Upwind Extends its Runtime-Powered Cloud Security Platform with API Security - Upwind | Cloud Security Happens at Runtime

Upwind

By Jonathan Cohen - Vice President, Product

---

www.upwind.io/feed/upwind-extends-its-runtime-powered-cloud-security-platform-with-api-security

In the first month of 2024, 1 in 4.6 companies worldwide were impacted by attempts to attack web APIs, a 20 percent rise from the previous year. As API attacks increase, API security is rapidly becoming a focus point for organizations.

Upwind API Security answers this by providing API Security from within our unified Cloud Security Platform, automating API protection for organizations.

Upwind’s API security helps you protect your APIs in three main ways:

1. Discover Your API Catalog

   Gain unparalleled insights with rich context around API resources and endpoints, including:

   • Internet Exposure: Assess the level of exposure of each endpoint to the internet, aiding in strategic decision-making.
   • Actual Internet Ingress Communication: Discover if an API is continuously getting requests from the internet, exposing it to external risk.
   • Drift Detection: Easily identify whether an endpoint is documented in the docs/specs, ensuring transparency and compliance.
   • Sensitive Data Classification: Obtain insights into the sensitivity of data handled by each endpoint.

2. Identify API Vulnerabilities

   Identify and prioritize your most critical API vulnerabilities with runtime insights, including:

   • OWASP Top 10 Coverage: Focus on the most critical API vulnerabilities outlined by OWASP for comprehensive protection.
   • Test-Based Vulnerability Identification: Leverage rigorous testing methodology to identify and address vulnerabilities, ensuring a proactive security stance.
   • Automated Scans: Continuously automate scans for ongoing vulnerability assessments, reducing manual effort and ensuring real-time protection.

3. Stop API Threats in Real Time

   Upwind API Security brings to you smart threat detection that monitors API traffic in real-time, ensuring that any unusual activity is spotted immediately by:

   • Real-Time Monitoring: Continuous, real-time monitoring of API traffic for immediate threat detection.
   • Behavioral Analysis: Advanced algorithms to identify anomalous patterns indicative of potential threats.
   • Automated Response: Integration with automation workflows for prompt response to identified threats.

---

The Upwind Edge: eBPF-Powered Real-Time Analysis

The core of Upwind API Security's competitive edge is our innovative use of eBPF for our sensors, allowing us to deliver real-time analysis of API requests directly within the runtime environment. Unlike more cumbersome methods such as external resources or mirroring requests, our eBPF-based approach means faster, more efficient threat detection with minimal overhead.

---

Upwind API Security’s Key Advantages include:

• Zero Latency Analysis: Analyze real-time API requests without impacting system performance.
• Resource Efficiency: No need for external mirrors or complex provisioning, simplifying deployment.
• Immediate Actionability: Gain real-time insights, enabling immediate response to potential threats.

---

Want to learn more? Stop by booth #601 at Black Hat Asia for a demo of Upwind API Security in action.