FireTail at SecOps Vision for 2024

FireTail CEO Jeremy Snyder speaks about the importance of API security at SecOps Vision for 2024.

FireTail at SecOps Vision for 2024

SecOps Vision for 2024, powered by Techstrong Learn, gave industry professionals the opportunity to connect and share security strategies. The virtual event was attended by a diverse range of cybersecurity practitioners and leaders who are pushing the boundaries of SecOps practices to form effective, innovative security teams.

FireTail CEO, Jeremy Snyder, was pleased to provide the assembled audience with insights into the importance of API security at the intersection of cloud and application security.

Key points covered in the talk:

  1. The critical role of APIs: APIs facilitate communication between applications, accounting for about 83% of all internet calls today. API calls transmit sensitive information like personal details and payment data across multiple parties in various transactions, making them a significant security concern.
  2. APIs as the primary attack surface: With APIs becoming the most prevalent attack vector, focusing on API security is crucial. APIs account for approximately 90% of web app attack surfaces and over 70% of modern breaches involve APIs.
  3. Risk factors and challenges: Top risk factors in API security are authentication and authorization. Another big challenge is that developers often get ahead of security, leaving security teams behind.
  4. Addressing API security challenges: A security posture management that involves discovering, observing, and assessing APIs against security best practices is crucial for API security. Developers should also be educated about about security considerations in API design.
  5. Evolution of cloud security: There's been a shift in cloud security breaches over the years, from initial misconfigurations (like open S3 buckets) to attacks leveraging APIs to gain access and move laterally within cloud environments.
  6. Role of API Ops in enhancing security: API Ops can bolster security monitoring API design and usage, collecting telemetry data, ensuring the conformity of request and response patterns, and reducing excessive data exposure.

Jeremy's talk provides insights into the evolving landscape of API security, and emphasizes the need for a proactive approach to secure the burgeoning API-centric development paradigm.

A big thank you to the team at SecOps Vision for 2024 and we look forward to seeing what the next year of API security has in store for us!