This post has been republished via RSS; it originally appeared at: Healthcare and Life Sciences Blog articles.
API Security has become a key concern for enterprises who are taking the plunge into digital transformation and technology modernization, as they seek to protect their data and systems from malicious actors and threats. In response to this, Microsoft has released Defender for Azure API Management (API Mgmt), a security add-on designed to protect your APIs from malicious attacks.
The main purpose of Defender for API Mgmt is to provide an extra layer of security for APIs that are exposed to the public. With this security add-on, organizations can detect malicious activity and suspicious access attempts on their APIs, as well as block access to or from known malicious actors. This helps to ensure that your APIs are only accessed by authorized users and that any attempted malicious activity is blocked.
Defender for API Mgmt consists of two main components – the gatekeeper, and the log analysis engine.
The gatekeeper helps to protect APIs from unauthorized access via a set of custom policies that can be configured to your preferences. These policies can be used to define the type of requests that are allowed, as well as set limits on the number of requests that are permitted. The gatekeeper can also detect anomalies and block unauthorized users from accessing your APIs.
The log analysis engine is designed to provide insights into traffic to and from your APIs. The engine gathers log data from your APIs and sends it to a unified dashboard, providing you with an overview of API traffic in a single view. This helps to quickly identify suspicious patterns or behaviour, allowing you to block access from unwanted users or take other necessary action.
Overall, Defender for API Mgmt helps to provide the necessary security measures for your APIs, enabling you to protect your data and systems from malicious actors. By setting up a strong security framework for your APIs, you can ensure that only authorized users are able to access your APIs and that any malicious attempts are quickly identified and blocked.
If you are looking to provide a stronger layer of security to your APIs, then Defender for API Mgmt is worth considering. With its comprehensive features, it can help you to detect and block suspicious activity, as well as provide you with insights into API traffic in a single view.
This feature is available in the Premium, Standard, Basic, and Developer tiers of API Management and in preview.
Capabilities of Defender for APIs include:
- Identify external, unused, or unauthenticated APIs
- Classify APIs that receive or respond with sensitive data
- Apply configuration recommendations to strengthen the security posture of APIs and API Management services
- Detect anomalous and suspicious API traffic patterns and exploits of OWASP API top 10 vulnerabilities
- Prioritize threat remediation
- Integrate with SIEM systems and Defender Cloud Security Posture Management
Below Microsoft documentation will help you to Enable advanced API security features using Microsoft Defender for Cloud
Protect your APIs with Defender for APIs - Microsoft Defender for Cloud | Microsoft Learn
Protect APIs in API Management with Defender for APIs | Microsoft Learn