Home Marketing LP – Main Innovation Insight for API Protection
Applications
gartner-logo

Innovation Insight for API Protection

According to Gartner, “Web API traffic and attacks are growing in volume and severity. New approaches complement traditional web application security measures with specific API security functionality. Security and risk management leaders should identify when to seek this added protection.”

The Gartner report also states the following recommendations that to protect their APIs, security and risk management leaders should: 

  • Start by discovering and categorizing your APIs. Perform threat modeling to identify the specific security mechanisms required to mitigate your risks.
  • Assess the API protection provided by your current WAAP or gateway. If your risk mitigation requires additional API protection, investigate API security specialists that can provide an additional layer of protection.
  • Address the security analysis workload that behavioral anomaly detection may generate by using either an internal security operations center (SOC) or a managed service.
  • Perform an application security testing (AST) or penetration testing exercise to uncover business logic issues that may otherwise remain hidden.
whitepaper
Figure-illustrating-the-three-main-families-of-capabilities-for-API-protection-namely-discovery-posture-management-and-runtime-protection-target-min

“Through 2025, at least 70% of organizations will deploy specialized runtime protection only for the public-facing APIs they produce, leaving other APIs unmonitored and lacking API protection.”

Dionisio Zumerle; Jeremy D’Hoinne; Mark O’Neil
VP Analysts

gartner-logo

Secure Your Organization’s APIs

 Discover, manage, and protect every API to stay ahead of the increasing volume and severity of web API traffic and attacks.

Gartner® API Security: What You Need to Do to Protect Your APIs, Mark O’Neill, Dionisio Zumerle, Jeremy D’Hoinne, Refreshed 13 January 2023, Published 28 August 2019

GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.