Apiiro + Akamai technical alliance: Complete code-to-runtime API security

We’re thrilled to announce our technical alliance with Akamai to deliver complete, code-to-runtime API security with one seamless integration. We’re connecting the power of Apiiro’s application security posture management (ASPM) platform and Akamai’s runtime API security to seamlessly secure APIs from code to production.

Why Apiiro + Akamai?

Deeply rooted in the cloud, Akamai’s API Security continuously monitors API network traffic to discover APIs, identify vulnerabilities, and detect threats and logic abuse. Enhanced with advanced threat detection using AI and behavioral analytics, Akamai enables organizations to know exactly what API risks exist in runtime.

Apiiro’s code-based approach to API security testing is built directly into our ASPM platform, leveraging deep code analysis technology to create a complete inventory of APIs, surface potential API risks, and connect APIs and their risks to their source and owner in code. Apiiro also monitors for material changes made to APIs in code, helping to trigger threat models, security code reviews and penetration testing based on potential risks. 

This integration augments Apiiro’s code-based API security capabilities, enabling mutual customers to ingest runtime findings from Akamai API Security and get the code-to-runtime API context needed to:

• Reduce the mean time to remediation (MTTR) of critical API risks to your business.
• Prevent API weaknesses from being deployed to production, saving valuable time proactively vs. reactively addressing risk.
• Modernize your application risk assessment processes that are based on self-attestation questionnaires by proactively triggering reviews based on risky material API changes in code.
• Prioritize business-critical API security issues, reduce false positives, and save time triaging backlogs and fixing risks. 
• Minimize API security testing gaps and ensure more complete coverage.

Correlation of runtime Akamai findings to their root cause

Runtime API security solutions like Akamai API Security give security teams real-time detection of vulnerable APIs and business logic abuse. But when an API vulnerability is detected, tying it back to the code and the person or team responsible for fixing it can be easier said than done. 

This integration makes that process smoother so that when API risks are detected in Akamai, security teams now have full visibility into code context from Apiiro—including the root cause, the repository it’s located in, the specific line of code, and the associated code owner.

Layering runtime and code context gives application security and development teams an accurate understanding of what is a real risk and ultimately helps reduce the mean time to remediation (MTTR) of critical API risks to your business.

Complete code-to-runtime API discovery

With our deep code analysis, Apiiro continuously inventories all APIs and data models and audits all activity in repositories to detect new and material changes to APIs and surface weaknesses before they’re committed or deployed. Powered by our Risk Graph, Apiiro can also highlight APIs connected to sensitive data (i.e., PII, PCI, PHI) or other security weaknesses.

This level of code-based visibility and ability to discover API components vulnerable to misconfigurations, code logic flaws, design flaws, and common coding errors is an important complement to runtime API security.

Having code-to-runtime visibility of your API estate helps not only discover shadow APIs but also enables developers to prevent API weaknesses from being deployed, saving time spent reactively addressing risk. Apiiro’s proactive approach also helps modernize your risk assessment processes and proactively trigger security reviews based on risky material API changes in code.

Prioritization of API risks in code with runtime context from Akamai 

Determining whether or not an API weakness in code is actually risky to your organization—and to what degree—depends on the likelihood (i.e., a risk in a publicly exposed API is more likely to manifest as a real risk) and impact (i.e., an API handling sensitive data has a greater potential impact) a risk has on your business. 

By connecting Apiiro’s deep contextual knowledge of code and insight into API behavior and threats in runtime from Akamai’s API Security, you can more accurately determine a risk’s likelihood and impact and prioritize business-critical API risks. 

Fusing code and runtime context enables teams to prioritize business-critical API security issues, reduce false positives, and save time triaging backlogs and fixing risks. 

Visibility into API security coverage and gaps

It can be challenging for AppSec teams—especially within large organizations—to know exactly what security testing is being done where. As part of our ASPM and deep code analysis, Apiiro maps security testing coverage, including from Akamai, across all code repositories. 

That coverage mapping, tied to Apiiro’s code-based insights (i.e., handling of sensitive data, amount of risky changes), can help dictate where security testing should be done and where gaps exist. For example, you may want to ensure that all high business impact (HBI) applications or repositories containing APIs and sensitive data—which you can surface using Apiiro’s Risk Graph Explorer, as seen below—are covered by Akamai. 

Ultimately, this insight has the ability to minimize API security testing gaps and ensure more complete coverage.

Unifying API risk management from code to runtime

Apiiro’s integration with Akamai API Security empowers teams to streamline their API discovery, testing, prioritization, and remediation with continuous and complete visibility of APIs and API risks from development to runtime. This integration is the first step in providing an integrated view of API risks that unifies code and runtime insights so teams can proactively secure their APIs and efficiently prioritize and remediate API risks. 

Read more about the technical alliance on the Akamai blog or get in touch to see the integration in action.