these companies include Noname Security, Cequance Security, Salt Security, APIsec, and 42Crunch, all of which take quite different approaches to solving the issue.

He added that traditional and outdated online security techniques, such as WAFs and API gateways, were never intended to guard against modern logic-based vulnerabilities. “The Wib platform has been purposely built for an API-driven world, creating a new category of API native security.”

The GigaOm study pulled Wib for its API source code search and analysis “with an eye toward API weaknesses.” Wib’s technology, it added, “provides automatic API documentation to create up-to-date documentation, as well as snapshots of changes to APIs and their risks every time they see a commit to code.”

As it grows operations across the Americas, UK, and EMEA, Wib said the funding would be used to improve Wib’s comprehensive API security platform and accelerate international growth.