CrowdStrike Allies With Salt Security to Improve API Security
CrowdStrike and Salt Security have extended their alliance to make it simpler to feed application programming interface (API) security data directly into a security information event management (SIEM) platform.
Eric Schwake, director of cybersecurity strategy for Salt Security, said the overall goal is to make it easier for cybersecurity teams to discover API security issues within the context of their existing analytic workflows.
In effect, Salt Security is now providing a headless API security service for the CrowdStrike next-generation SIEM that eliminates the need for a separate console that cybersecurity teams would otherwise have to master, he added. That approach enables cybersecurity teams to enjoy the benefits of a centralized platform without giving up the unique capabilities of a best-of-breed tool, noted Schwake.
CrowdStrike has been making a case for a Falcon next-gen SIEM platform that makes use of multiple types of artificial intelligence (AI) to surface actionable insights in natural language. The integration with Salt Security is the latest in a series intended to reduce the number of consoles that security analysts need to employ.
At the same time, Salt Security is also trying to elevate awareness of APIs as a threat vector, noted Schwake. Many organizations today still rely on web application firewalls (WAFs) to secure both applications and APIs. The integration with the CrowdStrike platform will make it obvious there are a raft of API security issues that are not addressed by WAFs, said Schwake.
Once those APIs become more visible more cybersecurity teams will simply manage them much like any other endpoint, he added.
It’s unclear to what degree cybersecurity teams appreciate the nuances of API security. In addition to being used to exfiltrate data, cybercriminals have learned how to compromise processes by manipulating the business logic exposed via APIs.
There is, of course, no shortage of options for protecting APIs, but as is often the case with application security many cybersecurity teams assume the application developers that create these APIs are doing more to secure them than they actually are. Unfortunately, application developers typically have limited cybersecurity expertise, so they are easily misconfigured. A 2024 survey conducted by Salt Security finds that not only has the number of APIs being deployed increased by 167%, but just under a quarter (23%) have experienced a breach attributable to an API issue.
Additionally, many organizations are unsure of how many APIs they might have that are actually externally facing. Most of the APIs that IT teams deploy today are connecting internal software components. However, it’s not uncommon for those internal APIs to suddenly become external facing when new use cases for sharing data are discovered.
Arguably, it’s only a matter of time before API security becomes a more pressing issue. The entire digital economy revolves around APIs, which makes them a target that is too tempting for cybercriminals to ignore.
As always, an ounce of prevention is worth a pound of any cure. The only issue that remains to be seen is just how hard the API security lesson will be learn once more cybersecurity teams begin to appreciate just how vulnerable the organizations they are trying to secure really are.
