Google battles bots, puts Workspace admins on alert
No security alert fatigue here
Google has added API security tools and Workspace (formerly G-Suite) admin alerts about potentially risky configuration changes such as super admin passwords resets.
The API capabilities – aptly named "Advanced API Security" – are built on top of Apigee, the API management platform that the web giant bought for $625 million six years ago.
As API data makes up an increasing amount of internet traffic – Cloudflare says more than 50 percent of all of the traffic it processes is API based, and it's growing twice as fast as traditional web traffic – API security becomes more important to enterprises. Malicious actors can use API calls to bypass network security measures and connect directly to backend systems or launch DDoS attacks.
A study conducted by the Marsh McLennan Cyber Risk Analytics Center, commissioned by application security shop Imperva, analyzed 117,000 cybersecurity incidents and put a price tag on insecure APIs – deeming them responsible for annual losses between $41 billion and $75 billion globally.
Google's answer to these problems includes two API security features available in preview: one that identifies API misconfigurations and another that detects bots. The former assesses an organization's managed APIs, identifies proxies that don't conform to security standards and recommends actions when it detects configuration flaws.
Google Cloud's head of product Vikas Anand pointed to a healthcare use case for this API security feature. In this scenario, a hospital puts a patient's medical coverage information into an API-enabled system shared with insurance companies to determine if the plan covers a certain medication or procedure.
"Because of the often-sensitive personal healthcare data being transmitted, it is important that the required authentication and authorization policies are implemented so that only authorized users, such as an insurance company, can access the API," Anand wrote in a post.
"Advanced API Security can detect if those required policies have not been applied, an alert which can help reduce the surface area of API security risks," he added.
The second capability detects malicious bots within API traffic. It uses rules, which each represent a different type of abnormal traffic from a single IP address. And once a traffic pattern meets any of these rules, the security system flags it as a bot.
"Furthermore, Advanced API Security speeds up the process of identifying data breaches as well," Anand told reporters during a press briefing. It does this by IDing bots that resulted in the
HTTP 200 OK success status response code, he explained.
- Google's plan to win the cloud war hinges on its security aspirations
- US DOJ probes Google's $5.4b Mandiant acquisition
- EnemyBot malware adds enterprise flaws to exploit arsenal
- 381,000-plus Kubernetes API servers 'exposed to internet'
Also this week, Google put admins on alert that they will soon receive more alerts in the case of potentially nefarious changes made to their Google Workspace configurations. The gradual rollout of this feature started on Tuesday and could take up to 15 days.
Here's how it works: If the audit log records a change to the primary admin – this includes a password reset for a super admin account, or any SSO profile changes such as a third-party SSO profile being added, updated or deleted – then the Alert Center will send admins an email about the event.
Google plans to add more alerts for "high-risk actions" in the future, the cloud company noted in an update.
"These additional intelligent alerts will closely monitor several sensitive actions, making it easier for admins to stay on top of high risk changes to their environment and potentially malicious actions being taken by bad actors," it explained. ®