![](data:image/svg+xml;charset=utf-8,<svg height="577" width="1024" xmlns="http://www.w3.org/2000/svg" version="1.1"/>)
Image credit: Jason Alden/Bloomberg/Getty Images
To coincide with the annual RSA cybersecurity conference, Google Cloud announced updates to Apigee, an API management and predictive analytics service designed to prevent business logic attacks.
Business logic attacks are flaws in app design and implementation that allow malicious actors to elicit unintended behavior. They can be difficult to identify and are very widespread. According to a study commissioned by Silver Tail Systems, between 2011 and 2012, 90% of businesses lost revenue due to business logic attacks.
To combat this kind of exploit, Google is introducing a new machine learning model in Apigee. It says it is trained to detect potential business logic attacks. Google Cloud is available to all Apigee Advanced API Security customers, and models trained on Google’s internal data exhibit subtle behaviors like attackers controlling servers to change their “activity patterns.” It claims to be sensitive enough to detect.
Google Cloud Product Manager Shelly Hershkovitz said in a blog post: “The model relies on years of learning and best practices.”
Alongside the model, Apigee introduces a dashboard that ostensibly more accurately identifies API abuse by finding patterns within a large number of alerts. As Hershkovitz puts it, the dashboard attempts to “capture the essence” of an attack, along with important characteristics such as the source of the attack, the number of API calls, and the duration of the attack.
“As API traffic grows, companies around the world are seeing more malicious API attacks, making API security a higher priority,” continues Hershkovitz. “We are making it faster and easier to detect API abuse incidents.”
![](data:image/svg+xml;charset=utf-8,<svg height="657" width="1024" xmlns="http://www.w3.org/2000/svg" version="1.1"/>)
Image credit: Apigee
As Hershkovitz points out, it’s true that concerns about API security are growing within enterprises. According to one study (conducted by an API security vendor, but with full transparency) API attacks spiked at the end of 2022, a 400% increase from a few months ago.
These attacks can be expensive. About 117,000 security incidents, he analyzed by Imperva, found that poor API security costs organizations between $41 billion and $75 billion annually. And another report from the Open Worldwide Application Security Project found that small businesses face the most API security events, with most incidents affecting businesses with revenues below $50 million, with each breach is hurting revenue even more.
According to Google’s own research (which should be taken very loosely), 50% of organizations have experienced an API security incident in the last 12 months. Of those, 77% delayed the rollout of new services and apps.
“It is critical that organizations detect and mitigate API abuse incidents early to prevent long-term financial and reputational damage to their business,” said Hershkovitz. “API security incidents are becoming more common and disruptive.”
