Wib launches high-definition risk engine – the first risk-ranking solution to meet OWASP standards for API security
API lifecycle security expert Wib, through its unified API Security platform has announced the launch of its a high-definition risk engine that gives the richest picture yet of API security threats, enabling organizations to manage API risks with greater certainty, accuracy and in alignment with published OWASP Risk Methodology standards.
Part of the company’s Fusion Platform, Wib’s high-definition risk engine is the first to meet OWASP’s requirements for effective API risk prioritization. Wib’s solution spans the complete API lifecycle from code development, through testing, and into production, and calculates the three critical dimensions of each defined risk (context, business impact (and the likelihood it will occur) to determine a weighted risk score.
According to Gartner, in its API Security and management report, API security vulnerabilities will account for more than 50% of all enterprise data loss by 2025. This is because security risks are shifting from the user interface to the API as web and cloud applications proliferate, creating blind spots in legacy approach that prevent enterprises from maintaining a sound risk posture. Wib’s high-definition risk engine equips organizations to fight back with crystal-clear clarity of API risks, enabling a risk ranking methodology that exemplifies the recommended approach of OWASP, the internationally recognised authority for API security standards.
Wib VP of Products, Gil Shulman, said: “If you can’t prioritise risks you can’t have an effective defensive strategy. Just as a high-definition screen uses detail to show you a clearer picture, our high-def engine provides a very granular view of every risk. But the detail is no use without understanding the context. Not all APIs are equal so our solution takes business impact into account. It puts a higher weighting on those involved in customer data or payment information, for example.”
Wib and API risks
Wib’s rankings are based on:
Multi-lens information gathered from data sources across the API lifecycle – coding, testing and production.
Context and impact for each API, which are determined by factors such as the value of the data, importance of the process and the regulatory or financial consequences of a successful attack
The probability of an attack occurring – assessed using a mix of technical criteria, such as misconfiguration and incident history, with analysis of the incentives for the attacker and the difficulty of launching an attack.
This data is automatically combined to provide weighted risk scores for each API.
Shulman adds: “Almost everyone in the API security market claims to produce a risk score, but when you dig deeper into these methodologies, they don’t differentiate between APIs or rank risks according to business context. The purpose of ranking is to tell you what’s most important and help the SOC and incident response teams to decide what to do about it. Insights are only useful if they’re actionable.”