APIs increasingly make the world go round, but they also pose a huge vulnerability for determined cyber attackers, warns security platform Akto. The California-based start-up, which is announcing $4.5 million seed capital today, thinks it has the answer.
For the uninitiated, an Application Programming Interface (API) is a piece of software that allows two different computer programs to talk to each other — think of a retailer requesting your information from your bank when you pay for something, or a price comparison service that offers quotes. from auto insurer websites. APIs are therefore vital as the world is increasingly connected digitally.
The problem, explains Akto co-founder Ankita Gupta, is that cybercriminals like to target these links between different programs. “APIs are constantly pulling data from one place and moving it to another, and they are extremely vulnerable in the process,” she says. “Some of that information may be harmless, but what if it’s your confidential personal information or your payment information?”.
It is not an empty warning. A recent report documented a 700% increase in API attack traffic over the past year, as market research specialist Gartner believes APIs will prove to be the most widely used attack vector for cybercriminals by 2022. A recent high-profile breach, exposing 9.8 million consumer data records at Australian telecom company Optus, is widely attributed to an API weakness.
“This is what we’re trying to solve,” Gupta added. “Until now, there has been no automated security solution for API protection – our plug-in-and-play platform closes that gap.”
Akto’s platform offers two crucial services, the company says. First, once installed, it identifies every API that your business is exposed to. One problem many companies have, Gupta explains, is that they simply can’t keep up with all the APIs they’re linked to through relationships with other organizations and developers. Akto will therefore provide an instant directory of these links, instead of IT having to waste precious time trying to keep up with them.
Second, the company maintains a constantly updated list of known API vulnerabilities and weaknesses; its software then scans customers’ APIs for each of these issues and, where it finds them, offers advice on how to rectify them.
In an ideal world, says co-founder Ankush Jain, customers will use Akto’s platform before agreeing to deploy partner APIs — avoiding problems up front. But the platform can also be used to scan APIs already in use for vulnerabilities – and to continue scanning APIs as the list of known vulnerabilities is updated. “It’s better to identify these issues as early as possible,” says Jain. “But you have to keep scanning to stay on top of the problem.”
Akto founders Ankush Jain and Ankita Gupta
Akto launched late last year and works with customers on a closed beta basis, although it has already scanned over 100,000 APIs for customers around the world. Part of the appeal, the users say, is that the platform can be up and running very quickly, scanning the client’s API exposure within minutes of installation.
The next phase for Akto is the commercial launch. It will operate as a software-as-a-service company, offering a free “community” version of its platform for those who only need limited functionality and have a limited number of APIs. “Team” and “Enterprise” versions of the platform come with a monthly subscription fee.
“We want to launch the largest API security platform in the world in the coming years,” says Gupta. She believes Akto’s Community could attract as many as 10,000 new members by the end of the first quarter of 2023.
The growth plan will be supported by the additional financial firepower that today’s seed round gives the company. The $4.5 million will come from Accel India, which leads the round, as well as a group of angel investors, and is earmarked for further product development and market outreach.
“APIs are ubiquitous — they’re the glue that allows any software to deliver rich functionality — but until recently, not much thought was put into securing them,” said Prayank Swaroop, a partner at Accel India. “Akto’s approach and technology provides a reliable, scalable, easy-to-install and accurate API security solution.”