APIs have made the world go ’round – but they also represent a major risk for cyber attackers, warns security platform Akto. A California-based startup, which today announced $4.5 million in seed funding, thinks it has the answer.
For the uninitiated, an application programming interface (API) is a piece of software that enables two different computer programs to talk to each other – think of a retailer asking for your bank details when paying for something, or comparing the price of a pickup service. Quotes from car insurance websites. APIs are therefore important as the world becomes more digitally connected.
The problem, explains Akto co-founder Ankita Gupta, is that cyber criminals are willing to target these links between different systems. “APIs are always fetching data from one place and taking it to another, and they are very vulnerable while doing so,” he said. “Some of that data is harmless – but what if it’s your personal information, or your payment details?”.
It is not an idle warning. A recent report showed a 700% increase in API attacks last year, while market research expert Gartner predicts that APIs will be the most commonly used attack by 2022 for cyber criminals. Another high-profile recent breach, which saw 9.8 million customer data records exposed at Australian telecoms firm Optus, has been widely blamed on API vulnerabilities.
“That’s what we’re trying to solve,” Gupta added. Until now, there hasn’t been an automated security solution for API security – our plug-and-play solution closes that gap.
Akto’s platform provides two important services, the company argues. First, once installed, it will identify every API your business is exposed to. One problem many businesses have, Gupta explains, is that they can’t keep track of all the APIs they connect to through relationships with other organizations and developers. Akto will therefore provide immediate management of these links, rather than requiring IT to spend significant time trying to stay on top of them.
Second, the company maintains a constantly updated list of known and vulnerable APIs; its software then scans client APIs for any of these issues and, where it finds them, offers recommendations on how to fine-tune them.
In an ideal world, says founder Ankush Jain, customers would use Akto’s platform before agreeing to deploy partners’ APIs — and thus stop problems early. But the platform can be used to scan existing APIs for vulnerabilities – and to keep scanning APIs as the list of known vulnerabilities is updated. Jain says: “It’s better to spot these issues early. “But you have to keep scanning to stay on top of this.”
Introduced at the end of last year, Akto has been working with customers on a closed beta basis, although it has already scanned more than 100,000 APIs for customers around the world. Part of its appeal, users say, is that the platform can be up and running quickly, scanning a customer’s API exposure within minutes of installation.
The next step for Akto is to start trading. It will operate as a software-as-a-service business, offering a free “public” version of its platform to those who need limited functionality and have a limited number of APIs. “Team” and “Business” versions of the platform will carry a monthly fee.
“We want to launch the world’s largest security platform in the next few years,” Gupta said. He believes that Akto’s Community can attract 10,000 new people by the end of the first quarter of 2023.
The growth plan will be supported by the additional financial firepower that today’s seed has given the company. $4.5 million comes from Accel India, which leads the round, and a group of angel investors, and is earmarked for further product development, and market access.
“APIs are ubiquitous — they’re the glue that makes any software rich — but until recently, little thought was given to securing them,” said Prayank Swaroop, partner at Accel India. “Akto’s approach and technology provide a reliable, scalable, easy-to-install and accurate solution for API security.”