Google fights bots and alerts workspace admins • The Register

Google added API security tools and Workspace (formerly G-Suite) admin alerts about potentially risky configuration changes like resetting super admin passwords.

The API capabilities — aptly dubbed “Advanced API Security” — are built on top of Apigee, the API management platform that the web giant bought for $625 million six years ago.

As API data makes up more and more web traffic — Cloudflare says more than 50 percent of all traffic processed is API-based and growing at twice the rate of traditional web traffic — API security is becoming an increasingly important concern for businesses. Malicious actors can use API calls to bypass network security measures and connect directly to backend systems or launch DDoS attacks.

A study conducted by the Marsh McLennan Cyber ​​Risk Analytics Center on behalf of application security shop Imperva analyzed 117,000 cybersecurity incidents and put a price tag on insecure APIs – blaming annual losses between $41 billion and $75 billion worldwide became.

Google’s answer to these problems includes two API security features available in preview: one that identifies API misconfigurations and another that detects bots. The former assesses an organization’s managed APIs, identifies proxies that do not meet security standards, and recommends actions when it detects configuration errors.

Google Cloud Product Lead Vikas Anand pointed out a healthcare use case for this API security feature. In this scenario, a hospital enters a patient’s health insurance information into an API-enabled system that is shared with insurance companies to determine if the plan covers a specific drug or procedure.

“Due to the often sensitive nature of the transmission of personal health information, it is important that the necessary authentication and authorization policies are implemented so that only authorized users, such as an insurance company can access the API,” Anand wrote in a post.

“Advanced API Security can detect when these required policies have not been applied, an alert that can help reduce the surface area of ​​API security risks,” he added.

The second feature detects malicious bots in API traffic. It uses rules, each representing a different type of anomalous traffic from a single IP address. And once a traffic pattern meets one of these rules, the security system flags it as a bot.

“Furthermore, Advanced API Security also speeds up the process of identifying data breaches,” Anand told reporters during a news conference. It does this by identifying bots that led to it HTTP 200 OK Success status response code, he explained.

Also this week, Google alerted admins that they will soon receive additional notifications in the event of potentially nefarious changes to their Google Workspace configurations. The phased rollout of this feature began Tuesday and may take up to 15 days.

How it works: When the audit log records a primary admin change – this includes a password reset for a super admin account or SSO profile changes, e.g. B. adding, updating or deleting a third-party SSO profile – then the Alert Center sends admins an email about the event.

Google plans to add more alerts for “high-risk actions” in the future, the cloud company noted in an update.

“These additional intelligent alerts will closely monitor multiple sensitive actions, making it easier for administrators to stay on top of high-risk changes to their environment and potentially malicious actions by attackers,” it explained. ®

Comments are closed.