APIs increasingly make the world go round – but they also represent a huge vulnerability to determined cyber attackers, warns security platform Akto. The California-based start-up, which is today announcing a $4.5 million seed funding round, thinks it has the answer.
For the uninitiated, an application programming interface (API) is a piece of software that enables two different computer programmes to talk to each other – think of a retailer requesting your details from your bank when you pay for something, or a price comparison service fetching quotes from car insurers’ websites. APIs are therefore vital as the world interacts ever-more digitally.
The problem, explains Akto co-founder Ankita Gupta, is that cyber criminals are keen to target these links between different programs. “APIs constantly fetch data from one place and take it to another, and they’re hugely vulnerable while doing so,” she says. “Some of that data might be harmless – but what if it’s your confidential personal details, or your payment information?”.
It’s not an idle warning. One recent report documented a 700% increase in API attack traffic over the past year, while market research specialist Gartner thinks APIs will turn out to be the most commonly-used attack vector of 2022 for cyber criminals. One recent high-profile breach, which saw 9.8 million consumer data records exposed at the Australian telecoms business Optus, has been widely blamed on an API weakness.
“This is what we’re trying to solve for,” adds Gupta. “Until now, there has been no automated security solution for API protection – our plug-in-and-play platform closes that gap.”
Akto’s platform offers two crucial services, the company argues. First, once it’s installed, it will identify every API that your business is exposed to. One problem many businesses have, Gupta explains, is they simply can’t keep track of all the APIs to which they are linked through relationships with other organisations and developers. Akto will therefore provide an instant directory of these links, rather than requiring IT to waste valuable time trying to stay abreast of them.
Second, the company maintains a constantly-updated list of known API vulnerabilities and weaknesses; its software then scans customers’ APIs for any of these issues and, where it finds them, offers advice on ow to put it right.
In an ideal world, says co-founder Ankush Jain, customers will use Akto’s platform before agreeing to deploy partners’ APIs – and thus head off problems in advance. But the platform can also be used to scan APIs already in use for vulnerabilities – and to keep scanning APIs as the list of known weaknesses is updated. “It is better to identify these issues as early as possible,” says Jain. “But you need to keep scanning to stay on top of the issue.”
Akto founders Ankush Jain and Ankita Gupta
Launched at the end of last year, Akto has been working with customers on a closed beta basis, though it has already scanned more than 100,000 APIs for customers around the world. Part of its appeal, the users say, is that the platform can be up and running very quickly, scanning the customer’s API exposure within minutes of installation.
The next stage for Akto is to launch commercially. It will operate as a software-as-a-service business, offering a free “community” version of its platform for those who need only limited functionality and have limited numbers of APIs. “Team” and “Enterprise” versions of the platform will carry a monthly subscription fee.
“We want to launch the largest API security platform in the world over the next few years,” says Gupta. She believes Akto’s Community can attract as many as 10,000 new joiners by the end of the first quarter of 2023.
The growth plan will be supported by the additional financial firepower that today’s seed round gives the company. The $4.5 million is coming from Accel India, which is leading the round, as well as a group of angel investors, and is earmarked for further product development, as well as market outreach.
“APIs are pervasive – they are the glue that enables any software to provide rich functionality – but until recently, not much thought was given to securing them,” says Prayank Swaroop, a partner at Accel India. “Akto’s approach and technology provides a reliable, scalable, easy-to-install and accurate API security solution.”
