Upwind Security unveils feature for safeguarding APIs
Upwind Security has announced a new feature for automatic discovery and classification of sensitive data flows within its API Security suite.
The latest addition to the company's platform aims to assist organisations in proactively identifying and securing sensitive data transferred through APIs, thereby bolstering data protection and mitigating risk. This development comes amid a marked increase in cyberattacks targeting APIs.
Recent research conducted by CheckPoint has found that attempts to attack Web APIs have surged by 20% in 2024, impacting one in every 4.6 organisations weekly. Upwind's new feature is designed to address this growing threat, providing the means for organisations to safeguard their most sensitive information.
Upwind's solution will automatically track and classify sensitive data routes, categorising them based on PCI (Payment Card Industry), PII (Personally Identifiable Information), and PHI (Protected Health Information) standards. The feature detects sensitive data patterns at the packet level, ensuring that such information remains protected and does not leave the customer's environment.
Specifically, Upwind assigns a sensitive data tag to API requests containing such data and classifies these by type, such as PCI for credit card numbers or PII for personal identifiers. This function is powered by Upwind's eBPF-based sensor, which simplifies the identification of elevated risk areas for security teams.
The use of eBPF technology allows Upwind to eschew costly traditional methods like traffic mirroring or dependence on static API definitions, which can be outdated or incomplete. This advancement is integrated with Upwind's existing capabilities, which analyse workload behaviour to secure against API-related threats and attacks effectively.
Through dynamic cataloging and real-time mapping of APIs, along with analysis of actual traffic, Upwind's API Security solution provides substantial visibility with minimal performance impact. The automated tracking within this feature allows organisations to better understand and prioritise security risks associated with API data flows, facilitating quicker remediation and a proactive stance in sensitive data security.
Amiram Shachar, Upwind's Co-Founder and CEO, commented, "Upwind's API security for sensitive data flows was designed to empower security teams by cutting through the noise and zeroing in on the most critical risks. As API traffic continues to surge, it's crucial that organisations have the tools to not only identify vulnerabilities but also address them before they lead to breaches. Our goal is to provide a clear path to securing sensitive data in real-time, helping businesses stay ahead of an increasingly complex threat landscape."