API security company Wallarm announced Frdiay that it had opened a preview period for its newest offering — an active scanning system that checks through public sources of compromised API data, alerts users, and provides automated responses if a compromise is detected.
The API Leak Protection feature, which will be deployed via Wallarm’s existing End-to-End API Security platform, takes advantage of that platform’s inventory of a given organization’s APIs. The system checks those APIs against compromised data found in known public sources of leaked API information — Pastebin, public repositories, and even dark web sources. It then revokes all access to requests made with compromised tokens, and blocks future requests from using them.
The approach, according to Ivan Novikov, Wallarm’s CEO, diverges from the usual approach to API compromise detection.
“Instead of starting with a specific API key or key pattern and trying to boil the ocean, we start by understanding the API specs & traffic from a specific customer/company,” he said in email. “From this, we learn what and how API keys and other secrets are being used.”
Cyberattacks target compromised API data
API security is a crucial consideration for almost all businesses in 2023. The increasingly software-dependent nature of IT operations, with the shift to the cloud, devops and the rise in operational tech like IoT, means that more and more systems are vulnerable to software-based attack techniques that target compromised API data. Wallarm, in a company blog post, noted that several factors are exacerbating that problem, including tighter schedules for engineering teams, increasingly complicated technology stacks that can contain a mix of older and new API technology, and enormously complicated software supply chains.
“Leakage of API keys and other secrets can happen for many reasons — due to developers’ mistakes, missing repository access controls, insecure use of public services, and data disclosure accidents by contractors, partners and users – which makes it extremely difficult to manage and protect against,” Wallarm said. “It’s important because such leaks can pose a significant security threat to companies, as they can expose sensitive information, lead to account or system takeover, or worse.”
Attacks of this type have already made headlines. Slack suffered a minor compromise of its externally hosted code repositories due to employee tokens being stolen in December 2022, and technical data was stolen from LastPass in a similar way last year, as well.
Existing Wallarm customers can reach out to their support representative or account manager to be included in the early access program for Leak Protection. It’s priced based on request volume. The company said that the product will be made generally available in response to customer demand and positive feedback, which Novikov said will likely be “a couple of months.”