Google launches Advanced API Security

Google launches Advanced API Security

Google today announced a preview of Advanced API Security, a new Google Cloud product that detects API threats. Built on Apigee, Google’s platform for API management, the company says that users can start requesting access today.

Short for “application programming interface,” API usage has been on the rise, but so have their attacks. To this end, Advanced API Security specializes in two tasks: identifying API misconfigurations and detecting bots. 

By regularly assessing managed APIs for configuration issues, Advanced API Security uses pre-configured rules to identify malicious bots within API traffic. Each rule marks a different type of unusual traffic from a single IP address; if an API traffic pattern meets any of the rules, Advanced API Security reports it as a bot.

“Misconfigured APIs are one of the leading reasons for API security incidents. While identifying and resolving API misconfigurations is a top priority for many organizations, the configuration management process is time-consuming and requires considerable resources,” Vikas Ananda, head of product at Google Cloud, said in a blog post shared ahead of the announcement. 

He continued: “Advanced API Security makes it easier for API teams to identify API proxies that do not conform to security standards. Additionally, Advanced API Security speeds up the process of identifying data breaches by identifying bots that successfully resulted in the HTTP 200 OK success status response code.”

If you see something out of place or would like to contribute to this story, check out our Ethics and Policy section.