Api security Checklist
Surface actionable API events, don’t just dump data into SIEM
Yüklə 2,4 Mb. Pdf görüntüsü
|
|
Surface actionable API events, don’t just dump data into SIEM
you should consider the funnels of data being ingested into your SIEM from the specialized tooling that is used across the organization. Assign priority levels based on risk-scoring and correlate events to produce useful signals. Realistically, this level of analysis and prioritization requires a Big Data approach, with cloud-scale storage and use of AI/ML to analyze the data at Salt I API Security Best Practices I 26 scale. Too often, organizations dump all their log and event data into their SIEM only to find that the SIEM can’t keep up or can’t provide meaningful, actionable signals. SOC teams quickly get overwhelmed as a result. In some cases, cybersecurity efforts actually focus on reducing the number of feeds into the organization’s SIEM so that the SOC can be more effective in their job of triaging and responding to security events. Summing up the best practices Enabling API security covers more than then areas of focus, and each is arguably just as critical as the next. You may opt to emphasize sets of best practices where they already have technology investments or manpower. Frequently for organizations, their API security strategy focuses heavily on security testing, API mediation, or network security. You can’t do everything at once, so where do you start? Some suggestions on how to scope the problem and prioritize activities include: ● Do security test your APIs, but know that you will also need runtime protection to catch changes that don’t go through standard build process and abuses that testing tools aren’t designed to find. ● Ensure that you are covering all of your environments and your digital supply chain, which is more than just the APIs mediated by your API gateways or API management suite. ● If you do nothing else, focus on runtime protection as a way to “stop the bleeding,” slow down attackers, and buy time for application and API teams. To avoid being overwhelmed, pick a few best practices areas as a starting point that are most familiar. Expand over time the other sets of best practices since any other approach will leave gaps in your API security strategy. Ideally, you should consider purpose-built API security tooling that addresses the many elements of API security. API security tooling should be able to offer a range of capabilities throughout the lifecycle and provide the necessary context to stop attacks and data exposures for your organization’s unique API business logic. Salt I API Security Best Practices I 27 |