Wib Doubles Down on the need for Holistic API Security

17 May 2023

Calls out shortcomings in API and Application security approaches to the API Threat

Tel Aviv, May 17, 2023 – Wib, the fast-growth cybersecurity startup pioneering a new era in API security, used the recent RSA event to reiterate the need for a holistic approach to API security, delivering on that vision by unveiling the latest enhancements to its unique Fusion platform. In the wake of strong customer acquisition, positive endorsement from enterprise deployments and a growing demand for its innovative approach, Wib believes that without a holistic view of the entire API lifecycle, other current and emerging approaches to API security fall short, leaving CISOs faced with blind spots, false positives, complexity, and excessive costs when tackling their API security needs. Wib has been identified by independent analyst firm Futuriom as one of the pace setters in API security in the newly ‘API and Shift left security’ published report.

API security has become the latest frontier in the escalating cyber war, presenting one of the biggest threats faced by today’s digitally transformed organisations. According to figures from independent analyst firm Gartner*, 98% of organisations use or are planning to use internal APIs; 94% use or are planning to use third-party public APIs; 90% use or are planning to use private APIs provided by partners and 80% provide or are planning to provide publicly exposed APIs.

Chuck Herrin, CTO at Wib, used the RSA event to outline the need for a more holistic approach to the escalating API security challenge: “Traditional API security approaches are fragmented, leaving CISOs and DevSecOps teams with a siloed view of their API landscape and a false sense of security,” he said. “Using multiple point products to fix the problem is a recipe for disaster, creating blind spots that can easily lead to API exploits and abuse. By shifting as far left into the development cycle and shielding right, across testing and production environments we give security teams a holistic view of their entire API estate to enable them monitor and detect vulnerabilities and threats earlier in the API lifecycle, ensuring that production becomes the last line, rather than the only line, of defense.”

He explained that any effective defense strategy must be based not only on an organisation’s attack surface but must also understand how skilled attackers operate: “Wib’s core principle is ‘Your Defense Must be Informed by the Offense’, and this approach ensures our solution is always ‘relevant’ and ready to defend,” he added. “This methodology helped us build a robust, end-to-end defensive solution, ensuring that our customers are always allocating their resources wisely, focused on real risks and attack patterns we see in the wild as well as how our team of expert attackers abuse APIs and business logic in our offensive engagements.

Gil Shulman, VP Product at Wib adds whilst he cautiously welcomes some of the recent API security approaches, “The XDR-like approach is interesting if delivered truly holistically. In fact, the idea of collecting, analysing and correlating API data, providing visibility and context to identify API vulnerabilities and threats has been a driving factor behind the development of Wib’s API security platform powered by our innovative Fusion Engine technology. Through this holistic approach to the entire API lifecycle, we give DevSecOps teams a single unified view of the API threat landscape across code, test, and production. Furthermore, our ability to augment, enhance and integrate with existing security tools and programmes significantly reduces the complexity, resources, and costs inherent in other solutions, making it an extremely viable option for organisations to adopt into their existing security stack.”

“API security is fast rising up the agenda of critical security concerns, not least because businesses are increasingly relying on APIs to connect essential services and transfer key data,” commented Scott Raynovich, Founder and Principal Analyst with Futuriom. “A hacked API can lead to a serious data breach. It is often the case that web-enabled applications leave open a bigger attack surface area through exposed APIs than through user interfaces. Attackers know this and are upping their focus on APIs. That’s also why we’re seeing API security becoming a growing component of the “shift left” movement which moves focus to the development side of applications and infrastructure, pushing operational testing and cybersecurity technologies further up in the development cycle. We expect the shift left cybersecurity mindset to permeate many layers of cloud infrastructure – networking, code, operating systems, and hardware down to the memory level. All this needs to happen to implement better security policy and techniques in the code that runs in the cloud.”

In his latest Cloud Market Trend Report, Raynovich said: “API security is a growing area of need and Wib has thought through the problem in detail. Wib’s holistic API security platform provides continuous and complete visibility and control across the entire API ecosystem, protecting APIs from code through testing to production. It starts with discovering unknown APIs and keeping API inventory. Wib also enables developers to code with confidence and security teams to secure with surety. The API-first approach also manages the API attack surface and enables organizations to assess API security risk and prepare for audit.”

*Gartner Hype Cycle for API Security Report

About Wib

Wib is pioneering a new era in advanced API security with its industry first holistic API security platform. Providing continuous and complete visibility and control across the entire API ecosystem, Wib enables developers to code with confidence and security teams to secure with surety.

Wib’s elite team of developers, attackers, defenders, and seasoned cybersecurity professionals draw on real-world experience and expertise to help define and develop innovative technology solutions that enable customers with the identity, inventory and integrity of every API, wherever it may be within the development lifecycle, without compromising development or stifling innovation.

Wib is Headquartered in Tel Aviv, Israel with international presence in Dallas, USA and London, UK. It was founded in August 2021 by serial entrepreneur Gil Don (CEO), Ran Ohayon (CRO) and Tal Steinherz who previously served as the CTO of Israel’s national cyber directorate. Visit www.wib.com

Wib PR contact:

Krison Thakkar
Zonic Group PR
[email protected]
+1 408 458 8605

August 2nd, 2023

Wib launches high-definition risk engine – the first risk-ranking solution to meet OWASP standards for API security

API risks exposed in unprecedented clarity across the API lifecycle with weighted risk scores […]

> Read the news article

June 20th, 2023

Wib Announce Industry First Compliance Module to its Holistic API Security Platform

Revolutionizing organizations’ capability to meet Cybersecurity and API regulatory requirements Tel Aviv, Israel […]

> Read the news article

June 6th, 2023

Wib Signs Kite Distribution as First Distribution Partner in UK&I

Partnership to address growing demand for API security across the region Tel Aviv, […]

> Read the news article

May 23rd, 2023

APImetrics and Wib Security Partner to Close the Loop on API Performance, Compliance and Security

Combined offering enables API providers to discover, catalog, and actively monitor their secure APIs […]

> Read the news article

View more news

Cookie	Duration	Description
__hssc	30 minutes	HubSpot sets this cookie to keep track of sessions. This is used to determine if HubSpot should increment the session number and timestamps in the __hstc cookie. It contains the domain, viewCount (which increments with each pageview in a session), and session start timestamp.
__hssrc	session	HubSpot cookie sets this cookie to determine if the visitor has restarted their browser. If this cookie does not exist when HubSpot manages cookies, it is considered a new session.
_GRECAPTCHA	5 months 27 days	This cookie is set by the Google recaptcha service to identify bots to protect the website against malicious spam attacks.
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
CookieLawInfoConsent	1 year	CookieYes sets this cookie to store the user consent.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
__cf_bm	30 minutes	This cookie, set by Cloudflare, is used to support Cloudflare Bot Management.
_hjAbsoluteSessionInProgress	30 minutes	Hotjar sets this cookie to track the beginning of the user's journey for a total session count. It does not contain any identifiable information.
_hjIncludedInPageviewSample	2 minutes	Hotjar sets this cookie to know whether that visitor is included in the data sampling defined by your site's pageview limit.

Cookie	Duration	Description
__hstc	5 months 27 days	This is the main cookie set by Hubspot, for tracking visitors. It contains the domain, initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session).
_ga	1 year 1 month 4 days	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_ga_*	1 year 1 month 4 days	Google Analytics sets this cookie to store and count page views.
_hjFirstSeen	30 minutes	Hotjar sets this cookie to identify a new user’s first session. It stores a true/false value, indicating whether it was the first time Hotjar saw this user.
_hjRecordingEnabled	never	Hotjar sets this cookie when a Recording starts and is read when the recording module is initialized, to see if the user is already in a recording in a particular session.
_hjRecordingLastActivity	never	Hotjar sets this cookie when a user recording starts and when data is sent through the WebSocket.
hubspotutk	5 months 27 days	HubSpot sets this cookie to keep track of the visitors to the website. This cookie is passed to HubSpot on form submission and used when deduplicating contacts.

Cookie	Duration	Description
_hjIncludedInSessionSample_3388746	2 minutes	No description
_hjSession_3388746	30 minutes	No description
_hjSessionUser_3388746	1 year	No description
incap_ses_1177_2167377	session	No description
incap_ses_456_2167377	session	Description is currently not available.
referrerd7_003	1 month	No description
visid_incap_2167377	1 year	No description

Calls out shortcomings in API and Application security approaches to the API Threat

*Gartner Hype Cycle for API Security Report

Just dropped…!