Express Computer

Home  »  News  »  Latest F5 research reveals one in five APAC organisations look to AI/ML-powered solutions to tackle API security challenges

Latest F5 research reveals one in five APAC organisations look to AI/ML-powered solutions to tackle API security challenges

News
By Express Computer
0 59

APAC organisations are increasingly relying on artificial intelligence and machine learning (AI/ML) enabled solutions to tackle a wide array of security challenges around Application Programming Interfaces (APIs), according to F5’s (NASDAQ: FFIV) inaugural 2024 Strategic Insights: API Security in APAC report. The report examines the challenges and opportunities in API security in Asia Pacific (APAC), as APIs continue to power the region’s digital experiences.

With APIs increasingly being the point of attack for cybercriminals, one in five APAC organisations have adopted AI/ML technologies to detect and mitigate sophisticated threats, such as server-side request forgery (SSRF), that may be overlooked by traditional security measures. API Gateways (20%) are also widely adopted by organisations across the region for strong access control and to mitigate a broad spectrum of vulnerabilities such as unrestricted access to sensitive business flows.

“Applications have become the front door to cybercrime, and cybercriminals increasingly use APIs as the key. Across the APAC region, we have seen more attacks, with increasing speed, scale and sophistication as cybercriminals leverage AI-powered tools,” said Mohan Veloo, Chief Technology Officer for Asia Pacific, China and Japan, F5. “As such, protecting API connections and the data that runs through them has become the critical security challenge for APAC organisations, especially with many looking to deliver AI.”

“In India, we are currently witnessing a huge rise in application-based businesses, opening new avenues for cyber attackers, which has led to the rising demand for cybersecurity solutions. Businesses are prioritising investments in security infrastructure, to ensure protection for their applications. According to our 2024 Strategic Insights: API Security in APAC report, the majority of Indian businesses are prioritising API security testing, access control, and runtime protection for comprehensive API security,” said Pratik Shah, Managing Director of India and SAARC, F5. “At F5, we strive to understand our customers’ challenges through surveys, offering insights and solutions to help IT decision-makers build a strong security foundation; this report of ours is evidence of the same. The insights in this report offer a strategic overview of API security challenges and opportunities, enabling us to help our customers align challenges to solutions.”

“APAC organisations are facing unique API security challenges that differ significantly from global OWASP rankings. The research highlights the pressing need for tailored security measures to address specific risks such as Broken Authentication, Server-Side Request Forgery, and Security Misconfiguration. Countries like Malaysia, New Zealand, South Korea, and India are prioritising these issues, reflecting the diverse API adoption patterns across the region. It’s clear that a focus on robust testing, strong access control and continuous runtime protection is essential for a holistic API security approach in APAC,” said Manoj Menon, Founder and CEO at Twimbit.

While APAC organisations look to protect their APIs during runtime, many also increasingly recognise the importance of guarding APIs right from development. Having robust code security standards and practices (17.5%) has emerged as a fundamental strategy among the region’s organizations to guard APIs against a broad range of complex vulnerabilities, from Broken Object Level Authorisation and Security Misconfiguration issues to SSRF.

“Today, API security is more important, but also more complex than ever. Findings from our report clearly show that more organisations are shifting left along the API lifecycle, while still attempting to shield right. F5 is bringing advanced API code testing and telemetry analysis to F5 Distributed Cloud Services, creating the industry’s most comprehensive and AI-ready API security solution. F5 Distributed Cloud Services can offer API discovery, testing, posture management, and runtime protection, all in a single platform, allowing organisations to gain true visibility and security from code to cloud,” Veloo added.

Some key India findings from the 2024 Strategic Insights: API Security in APAC report include:
Rising Security Concerns around Broken Authentication (API2) and Server-Side Request Forgery (SSRF):

Broken authentication: Broken Authentication has been marked by 15% of respondents as a top concern, aligning with the APAC average of 15%. The prevalent use of Webhooks (37%) and REST APIs (43%) necessitates strong authentication mechanisms to prevent unauthorised access. Securing authentication processes is vital to protect user identities and sensitive data.

Server-side request forgery (SSRF): It is also a significant concern in India, with 15% of respondents indicating it as a top issue, compared to 13.8% in APAC. The high use of GraphQL (40%) and SOAP (37%) protocols highlights the importance of validating user-supplied URLs to prevent SSRF attacks. Implementing robust validation mechanisms is essential to safeguard against malicious requests.

India prioritises API security testing, access control, and runtime protection for comprehensive API security: In India, API Security Testing is the highest priority, with 57% of respondents marking it as a top concern, exceeding the APAC average of 52%. API Access Control, including Authentication and Authorisation, is another critical priority, highlighted by 47% of respondents, slightly above the APAC average of 46%. The significant use of Internal (67%) and Public (57%) APIs emphasizes the need for robust access control mechanisms, aligned with OWASP API2 and API5. Additionally, API Runtime Protection is crucial, with 43% of respondents marking it as a top concern compared to 36% in APAC, driven by the high use of Internal (67%) and REST (43%) APIs.

Significant adoption of Code security solutions: Code security solutions are the most adopted API security solutions in India, with an 18.0% adoption rate. This highlights the importance of secure coding practices and static code analysis to prevent vulnerabilities from being introduced during the development phase. By integrating code security solutions with AIML technologies, businesses can proactively identify and address potential security issues, ensuring a secure API environment from the ground up.

Critical role of API gateways in API security: API Gateways play a crucial role in India’s API security strategy, with a 16.5% adoption rate. The use of API Gateways helps manage and secure API traffic, providing essential controls for access and consumption, which is critical given India’s significant use of RPC (43%) and REST APIs (43%).

Adoption of AIML solutions for comprehensive protection: AIML solutions are another key focus for India, with a 16.5% adoption rate. The rise in the adoption of AIML solutions demonstrates India’s proactive approach to leveraging advanced technologies for comprehensive threat detection and prevention, ensuring robust security measures across dynamic API environments.

To evaluate the current landscape of API security in APAC, Twimbit conducted research on behalf of F5 in H1 of 2024, surveying 297 professionals from various sectors, including security, DevOps, SecOps, and application development. Respondents were distributed across 11 APAC markets: Australia, China, India, Indonesia, Japan, Korea, Malaysia, New Zealand, Singapore, Taiwan, and Thailand.

Get real time updates directly on you device, subscribe now.

Express Computer

Express Computer is one of India's most respected IT media brands and has been in publication for 24 years running. We cover enterprise technology in all its flavours, including processors, storage, networking, wireless, business applications, cloud computing, analytics, green initiatives and anything that can help companies make the most of their ICT investments. Additionally, we also report on the fast emerging realm of eGovernance in India.

You might also like More from author
Leave A Reply

Your email address will not be published.

LIVE Webinar

Digitize your HR practice with extensions to success factors

Join us for a virtual meeting on how organizations can use these extensions to not just provide a better experience to its’ employees, but also to significantly improve the efficiency of the HR processes
REGISTER NOW 
Powered by Convert Plus

Stay updated with News, Trending Stories & Conferences with Express Computer
Follow us on Linkedin
India's Leading e-Governance Summit is here!!! Attend and Know more.
Register Now!
close-image
Attend Webinar & Enhance Your Organisation's Digital Experience.
Register Now
close-image
Enable A Truly Seamless & Secure Workplace.
Register Now
close-image
Attend Inida's Largest BFSI Technology Conclave!
Register Now
close-image
Know how to protect your company in digital era.
Register Now
close-image
Protect Your Critical Assets From Well-Organized Hackers
Register Now
close-image
Find Solutions to Maintain Productivity
Register Now
close-image
Live Webinar : Improve customer experience with Voice Bots
Register Now
close-image
Live Event: Technology Day- Kerala, E- Governance Champions Awards
Register Now
close-image
Virtual Conference : Learn to Automate complex Business Processes
Register Now
close-image