The document discusses monitoring and responding to API breaches. It notes a large increase in API traffic and attacks in recent years as companies increasingly leverage APIs. Responsibility for API security is often unclear as it involves multiple teams. Many companies secure APIs the same way they secure web applications, which can be insufficient. The document recommends establishing API discovery, threat monitoring, integration with security platforms, and log retention to aid in prevention, detection during incidents, and post-incident forensics. Tools like WAFs, API gateways, and testing can help, but a holistic approach across the development lifecycle is needed to properly secure APIs.

1. Monitoring and Responding
to API Breaches
API SECURE 2022
Carolina Ruiz
Brier & Thorn

2. THE
THREAT
LANDSCAPE
Companies are leveraging APIs more frequently. With
a total increase of API traffic of 321% (Salt Security,
2022) in comparison to last year.
With the majority of the companies cite
• Development Efficiencies/ Standardization
• Platform System Integrations
• Cloud Migration
As the main drivers behind the use of API.
In 2021, a total increase of 681% (Salt Security. 2022)
of attack traffic for APIs was detected.
“Gartner predicts that by 2022,
application programming interface (API)
attacks will become the most-frequent
attack vector...” Companies are struggling to keep up with the
deployment of APIs unable to perform security testing
fast enough .
A narrow view on API Security, viewing prevention
as the only security strategy.

3. THE
THREAT
LANDSCAPE
Platform or Product Team ,
2% Other , 1%
DevSecOps, 12%
DevOps, 11%
Developers, 29%
AppSecTeam , 21%
API Team , 14%
Infosec , 10%
A multi- department approach is needed to tackle
all of the challenges with API security.
Efforts to fill in the gaps in knowledge regarding
API security is necessary for all teams involved.
Companies are struggling to define responsibilities
for API Security.
41% Companies secure their APIs in the same way that
they secure their web applications (Dark Reading,
2021)

4. WHAT
ABOUT
MONITORING
PREVENTION RESPONSE FORENSICS
Before the Incident During the Incident After the Incident
API Discovery Behavior and Analytics
Identify your business as usual
Threat Monitoring
Log and identify malicious activity
Integration
Consolidate to a security platform
(e.g. SIEM, XDR)
Use Case Creation
e.g Create alarms based on
applicable use cases.
Log Retention
Historical logs will prove critical
during forensics effort.
Shadow API: APIs that existing outside
of the official maintenance processes.
Zombie API: Forgotten APIs
T O O L S 1 0 1 T O O L S +
CDN/
ADC
WAF
API
GATEWAY
Helps with latency, reliability and traffic spikes and
provides some protection against volumetric DDOS
Attacks
Will provide protection against application layer
attacks such as SQL injection, cookie poisoning and
cross-site scripting (XSS).
Supports companies in routing API request,
aggregating API responses etc.… whilst protecting
against an array of vulnerabilities. (e.g. Invalid input)
Dynamic and Static Application
Test
API Penetration Testing

5. Q&A
www.brierandthorn.com
www.linkedin.com/company
/brier-&-thorn
@brierandthorn
www.brierandthorn.com.mx
https://mx.linkedin.com/company/b
rier-&-thorn-mexico-s-a-p-i-de-c-v
@BrierandThornMX
Brier & Thorn Inc. Brier & Thorn México Carolina Ruiz
www.linkedin.com/in/carolinamruiz
@RuizCarolinaM