Prisma Cloud from Palo Alto Networks sponsored this podcast.
Palo Alto Networks Vice President of Product John Morello has for a long time talked about the basics that come with cloud native security. In this edition of The New Stack Makers podcast, hosted by Alex Williams, founder and publisher of The New Stack, Morello discusses how APIs are less the weakest link and more a bit of a victim of their own success. APIs have gained more attention and that in turn has made them a target for criminals to exploit. There are more people developing APIs, there are more people consuming APIs and there are more attackers who are exploiting APIs — and that makes the basics more important than ever both now and as more applications go online.
Security professionals need better intelligence, especially as bots and other forms of attackers get better at mimicking human behavior.
“The proliferation of applications of different kinds of attack patterns of different networks and environments that people run in has made it such that it’s impossible for human beings to really stay on top of that, given the rate of change and just the breadth of what’s in the environment,” said Morello. “And I think it’s up to all of us in the industry to help customers solve that problem by having greater levels of intelligence in how we protect the environment, and what we actually bother users — other human operators — with, so that we’re not just deluging people with a lot of data, but giving them data that they actually need to take some action on, that has to be taken action on by a human being.”
Appropriate security tools will thus not bombard security teams with low-priority alerts, or in the worst case, too many false-positives.
“I’ve often told people it’s very easy to build a security tool that alerts on everything that could possibly be bad, [that] you’re just going to end up with so much noise that you can’t do anything with it,” said Morello. “The real unmatched challenge right now, I think, is how do you create a level of learning that’s in the software that you use to protect those environments, so that you’re bothering the human operators as little as possible and only for things that really require that human intervention.”
Viable security platforms also need to be very API-savvy, in consideration of how APIs represent a common entry point for intruders. However, while APIs do not necessarily represent the weakest security link, the API is “oftentimes a thing that attackers will try to target more simply because it’s been designed explicitly to be programmatically accessible,” said Morello.
The API “mostly presents a more interesting kind of attack surface for somebody to go and probe and figure out what else it could be made to do, in addition to what it was intended to do,” said Morello.
Since microservices and decomposed applications are “really the direction you see many organizations running in, where those individual components are being explicitly designed to work together over the network, and thus are exposing more of their kind of internal mechanics over the network,” Morello explained. “It allows somebody who’s an attacker or somebody who has ill intent to really have a much wider range of endpoints, and they can probe a lot more things.”