Edgio announced the availability of its new API Security solution that uses machine learning (ML) to discover and protect enterprise Application Programming Interfaces (APIs) from evolving threats. The latest addition to Edgio?s Security platform reduces the risk of API-specific attacks and through simple integration with developer workflows enables strong application performance and accelerated application release velocity. The rapid growth of APIs used to build microservices in cloud-native architectures has left many enterprises in the dark when it comes to knowing where, how many, and what types of APIs they have.

With multiple teams creating their own API endpoints without shared visibility or governance, exposed APIs can become a critical attack surface for hackers. Edgio uses ML to inspect both application traffic patterns and content to ensure API endpoints are discovered, managed and secured. The launch of the Edgio solution comes at a time when API abuse is on the rise.

According to the Veracode State of Software Security 2023, 74% of applications scanned in 2023 were found to have a high severity vulnerability. Available immediately to customers worldwide, Edgio is delivering this service as part of its fully integrated, holistic Web Application and API Protection (WAAP) solution for greater visibility with less complexity, giving customers the ability to respond to threats quicker. With its ML-powered API discovery capabilities, enterprises can easily onboard API endpoints on the Edgio platform via OpenAPI, and enforce encryption, API rate limiting, and other controls across identified APIs without tedious manual processes or bolt-on solutions.

This ensures consistent security practices and mitigates the risk of unauthorized access or data breaches from unknown or hidden API endpoints. In addition, Edgio now offers a positive security model via API schema validation to ensure that only API requests with the proper specifications are allowed access while mitigating invalid API requests. APIs rely on structured data formats, such as JSON, to communicate information between systems. The positive security model allows customers to verify that the data being transmitted adheres to the defined structure and format via standard OpenAPI specs, preventing malformed or unexpected data from causing errors or the exploitation of security vulnerabilities i.e., SQL injection attacks.

It also prevents malicious API calls from overloading the application by filtering them out at the point of origin. As part of Edgio?s Dual WAAP, the solution allows DevSecOps to test and validate API schema changes in production via an additional audit profile to lower the risk of blocking legitimate traffic and decrease the mean time to resolution (MTTR) with faster testing. Rule changes can be deployed across the entire network in under 60 seconds to close the door on attackers.