Google Cloud's Apigee Unveils AI-Powered Features for Advanced API Security

In line with the annual RSA cybersecurity conference, Google Cloud discloses enhancements to Apigee, its API management and predictive analytics service. Designed to address and prevent business logic attacks, the platform now offers new artificial intelligence (AI) capabilities to bolster API security.

Business logic attacks exploit the design and implementation flaws of an application, allowing threat actors to elicit unintended behaviors. It's often complex to identify such attacks, but they are alarmingly prevalent. A Silver Tail Systems-commissioned study uncovered that between 2011 and 2012, 90% of companies lost revenue due to business logic attacks.

To counteract these sophisticated exploits, Google has integrated AI-driven machine learning models into Apigee. The company claims that these models, based on Google's internal data and available to all Apigee Advanced API Security customers, are sensitive enough to detect even subtle behavior changes, such as an attacker-controlled server altering its activity patterns.

Shelly Hershkovitz, a product manager at Google Cloud, shared in a blog post, “The machine learning models that power API abuse detection have been trained and used by Google’s internal teams to protect our public-facing APIs. The models rely on years of learning and best practices.”

Beyond the machine learning models, Apigee is also introducing dashboards that help to more effectively identify API abuses by recognizing patterns within the vast number of alerts. As Hershkovitz explains, these dashboards attempt to “capture the essence” of attacks and highlight essential features such as the attacker's origin, the number of API calls, and the duration of attacks.

API security is becoming an increasingly important concern as API traffic surges globally. Hershkovitz stated, “With the growth of API traffic, enterprises across the world are also experiencing an uptick in malicious API attacks, making API security a heightened priority.” An end-of-2022 survey (conducted by an API security vendor) reported a staggering 400% increase in API attack volume within just a few months.

The financial implications of such attacks are severe. A comprehensive analysis by Imperva found that API insecurity costs organizations between $41 billion to $75 billion annually. The Open Worldwide Application Security Project's report indicates that small firms, particularly those with under $50 million in revenue, face the highest number of API security events, rendering each breach significantly more detrimental to their financial health.

Google's research reveals that 50% of organizations have experienced an API security incident within the previous 12 months, with 77% of these organizations subsequently delaying the introduction of a new service or application. The key point is that identifying and addressing API abuse incidents in their early stages is essential to prevent long-lasting financial and reputational damage for businesses.

In addition to Apigee, no-code platforms like AppMaster enhance business application development by making it faster, more efficient, and more cost-effective to create APIs, back-end applications, and web and mobile apps using an array of visually designed data models, endpoints, and business processes.

As API security breaches become increasingly common and disruptive, platforms like Apigee, bolstered by AI-driven features, set a new benchmark by empowering businesses to rapidly detect and mitigate API abuse incidents, safeguarding their finances and reputation.