APIs are crucial for modern digital businesses because they allow different software systems to communicate and exchange data seamlessly and they are foundational to how modern applications are built. However, they are also vulnerable to cyberattacks because they are widely used. To address this growing threat, organizations are increasingly turning to API protection solutions to protect their valuable data and ensure uninterrupted business operations.

The Gartner 2024 Market Guide for API Protection provides valuable insights into API security, including key trends, challenges, and recommendations for security leaders. Gartner notes that API security is a key concern for organizations, saying, “with 37% of respondents considering security among their top challenges, according to the 2024 Gartner API Strategy Survey.” *

Maybe even more alarming, “Current data indicates that the average API breach leads to at least 10 times more leaked data than the average security breach.”*

In this blog post, we will examine the report’s findings, focusing on the importance of strong API security measures and how Salt Security’s API Protection Platform supports them.

Gartner recommendations:

Gartner emphasizes that APIs “especially shadow and dormant ones — are causing data breaches among organizations that, on average, exceed the magnitude of other breaches.”* Security leaders require additional security capabilities to protect their APIs beyond basic but necessary security policy enforcement, such as rate limiting, token validation, session management, and transport security — “especially in industry verticals with high-security requirements.” *

According to Gartner analysts, “start using API protection products to discover and categorize your organization’s APIs. Identify critical APIs that are publicly exposed and provide access to sensitive data. Perform a continuous security posture management assessment over the inventoried APIs to identify and provide recommendations to fix their potential exposures.” * Specialized API protection solutions are essential, especially in industries with stringent security requirements, such as financial services, healthcare, and government.

This report graphic from Gartner outlines where an API protection tool integrates into the API ecosystems with descriptions below covering the main areas of API Discovery, API Posture Management, and API Runtime Protection.  

1. API Discovery: “API protection products automatically identify and create an inventory of the APIs that an organization has produced or are actively being used. Security leaders often mention that the main objective of this exercise is to identify dormant (also known as “zombie”) and shadow (also known as “rogue”) APIs. Both of these types of APIs are problematic because they are not visible to the organization and thus do not abide by the organization’s security policies.”*
2. API Security Posture Management: “The API protection product assesses the inventoried APIs for misconfigurations or unsecure implementations. For example, the API could present sensitive data in URLs, or return sensitive data in response without authentication. Many of the most frequently encountered issues can be found in the OWASP API Security Top 10 list. 5 Tools are also able to create reports for compliance with various regulations.”*
3. API Runtime Protection: “Runtime protection focuses on recognition of patterns of behavior that indicate malicious usage of the API during runtime. For example, an attacker’s incoming request demands data for an account with a number that does not match the account for which the API client is authenticated. The anomaly detection engine is typically trained with datasets of similar attacks and is able to recognize the attack.”*

How Does Salt Security Align With These Recommendations?

Salt Security’s API Protection Platform is AI-infused and designed to address the challenges outlined in the Gartner report. Our platform aligns with Gartner recommendations by continuously and automatically identifying all APIs, including those that are not officially recognized and inactive, providing organizations with a comprehensive visibility of their API ecosystem.

We continuously assess the security status of APIs, identifying misconfigurations, vulnerabilities, and potential risks. Our platform utilizes a first-of-its-kind API Posture Governance engine to offer a variety of pre-built and customizable rules that look across the API ecosystem to ensure APIs meet any kind of regulatory or compliance rules your organization must follow.

Additionally, Salt Security’s platform leverages advanced AI and machine learning algorithms to identify and prevent malicious API activity swiftly. Our solution goes beyond basic legacy API security, providing a strong defense against sophisticated attacks.

The power of the Salt Security API Platform has been proven across our hundreds of customers. We were also the only dedicated API Security vendor to be recognized as a Customers’ Choice in the Gartner Peer Insights™ Voice of the Customer for API Protection Tools. This is a distinction in the API protection tools market and comes directly based on reviews from our customers.  

A couple of highlights from the report are:

• 96% of respondents are willing to recommend Salt Security as a API Protection Tool
• Salt Security has the highest number of 5 star reviews at 77% of respondents
• Salt Security recognized with a Customers’ Choice distinction for overall experience and user interest and adoption

To get your own copy of the report “Gartner Report – Voice of the Customer for API Protection Tools” click here.

As APIs continue to play a pivotal role in digital transformation, it’s crucial to prioritize their security and prevent a breach that “leads to at least 10 times more leaked data than the average security breach.”*

The Gartner Market Guide for API Protection is a valuable resource for security leaders, emphasizing the importance of robust API security measures. Salt Security’s API Protection Platform aligns with Gartner recommendations, offering organizations the tools and capabilities needed to protect your APIs and safeguard these critical assets.

If you would like to learn more about Salt and how we can help you on your API Security journey through discovery, posture management and run time threat protection, please contact us, schedule a demo, or check out our website.

‍

‍_{*Gartner, Market Guide for API Protection, Dionisio Zumerle, Aaron Lord, Esraa ElTahawy, Mark O’Neill, 29 May 2024}

_{Gartner, Voice of the Customer for API Protection Tools, Peer Contributors, 25 April 2024}

_{GARTNER is a registered trademark and service mark, and PEER INSIGHTS is a trademark and service mark, of Gartner, Inc. and/or its affiliates in the U.S. and internationally and are used herein with permission. All rights reserved.}

_{Gartner Peer Insights content consists of the opinions of individual end users based on their own experiences with the vendors listed on the platform, should not be construed as statements of fact, nor do they represent the views of Gartner or its affiliates. Gartner does not endorse any vendor, product or service depicted in this content nor makes any warranties, expressed or implied, with respect to this content, about its accuracy or completeness, including any warranties of merchantability or fitness for a particular purpose.}

_{This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from Salt Security.}

*** This is a Security Bloggers Network syndicated blog from Salt Security blog authored by Eric Schwake. Read the original post at: https://salt.security/blog/a-salt-security-perspective-on-the-2024-gartner-r-market-guide-for-api-protection