Just as pants are most likely to split along the seam, enterprise also risks holes opening up along the seam between systems: APIs. The scope of the potential problem is clear, with 78% of engineering teams managing upward of 250 API keys, tokens, or certificates. It makes sense that API leaks are becoming more common — with a reported rise of 681% in 2021 alone — as tech stacks get more complex and software supply chains grow longer.
To help organizations ward off these intrusions, API security company Wallarm recently added a feature called API Leak Management to its End-to-End API Security bundle. Now in early release, the solution will alert you when it detects a leak, allowing security staff to quickly revoke and block the leaked key through a unified interface.
The new capability automates detection, remediation, and control to protect API secrets. It continuously monitors public sources for leaked API keys and resources. If any are found, the software revokes the key and blocks requests that reference it across the client's entire presence. API Leak Management then continues to automatically monitor and block future attempts to use leaked secrets.
Numerous high-profile breaches in 2022 trace back to losing control of API keys and other secrets, including CircleCI, Twitter, and Optus. Such breaches cost companies an average of $1.2 million annually, which makes API security an imperative priority for enterprises.
Attackers commonly target API keys and secrets because they provide direct access to the data and infrastructure, according to Ivan Novikov, CEO and co-founder of Wallarm. "Our API Leak Management solution allows enterprise customers to automatically detect and block the use of leaked API keys, providing an additional layer of security for their data to reduce organizational risk," he said in a statement.