In response to the increasing usage of APIs by threat actors to breach data from cloud applications, Microsoft is rolling out a public preview of Defender for APIs, a new offering part of Microsoft’s Defender for Cloud platform.
Through an integration of Defender for APIs with Azure API management, security teams can use the Defender for Cloud portal to gain visibility into business-critical Azure APIs and gain a better understanding of their security posture while identifying vulnerabilities and threats via machine-learning powered suspicious API usage detections, the company says in a blog.
According to Microsoft, this is a “holistic approach” to API security within the Microsoft Defender for Cloud platform.
Specifically, Defender for APIs provides visibility of APIs with a new unified view of APIs published across all Azure API management services and provides risk profiling insights curated based on factors such as broken or missing authentication, externally exposed, unused API endpoints and more. This helps admins identify which APIs are exposing sensitive data using data classification capabilities within API request and response bodies.
In the event that a threat actor bypasses proactive hardening controls and compromises an API, Defender for APIs provides threat detection capabilities to detect attacks against the top Open Worldwide Application Security Project (OWASP) API threats, such as data exfiltration, volumetric attacks and more, Microsoft says. This gives security teams a view of active API threats, suspicious activity from runtime traffic monitoring and threat intelligence feeds.
In addition, Defender for APIs integrates with Microsoft Sentinel and other popular SIEM solutions to enable SOC teams with faster and more efficient remediation efforts, the company says.
To get started, admins already using Azure API Management can use the Azure API Management or Defender for Cloud portals. API security assessments and hardening recommendations will be shown automatically in Microsoft Defender for Cloud portal under security recommendations, and API security mitigations can be implemented directly in the Azure API Management portal, the company says.
