Radware® (NASDAQ: RDWR), a leading provider of cyber security and
application delivery solutions, today released its 2022 State of
API Security report. The survey, which was conducted with
Enterprise Management Associates, revealed a false sense of
security among organizations when it comes to API protection. The
survey includes responses from chief information officers, chief
technology officers, vice presidents of IT, and IT directors from
global organizations across North America, EMEA, and APAC.
According to the survey, API usage is on the rise. Ninety-two
percent (92%) of the organizations surveyed have significantly or
somewhat increased their API usage with 59% already running most of
their applications in the cloud. Additionally, almost 97% of
organizations use APIs for communications between workloads and
systems, highlighting the growing reliance on APIs in day-to-day
business operations.
The real and underestimated threat of undocumented
APIsWhile 92% of those surveyed believe they have adequate
protection for their APIs and 70% believe they have visibility into
applications that are processing sensitive data, 62% admit a third
or more of APIs are undocumented. Undocumented APIs leave
organizations vulnerable to cyber threats, such as database
exposures, data breaches, and scraping attacks.
“For many companies, there is unequivocally a false sense of
security that they are adequately protected from cyberattacks. In
reality, they have significant gaps in the protection around
unknown and undocumented APIs,” said Gabi Malka, Radware’s chief
operations officer and head of research and development. “API
security is not a ‘trend’ that is going away. APIs are a
fundamental component to most of the current technologies and
securing them must be a priority for every organization.”
Bot attacks remain a threat along with misperceptions
about API protection Nearly one third of companies (32%)
surveyed stated automated bot attacks are one of the most common
threats to APIs. In terms of detecting an API attack, 29% say they
rely on alerts from an API gateway and 21% rely on web application
firewalls (WAF).
Malka continued, “The survey data indicates that API protection
is not keeping up with API usage. Many organizations are basing
their API security strategies on false assumptions — for example
that API gateways and traditional WAFs offer sufficient protection.
This leaves APIs vulnerable and exposed to common threats, like bot
attacks. A comprehensive API protection solution, that includes bot
protection, will address these threats. But very few respondents
indicated that they had solutions that actually did or even had the
capability to provide effective security. Enterprise protection is
only as strong as its weakest link.”
API attacks are flying under the radarHalf of
companies surveyed viewed their existing tools as only somewhat or
minimally effective at protecting their APIs, with 7% reporting
that the solutions they have in place did not identify any attacks
at all. The inability of the existing tools to adequately protect
APIs from common threats further adds to the false security
narrative.
Open source contributes to the security
mythSixty-five percent (65%) of respondents believe that
open-source code is more secure than proprietary code and nearly
74% believe that container-based deployments and microservice
architectures are more secure than monolithic architectures and
deployments by default.
According to Malka, “The belief that open source is more secure
by design could explain why some organizations are lax when it
comes to patch management. Yet, as we have seen with Log4j and
Heartbleed, open source can have the same security flaws as
proprietary code. Believing that open source is inherently more
secure by default only further contributes to the false narrative
that leaves organizations vulnerable to cyber-attacks.”
The full report can be found on Radware’s website.
Notes to editors:METHODOLOGYIn
this exclusive research study conducted for Radware, Enterprise
Management Associates polled 203 individuals in Europe, Asia, and
North America, representing organizations of 1,000 employees or
more from more than ten different industry verticals. The majority
of those surveyed are either in executive or senior management
roles.
About RadwareRadware® (NASDAQ: RDWR) is a
global leader of cyber security and application delivery solutions
for physical, cloud, and software defined data centers. Its
award-winning solutions portfolio secures the digital experience by
providing infrastructure, application, and corporate IT protection,
and availability services to enterprises globally. Radware’s
solutions empower enterprise and carrier customers worldwide to
adapt to market challenges quickly, maintain business continuity,
and achieve maximum productivity while keeping costs down. For more
information, please visit the Radware website.
Radware encourages you to join our community and follow us on:
Facebook, LinkedIn, Radware Blog, Twitter, YouTube, and Radware
Mobile for iOS and Android.
©2022 Radware Ltd. All rights reserved. Any Radware products and
solutions mentioned in this press release are protected by
trademarks, patents, and pending patent applications of Radware in
the U.S. and other countries. For more details, please
see: https://www.radware.com/LegalNotice/. All other
trademarks and names are property of their respective owners.
THIS PRESS RELEASE AND THE 2022 STATE OF API SECURITY REPORT ARE
PROVIDED FOR INFORMATIONAL PURPOSES ONLY. THESE MATERIALS ARE NOT
INTENDED TO BE AN INDICATOR OF RADWARE'S BUSINESS PERFORMANCE OR
OPERATING RESULTS FOR ANY PRIOR, CURRENT, OR FUTURE PERIOD.
Radware believes the information in this document is accurate in
all material respects as of its publication date. However, the
information is provided without any express, statutory, or implied
warranties and is subject to change without notice.
The contents of any website or hyperlinks mentioned in this
press release are for informational purposes and the contents
thereof are not part of this press release.
Safe Harbor Statement This press release
includes “forward-looking statements” within the meaning of the
Private Securities Litigation Reform Act of 1995. Any statements
made herein that are not statements of historical fact, including
statements about Radware’s plans, outlook, beliefs, or opinions,
are forward-looking statements. Generally, forward-looking
statements may be identified by words such as “believes,”
“expects,” “anticipates,” “intends,” “estimates,” “plans,” and
similar expressions or future or conditional verbs such as “will,”
“should,” “would,” “may,” and “could.” For example, when we say
that API security is not a ‘trend’ that is going away, we are using
a forward-looking statement. Because such statements deal with
future events, they are subject to various risks and uncertainties,
and actual results, expressed or implied by such forward-looking
statements, could differ materially from Radware’s current
forecasts and estimates. Factors that could cause or contribute to
such differences include, but are not limited to: the impact of
global economic conditions and volatility of the market for our
products; natural disasters and public health crises, such as the
coronavirus disease 2019 (COVID-19) pandemic; a shortage of
components or manufacturing capacity could cause a delay in our
ability to fulfill orders or increase our manufacturing costs; our
business may be affected by sanctions, export controls, and similar
measures, targeting Russia and other countries and territories, as
well as other responses to Russia’s military conflict in Ukraine,
including indefinite suspension of operations in Russia and
dealings with Russian entities by many multi-national businesses
across a variety of industries; our ability to successfully
implement our strategic initiative to accelerate our cloud
business; our ability to expand our operations effectively; timely
availability and customer acceptance of our new and existing
solutions; risks and uncertainties relating to acquisitions or
other investments; the impact of economic and political
uncertainties and weaknesses in various regions of the world,
including the commencement or escalation of hostilities or acts of
terrorism; intense competition in the market for cyber security and
application delivery solutions and in our industry in general, and
changes in the competitive landscape; changes in government
regulation; outages, interruptions, or delays in hosting services
or our internal network system; compliance with open source and
third-party licenses; the risk that our intangible assets or
goodwill may become impaired; our dependence on independent
distributors to sell our products; long sales cycles for our
solutions; changes in foreign currency exchange rates; undetected
defects or errors in our products or a failure of our products to
protect against malicious attacks; the availability of components
and manufacturing capacity; the ability of vendors to provide our
hardware platforms and components for our main accessories; our
ability to protect our proprietary technology; intellectual
property infringement claims made by third parties; changes in tax
laws; our ability to realize our investment objectives for our cash
and liquid investments; our ability to attract, train, and retain
highly qualified personnel; and other factors and risks over which
we may have little or no control. This list is intended to identify
only certain of the principal factors that could cause actual
results to differ. For a more detailed description of the risks and
uncertainties affecting Radware, refer to Radware’s Annual Report
on Form 20-F, filed with the Securities and Exchange Commission
(SEC) and the other risk factors discussed from time to time by
Radware in reports filed with, or furnished to, the SEC.
Forward-looking statements speak only as of the date on which they
are made and, except as required by applicable law, Radware
undertakes no commitment to revise or update any forward-looking
statement in order to reflect events or circumstances after the
date any such statement is made. Radware’s public filings are
available from the SEC’s website at www.sec.gov or may be obtained
on Radware’s website at www.radware.com.
Media Contacts:Gerri
DyrekRadwareGerri.Dyrek@radware.com
RADWARE (NASDAQ:RDWR)
Historical Stock Chart
From Jun 2024 to Jul 2024
RADWARE (NASDAQ:RDWR)
Historical Stock Chart
From Jul 2023 to Jul 2024