SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
Cloudflare responds to API security issues with new solution
Fri, 18th Mar 2022
FYI, this story is more than a year old

Cloudflare has announced the Cloudflare API Gateway, providing businesses a way to protect and control all of their APIs (application programming interfaces).

Organisations are using APIs more than ever before, yet many of them struggle to secure this traffic as legacy solutions are often expensive, overly complex and slow, the company states.

To resolve this issue, Cloudflare API Gateway is designed to simplify the process of identifying, securing and managing APIs of any protocol on a large and interconnected network.

According to Cloudflare, the world runs on APIs, with phones, smartwatches, banking systems,and shopping sites all relying on APIs to communicate. In fact, API traffic generates more than 50% of all the HTTP requests on Cloudflare's global network.

With this explosive growth it has become more critical than ever for businesses of all sizes to have robust protection and a clear view of their API suite.

According to Gartner: “API security challenges have emerged as a top concern for most software engineering leaders, as unmanaged and unsecured APIs create vulnerabilities that could accelerate multimillion dollar security incidents.

According to Cloudflare, traditional legacy solutions are often difficult to implement, expensive to run and slow. Cloudflare API Gateway provides a single hub allowing businesses to discover APIs they weren't aware of and secure them in a few clicks.

According to the company, with Cloudflare API Gateway, businesses will be able to:

Identify and stop API abuse: Leveraging Cloudflare's unique Machine learning engine that processes 32+ million requests per second, customers can now automatically analyse their API traffic to detect and prevent API abuses.

Automatically detect unmanaged APIs: As API use grows, sometimes developers may publish APIs that security teams aren't aware of. Cloudflare API Gateway passively scans the entire network and automatically lists API endpoints for complete visibility.

Create and manage APIs directly with Cloudflare Workers: Customers will be able to use integrations with Cloudflare Workers to create lightweight, dynamic APIs that run at our edge.

Offload authentication and authorisation: The gateway will support industry protocols like OAuth 2.0, JSON Web Tokens (JWT) as well as leverage authentication methods available in Cloudflare Access such as Mutual TLS and service tokens.

Route, log, and measure API requests: Cloudflare's existing products, like Transform Rules, will introduce native gateway functionality without adding latency, helping keep Cloudflare's API Gateway as fast as possible. Schema Validation, API Discovery, mTLS, and API Abuse detection are available today, with remaining features coming later this year.

Cloudflare CEO and co-founder Matthew Prince says, “APIs were never built with security in mind. Yet, today APIs are involved in nearly every app a consumer or employee touches, often carrying our sensitive personal data. Every day Cloudflare's network blocks about 86 billion cyber threats for our customers.

"We're confident that no other API tool sees the breadth or volume of threats that we do. We've built next generation AI and Machine learning engines that take API management to a new level; automatically detecting new APIs and preventing threats.

"As with other Cloudflare products, API Gateway will do all of this at a fraction of the cost and without the latency introduced by legacy solutions.