Microsoft bolsters cloud-native security in Defender for Cloud with new API security capabilities

Application Programming Interfaces (APIs) power modern applications, fuel digital experiences, and enable faster business growth. APIs are at the heart of communication between users, cloud services, and data – more and more so as organizations move from monolithic to microservice based application architectures. But the interesting challenge is that APIs are loved by developers and threat actors alike. Threat actors increasingly use APIs as their primary attack vector to breach data from cloud applications, which means API security is now a critical priority for CISOs.

To combat API security threats, we are thrilled to announce the public preview of Defender for APIs, a new offering as part of Microsoft Defender for Cloud – a cloud-native application protection platform. CTOs rely on Microsoft's industry-leading Azure API Management platform to manage their most critical APIs. Now through the integration of Defender for APIs with Azure API Management, security teams can use the Defender for Cloud portal to gain visibility into these business-critical Azure APIs, understand their security posture, prioritize vulnerability fixes, and detect and respond to active runtime threats within minutes – using machine-learning powered anomalous and suspicious API usage detections.

Why is API security a critical priority for cloud security practitioners?

-based application architectures, and multi-cloud application footprints have amplified the magnitude of APIs drastically, which further adds complexity to API security. There is rarely a single access point at which API security can be enforced. The existing perimeter-based security toolchain provides necessary capabilities like access and traffic control and rule-based security controls but lacks API behavioral knowledge, which leaves a big hole in API security.  As covered by BBC News Sydney, in late 2022, Australia's largest telco Optus suffered an API breach impacting over 10 million customers, equivalent to 40% of the Australian population, whose personal details were compromised, costing the company over $140 million to cover the cost of the breach. According to publicly reported details, the breach occurred through an unprotected and publicly exposed API. This API didn't require user before facilitating a connection, which meant anyone that discovered the API on the internet could connect to it and mine it for customer data without credentials. 

And Optus isn't alone. There has been a dramatic rise in cloud application development as companies deliver new value to their customers and modernize their applications. Cloud applications are increasingly API-centric with APIs at the core of data exchange. Experian, Twitter, and many other organizations across industries have succumbed to high-profile API breaches costing them hundreds of millions of dollars. A single vulnerability can leak volumes of sensitive data, cause service disruptions, and compromise applications – resulting in financial, reputational, and legal damages. Cloud security practitioners are racing to include API security as part of their overall cloud security strategy. 

Microsoft's approach to API security

Microsoft is building API security capabilities directly into Microsoft Defender for Cloud – a cloud-native application protection platform. With Microsoft Defender for Cloud, organizations get centralized visibility, governance, attack path analysis, risk prioritization, multi-cloud threat protection across the full lifecycle of cloud applications – in a single portal on a single platform. This approach helps limit blind spots, provides a single-pane-of-glass view and much needed contextual insights to get ahead of threat actors in the ever-evolving threat landscape.

Defender for APIs helps organizations prevent, detect, and respond to API security threats with a holistic approach to API security built within the Microsoft Defender for Cloud platform. With today's public preview, we're enabling the following capabilities:

Classify and understand the risk profile of your APIs. 
Security starts with visibility. Within the Defender for Cloud portal, customers will have a new unified view of APIs published across all Azure API management services. Defender for APIs eliminates organizations' blind spots and unifies visibility into the most important and sensitive APIs through risk profiling insights. These insights are curated based on factors such as broken or missing , externally exposed, unused API endpoints, and more. You'll also be able to identify which APIs are exposing sensitive or PII data using the data classification capabilities within API request and response bodies.


Harden API configurations and prioritize risk remediation.   
Reducing risk and the is critical for an effective security strategy. With Defender for APIs, security teams can easily assess API gateway security controls against in both runtime and infrastructure-as-code templates. Customers can use simple graph-based queries to quickly find APIs with commonly exploited attack vectors such as publicly exposed and unauthenticated API endpoints and harden their configurations. 

Moreover, existing capabilities in Defender for Cloud help correlate threat signals and build prioritized attack paths, so you can holistically address your API and cloud risk on a single platform.  This approach helps minimize blind spots that exist with siloed best of breed tools approach to cloud security. APIs being the entry point into the cloud applications, and the topmost attack vector, API insights are a critical part of the cloud attack path analysis. 


API threat protection and comprehensive OWASP API top 10 coverage.  
Security is only as good as its weakest link. If a threat actor bypasses all proactive hardening controls and compromises an API, you need the ability to identify the threat actor in action, take necessary steps to investigate the attack, and tune additional prevention controls. For defense in depth coverage, Defender for APIs provides capabilities to detect attacks against the top Open Worldwide Application Security Project (OWASP) API threats, including data exfiltration, volumetric attacks, and more. With Defender for APIs, security teams get an eye-on-glass view of the active API threats, anomalous and suspicious API usage patterns from runtime traffic monitoring and feeds. And finally, Defender for APIs integrates with Microsoft Sentinel and other popular SIEM solutions to enable SOC teams with faster and more efficient remediation efforts.  


Start today!

If you are already using Azure API Management, you can now get deeper API security capabilities with Defender for APIs integration. Onboarding Defender for APIs is easy and takes minutes from Azure API Management or Defender for Cloud portals. API security assessments and hardening recommendations will be shown automatically in Microsoft Defender for Cloud portal under security recommendations. API security mitigations can be implemented directly in the Azure API Management portal. 

Microsoft Defender for APIs preview is now available in most Azure commercial regions. To learn more about Azure API Management and Defender for APIs integration, read our documentation, and to learn more about Defender for APIs, 

  • Watch this webinar,
  • See us at RSA – booth #6044N,
  • Start a trial here.


This article was originally published by Microsoft's Defender for Cloud Blog. You can find the original article here.