Upwind Introduces Automatic Discovery of API Sensitive Data Flows to Enhance API Security in the Cloud
SAN FRANCISCO, October 22, 2024 (Newswire.com) - Upwind introduces to its platform a major advancement in its API Security capabilities – the automatic discovery and classification of sensitive data flows. This new feature enables organizations to proactively identify and secure sensitive data transmitted through APIs, enhancing overall data protection and reducing risk.
With the rapid growth of APIs, they have become a significant target for cyberattacks. According to recent research by CheckPoint, attempts to attack Web APIs have escalated by 20% during 2024, affecting 1 of 4.6 organizations every week. Upwind’s new feature is designed to handle this growing threat and enable organizations to better protect their most sensitive data.
Upwind can now automatically track and classify sensitive data routes and classify them as PCI (Payment Card Industry), PII (Personally Identifiable Information), and PHI (Protected Health Information). By detecting sensitive data patterns at the packet level, Upwind ensures that all sensitive information remains secure, with no data sent outside of the customer’s environment. When an API request contains sensitive data, Upwind assigns it a sensitive data tag and classifies it by type, such as PCI for credit card numbers or PII for personal identifiers.
This new ability uses Upwind's eBPF-based sensors to detect API samples and later analyze them to make it easy for security teams to pinpoint areas where they may be at elevated risk due to sensitive data flows. By using eBPF, Upwind avoids relying on expensive, traditional techniques such as traffic mirroring or relying only on static API definitions, which are often incomplete or out-of-date.
This new feature strengthens Upwind API security abilities, which use the rich data and context from workload behavior at the runtime level to effectively secure against API-based threats and attacks. Upwind’s API Security solution dynamically catalogs and maps any organization’s APIs in real-time and analyzes actual traffic, using eBPF to ensure minimal performance overhead and provide unparalleled visibility.
With Upwind’s automated tracking, organizations can easily understand and prioritize security risks related to API data flows, enabling faster remediation efforts and a proactive approach to sensitive data security.
Amiram Shachar, Upwind Co-Founder and CEO: "Upwind’s API security for sensitive data flows was designed to empower security teams by cutting through the noise and zeroing in on the most critical risks. As API traffic continues to surge, it’s crucial that organizations have the tools to not only identify vulnerabilities but also address them before they lead to breaches. Our goal is to provide a clear path to securing sensitive data in real-time, helping businesses stay ahead of an increasingly complex threat landscape."
About Upwind
Upwind is the runtime-powered cloud security platform that leverages runtime data to secure your cloud infrastructure, saving security teams countless hours of work by pointing them directly to the root cause of critical risks. It was founded by Amiram Shachar and his founding partners from Spot.io (which was sold to NetApp for $450 million) and is backed by top cybersecurity investors Greylock, Cyberstarts, Leaders Fund, Craft Ventures, Cerca Partners, Sheva, a VC fund founded by former NBA player Omri Casspi, and Penny Jar, a VC fund backed by NBA superstar, Steph Curry. The company secured $80 million in funding within only 11 months.
Source: Upwind