GenAI has the promise to transform companies, and introduce a lot of security risk.
One of the main benefits of GenAI relates to the modernization of apps. Most companies are going through some type of app modernization. They are responding to the market by delivering better and better experiences to their customers. This is largely done through the experience people have with their apps. This ranges from banking to healthcare to travel and everywhere in between. At the core of this modernization are APIs. APIs essentially power modern applications. We visualize this in the image below.
Most modern apps are a collection of APIs working in a coordinated fashion to deliver a positive end-user experience.
But how do you develop modern apps in modern times? It’s a challenge for developers to keep up with demands. But it gets even more challenging for them when they have to learn multiple languages and frameworks. No one can be an expert in everything.
When you combine the relentless march to improve customer experiences as fast as possible through the constantly changing and updating apps, you have a perfect storm of a problem that needs a solution.
That solution is GenAI. GenAI helps developers create code at a super fast pace and volume. This is great for business. It is a nightmare for security teams. Here’s a recent ad that IBM did on how to help developers in their jobs. They use Watson X Code Helper. Again, great for developers. Big challenges for SecOps, DevOps and compliance teams.
Remember the three parts of the API Security Journey: Continuous discovery of APIs, Posture Assurance (combined with discovery creates Posture Governance) and Threat Protection.
As code is developed with GenAI, the speed and volume make it impossible to keep up in these areas. APIs are developed and pushed out quickly but how do you keep up with knowing what you have? At the same time, you have policies that you’ve put in place or may be industry policies you need to keep up with. How can you keep up if you are being bombarded with new APIs or versions of those APIs daily? Of course the last step in the journey is better known but still is a challenging step. With new APIs coming in all of the time, how can you sort through billions of API calls every month to pull out the ones that are malicious?, It’s impossible to keep up and protect yourself.
Until now.
Today, we are introducing Salt’s new AI-infused API Security Platform powered by Pepper, our AI brain.
This new platform infused AI throughout each stage of the API Security Journey.
- Enhanced API Continuous Discovery: At the outset, Salt Security’s AI engine excels in the discovery phase by acting as an exhaustive investigator across the application landscape. It leverages machine learning to automatically detect all APIs, including those that are undocumented or embedded within microservices, ensuring comprehensive visibility over the network, leaving no API hidden and vulnerable. This level of comprehensive discovery is unparalleled in the industry, ensuring that no API remains unnoticed or vulnerable. While APIs are continuously created at speed by GenAI, the Salt Platform continually analyzes the API ecosystem to ensure the inventory is up to date.
- API Posture Assurance: Moving to the next phase, Salt Security employs its AI-driven Posture Governance to monitor and analyze API configurations proactively. This AI system is adept at identifying deviations from security best practices and highlighting insecure configurations. By maintaining continuous surveillance, Salt Security aids organizations in upholding a robust API security posture, thus preventing potential breaches.
- Robust API Behavioral Threat Protection: In the crucial phase of threat detection, Salt Security’s patented Behavioral Threat Protection comes into play. The AI system analyzes API traffic in real-time, drawing from extensive datasets of known attack patterns. It is capable of detecting anomalies, suspicious activities, and potential zero-day exploits. Moreover, its adaptive learning algorithm, which evolves based on new data and past incidents, provides a dynamic and robust defense mechanism that is critical in today’s fast-paced threat environment.
In addition to the API Security, we also use Pepper to power our knowledgebase. And we use Pepper to help guide people in the product to perform certain functions they may need making the Salt API Security Platform intuitive and easy to use.
We are excited to bring another innovation to the category we created six years ago. And we’re not resting. You’ll see more from us this year as we continue to outpace our competition and solve the real problems our customers are facing.
We are very proud of this achievement and what it means for our current and future customers and partners. To learn a little more, please join us for webinar where we’ll discuss more in depth by registering here.
*** This is a Security Bloggers Network syndicated blog from Salt Security blog authored by Michael Callahan. Read the original post at: https://salt.security/blog/enabling-genai-with-ai-infused-api-security