Interviews | June 16, 2023

API Sprawl and Governance Are a Huge Security Concern

Forta | Salt Security | Trend Micro

John Grancarich
EVP, Strategy


Q1. How can organizations effectively align ITSM and security practices to ensure an integrated approach to managing and mitigating risks?

All progress starts with partnership and communication. We work with thousands of companies and study how they've structured their security operations to better understand what works and what doesn't. The most successful organizations we work with embrace a three-way partnership between IT, security and business leaders and focus on several key areas together when it comes to driving alignment between ITSM and Security, these are:

Establishing measurable goals and objectives between the three teams – ensure there's a clear understanding of the organization's primary goals and objectives related to risk management. This should also extend to each team to ensure that their own goals are part of the organizational goal discussion.

  • Move security 'left' – the most successful teams we work with incorporate security considerations into upstream ITSM processes, including incident management and asset management.
  • Systematically integrate security controls and processes—prioritize and implement appropriate security controls and measures across ITSM processes and IT infrastructure. The partnership and collaboration will help uncover where to start and in what order to proceed. This can include implementing stronger access controls, improved security monitoring and logging, and more in-depth vulnerability management as some examples.
  •  Review and refine – continuously evaluate and assess the effectiveness of the integration strategy. Regularly review incident data, security incidents, and audit findings to identify areas for improvement and make necessary adjustments to the alignment strategy.
  • Analyze results and report – define KPIs that measure the effectiveness of the integrated approach. Some things will work well, while some won't and will need to be fixed or replaced. Keep learning and improving step by step.

None of this is revolutionary, but by being pragmatic, logical and disciplined, teams can often achieve outsized results when aligning ITSM and security into a cohesive approach.

Q2. What role do you see for AI/ML within the ITIL framework? What are Fortra's plans for leveraging AI and ML in its technologies?

AI/ML is a means to augment and expand capabilities beyond what each of us is capable of. Humans can only process so many signals – machines don’t have this limitation. In the ITIL framework, where do we typically see the most signals? It’s likely going to be in service transition, service operations, and continual service improvement. I think by focusing AI/ML there it becomes a force multiplier and enables the technology teams to invest more of their time in the other stages, in particular service strategy and service design, which of course will then improve the other stages of ITIL implementation as well over time.

Fortra has been incorporating AI and ML into our solutions for some time – we have dozens of ML models in production today. The dawning of LLMs presents us with another set of great tools to learn about and innovate on for our customers. We’re applying AI/ML to score high-speed streaming data in extremely rapid time frames, using neural networks and transformer models for more heavyweight tasks like performing NLP on email subject line text and body content, detecting malicious URLs as well as anomaly detection in general. We think anomaly detection presents a great opportunity to help organizations scale their existing security teams – our own data tells us that approximately 60% of all security signals today are suspicious. By using AI and ML to detect things like high message counts, unusual names or activity, and location anomalies we can create a contextual picture to enable far faster and more accurate decision making.

Q3. What does Fortra plan on highlighting at Black Hat USA 2023? What are the company's plans at the event?

We're showcasing some of our product integrations at Black Hat this year, which we call Bundles. One example is our leading offensive security tools. When customers use these tools together, they can proactively reduce the likelihood of a cyberattack. Our new offensive security bundle combines three levels of capability – vulnerability management, pen testing, and red teaming – for a more robust strategy against threats. This type of layered security approach helps organizations identify and prioritize risk with actionable insights and provides a pathway to remediation.

Come by the booth to find out more about our offensive security solutions including Frontline Cloud, Core Impact, Cobalt Strike, and Outflank. Every visitor that watches a demo receives a free Fortra water bottle.

Nick Rago
Field CTO

Salt Security

Q1. How can AI and machine learning techniques enable better capabilities around API security? What role do you see AI and ML playing not just in API threat detection and automated response mechanisms but also around secure API design and implementation?

Artificial intelligence (AI) and machine learning (ML) have become essential elements to a sound API security strategy. API attacks typically target business logic flaws, and an attack campaign evades traditional pattern and signature-based detections as the attack pattern, which typically is done in a low and slow manner, looks like legitimate API traffic. Machine learning makes it possible to analyze large volumes of API traffic, baseline typical behavior and detect even the most subtle behavioral anomalies. As API behavior models continue to mature and cloud compute capabilities expand, AI unlocks the ability to more accurately predict and understand the intentions of an API consumer and proactively discern and act on malicious intent even in the reconnaissance phase of a threat actor’s attack campaign.

Today AI is already assisting organizations with remedial responses, providing prescriptive security insights and recommendations to API developers and architects based on live API posture and threat analysis. Generative AI is now changing how organizations write code and develop APIs. Embedding past learnings, security best practices and corporate API security and posture governance policies into generative AI coding models will help mitigate a lot of risk for organizations during design and development cycles in the future.

Q2. What were the main takeaways for enterprise organizations from Salt Security's State of API Security Report Q1, 2023? How has the API threat landscape over the past 12 months?

Salt Labs analyzed the past year of Salt customer data and found a 400% increase in unique attackers just over the last six months alone. In addition, we found that 78% of attacks happened over authenticated APIs. This means the attacks were done with threat actors who were authenticated and had authority to use the API. Also of interest were the metrics around insider threats (social engineering attacks, stolen credentials, etc.). The report found that attacks on internal APIs were up dramatically.

API Sprawl and Governance remained a huge concern. Only 18% of respondents say they are very confident that their API inventories are accurate. The rate of change plays a big factor in this, as organizations continue to update their API frequently – 37% of organizations update their APIs at least weekly, up from 32% in Q3 2022, and 9% update their primary APIs on a daily basis. Over three quarters of respondents listed posture governance and visibility concerns as a top priority as they listed Zombie and Shadow APIs as a leading concern for them.

The Q1 2023 report also revealed that 94% of survey respondents experienced security problems in production APIs in the past year, with 17% stating their organizations suffered a data breach as a result of security gaps in APIs. Not surprisingly, nearly half (48%) of respondents now state that API security has now become a C-level discussion within their organization.

These are just a few of the findings.

Q3. What do you expect will be some top-of-mind concerns for customers at Black Hat USA 2023? What do you want them to take away from Salt Security's participation in the event?

The shift in the perception of API security is remarkable over the last 18 months, as it has shifted from a niche security concern to a primary and well-funded security priority for many security professionals and executives. The skyrocketing reliance on APIs for data exchange in modern application design and system integration, along with some very public breaches in recent history, has elevated the significance of securing this expanding attack surface, prompting organizations to allocate dedicated resources and budgets to address API security.

I expect many organizations will be looking to API security thought leaders, like Salt Security, to help formulate a good API security strategy that helps quickly, and cost effectively, minimize API security risks without disrupting innovation. API security is a team sport, and there are many different disciplines that are involved. A good API security strategy creates a flywheel that not only reduces API risk immediately, but also enriches the whole security ecosystem with API intelligence for more proactive, holistic, and long term risk reduction. At Black Hat, I am excited to share Salt Security’s vision and expertise in this area, and ultimately have the opportunity to help organizations feel confident their APIs are protected so they may continue to leverage API first principles to rapidly innovate and progress their businesses forward.

Kevin Simzer
Chief Operating Officer

Trend Micro

Q1. Trend Micro's most recent Cyber Risk Index showed that most organizations expect a successful cyberattack in the coming year, though overall cyber-risk itself has declined. Why do you think that might be the case? What's behind the elevated concerns among organizations over cyberattacks?

The Cyber Risk Index (CRI) uses a variety of factors to determine the overall risk score. In the latest edition, while the global score improved to +0.01 and into the “Moderate” range, some areas continue to be of concern. One of these is the expectation of a breach by respondents – although that, too, has improved from 85% to 78%. Over the past few years, this number has hovered around 80%, likely due to respondents believing that breaches are a matter of “when,” not “if.” Malicious actors have time on their hands and can use numerous tactics to gain access to a target network. This emphasizes the importance of identifying breaches as quickly as possible in order to respond effectively. We hope to see the cyber preparedness index component continue to improve and contribute to greater success in incident detection and response.

Q2. How does Trend Micro plan on leveraging artificial intelligence and machine language in its products? Where do you see the biggest opportunities for AI and ML to make a difference in cybersecurity?

Say hello to Companion! Trend is leveraging generative AI and LLM technology to fundamentally improve the analyst experience. Time is the most valuable currency for defenders. Our approach accelerates daily workflows, improves mean-time-to-understand, and supercharges threat hunting activities to enable analysts to get in front of adversarial activity before a breach can occur.

Users benefit from an always-on assistant, plain-language explanation and exploration of alerts, contextual AI-driven recommendations on mitigation actions, as well as automation of email, help-desk ticketing, and incident reporting communication.

  • Transform plain-language search queries into formal syntax to rapidly generate and execute queries and pinpoint threat activity with speed and accuracy.
  • Rapidly understand the context and scope of “Living off the Land” attacks with Script Investigation Assist
  • Gain visibility and control over employee use of AI tools with data loss detection and AI application visibility and monitoring

Companion provides immediate time-to-value and support to security organizations, but the power of generative AI goes beyond assistants. Custom recommendations and automation of risk remediation and threat response unique to the profile and risk thresholds associated with the customer environment present one of the largest opportunities for AI and ML to make a difference. This is inclusive of predictive and continuously updated modeling to better anticipate risks proactively.

Trend is uniquely positioned to deliver the leading AI experience due to the sophistication, breadth, and leadership of our platform — which is the only offering to combine proactive cyber risk management and quantification with the number one XDR solution on the market today. Our dedication to enabling proactive security strategies means our customers are better protected against existing and new and emerging threat activity, tactics, and campaigns including BEC, data disruption, extortionware, ransomware, and more.

The generative AI innovation Trend is introducing to its Vision One platform in 2023 builds on our near 20-year history of leadership in AI and ML technologies embedded within our protection, detection, and response portfolio including cloud app anti-spam, ransomware detection, data stacking correlation, executive profiling and impersonation, and AI-driven phishing detection.

Q3. If there's one thing you would want customers to take away from Trend Micro's participation at Black Hat USA 2023, what would it be?

We remain committed to staying ahead of threats without leaving customers behind. Our hybrid platform is stronger than ever and protects hundreds of thousands of organizations worldwide across clouds, networks, devices, and endpoints.

Sustaining Partners