Noname Security Aligns With Intel on API Security
Noname Security announced today it is working with Intel to offload application programming interface (API) security to network integration cards (NICs) based on 4th-gen Intel Xeon Scalable processors and the Intel NetSec Accelerator Reference Design.
Filip Verloy, field CTO for Noname Security, said that approach will enable cybersecurity teams to take advantage of the Intel Ethernet E810 network interface within an embedded system-on-a-chip (SoC) to both accelerate response times and improve the performance of inference engines processing the algorithms Noname Security relies on to thwart API threats.
Initially, cybersecurity organizations will take advantage of NICs to move the processing of API security closer to the network edge. However, it’s only a matter of time before the same capabilities are used to offload processing of security tasks in the data center and the cloud, he said. Intel is making a case for offloading a range of security, storage and network tasks—which now includes API security—to NICs that are based on its various classes of processors.
As more organizations realize the extent to which API endpoints are being targeted by cybercriminals, the days when API security was considered a cybersecurity niche are coming to an end, said Verloy. API security is now a mainstream element of any cybersecurity strategy that needs to be embedded everywhere from the edge to the cloud, he added.
The challenge cybersecurity teams face is that given the hundreds to thousands of APIs in use, it’s now beyond the ability of any cybersecurity team to secure them without relying more on AI, noted Verloy.
It’s still early days as far as applying AI to API security is concerned, but cybersecurity teams can safely assume that cybercriminals are also experimenting with AI to launch cyberattacks that will only increase in volume and sophistication. They are especially interested in high-value targets involving, for example, digital business transformation initiatives that are highly dependent on APIs to integrate various processes. The goal is to exploit misconfigured APIs that, in addition to making it possible to exfiltrate data, also provide access to business logic.
It’s not possible to secure those APIs, however, if they can’t be discovered in the first place. APIs are usually created by developers that have limited cybersecurity expertise, so the opportunity for mistakes to be made is plentiful. The responsibility for identifying and ultimately remediating those issues, of course, falls to the cybersecurity team.
There’s no doubt that one day soon, APIs will be measured in the tens of thousands, with the potential for millions of them to be exploited by cybercriminals that increasingly view them as the soft underbelly of any application environment.
One way or another, it’s now only a matter of time before API security becomes a larger issue as the level of attention paid to software supply chain security has increased. The challenge is finding a way to address API security, hopefully, before there is that all but inevitable breach.
