fbpx

RSAC 2022 has officially concluded and the Traceable AI team is excited to have participated. We met with so many innovative companies and security professionals, provided world-class demos, and made some new friends along the way! As we reflect on what we’ve learned, we want to share some API Security takeaways gained from the conference floor.

API Security Takes Center Stage

This year’s RSA Conference was the first time that API Security became a primary focus. We heard from many security executives that API discovery and risk posture management were top concerns – they simply had no idea how many APIs they had in their environment, and therefore did not know about their potential API attack surface risk. 

We also found that other API security vendors neglect looking at risk exposure within their API discovery capabilities. They’re simply providing an inventory, rather than provide security teams with the relevant data about those APIs, such as sensitive data exposure and risk scores, so they can make better security decisions. 

This affirmed our recent announcement of API Catalog, including automatic and continuous API discovery for comprehensive visibility into all APIs, sensitive data flows, and risk posture assessment — even as your environment changes.

API attacks were also a top concern for security professionals. Everything from brute force attacks, to BOLA, API abuse, fraud, bot mitigation and data exfiltration were discussed — and many openly admitted to experiencing an incident in the past 90 days. 

These conversations validated Traceable’s approach to API security, as we provide a unified platform that secures all APIs from build, through deployment and into runtime. 

In fact, we’ve worked toward building a comprehensive API Security Framework to help organizations determine what’s needed to secure their APIs.

We’ve organized these framework capabilities into the following high-level categories:

  • API Discovery
  • API Security Posture
  • Runtime protection
  • Security Insights
  • Secure API Development

We encourage you to read the framework as a first step in establishing API security within your organization.

Reducing Complexity Remains Top Focus

Consolidation was another major theme at this year’s RSA conference, with many vendors recognizing the need to eliminate tools and point solutions, in favor of unified platforms that help simplify the complexity of security environments. It’s become imperative to security professionals to reduce the number of tools they rely on. 

This is due to several reasons – primarily because of risk. When there are hundreds of tools stacked on top of each other, it can make it that much more difficult to find where a data breach originated. This has been well documented (and experienced) by both CISOs and analysts alike. 

Another reason is that the security industry is still experiencing a shortage of skilled information security professionals. They simply need to do more with less. Retaining their current employees is also a challenge. Leveraging more holistic solutions that can deliver multiple capabilities can help companies simplify, centralize, and ease the burden on security teams. While consolidation can be a long-term project with large architectural shifts, it ultimately reduces complexity, leverages commonalities, and minimizes management overhead -– all huge areas of concern for security teams.

Financial Services Risk Management

Conclusion

As we start executing on what we learned at RSAC 2022, we want to thank all of the customers and peers who stopped by our booth to say hello and receive demos. We are excited to see you next year with more exciting API security developments and contributions to the cybersecurity industry. See you next year!

Multiple Options to Get Started

Depending on your role and the needs at your organization, we offer multiple options to get started with Traceable AI:

  • If you’re a CISO or DevSecOps security leader and want to evaluate your API security risks, try our API Security Posture Assessment
  • To start your journey, sign up for our Free Tier and learn all about your APIs — internal, external, third-party, and even the shadow or rogue APIs you may not even be aware of.
  • If you want to compare different API security solutions in the market, check out our API Security Tools comparison guide.
  • You can also view a demo or book a meeting to learn more and ask your questions on how Traceable can meet your API security requirements. 

Recommended reads.