SAN FRANCISCO, CA--(Marketwired - April 07, 2016) - Distil Networks, Inc., the global leader in bot detection and mitigation, today announced Distil API Security, a service that protects vulnerable Application Programming Interface (API) endpoints from malicious traffic. The Distil API Security solution protects all types of APIs including those serving web browsers, mobile applications, and Internet of Things (IoT) connected devices. Distil API Security defends against developer errors and automated API scraping, as well as web and mobile API hijacking.
Due in large part to a rise in API-centric development, an approach in which web, IoT, and mobile applications are designed to pull data from backend services via API calls, APIs are becoming an increasingly integral part of the digital world. However, many organizations struggle to manage the security of APIs, relying on simple authentication tokens or basic IP rate limiting to guard these critical attack vectors.
According to a recent Ovum survey of 100 IT and security professionals, 30 percent of APIs are designed without any input from the security team, and 27 percent of APIs proceed through the development stage without the security team weighing in. Even ownership of API security is seemingly up for debate; according to the same Ovum survey, 53 percent of respondents believe security teams should be responsible for API security, while 47 percent believe the developer teams should hold responsibility. Distil API Security addresses this problem by enabling IT Security or Dev teams to quickly add security to any API without any additional development burden and regardless of where they are in their API development cycle.
Distil API Security provides an easy-to-use service which tracks API usage across both identification tokens and IP addresses to detect and block malicious activity, developer errors, and abuse. Unlike competing solutions that only track usage based on IP addresses, Distil API Security also tracks API usage based on ID tokens, which is important as recent findings from the 2016 Distil Networks Bad Bot Landscape Report shows that 73 percent of automated attackers spread their attacks across multiple IP addresses.
"Many API security solutions track API usage through IP addresses which creates a new set of security challenges as users may change IP addresses, or rotate API tokens in order to circumvent rate limits," said Shane Ward from GuideStar, the world's largest source of information on nonprofit organizations. "Distil provides API security based on ID Tokens in addition to IP addresses, which allows me to enforce partner agreements and the terms of service for my APIs, even if a user tries to change tokens or dynamically changes IP addresses. This is a truly unique approach to API security which raises the bar above what has previously been available to secure APIs."