Salt CEO on the Security Risks Around Agile API Development
Roey Eliyahu on Why Traditional Cyber Measures Can't Address Rapidly Changing APIsThe rapid pace of API development has created significant risk for companies given the amount of data that's being exposed, said Salt Security CEO Roey Eliyahu.
See Also: Breaking Down Silos With a Holistic View of Security, Risk
The security industry hasn't adapted quickly to address these problems since it's still used to relatively static APIs that were easy to guard and only updated once or twice a year, according to Eliyahu. But Agile development means APIs can now change once every two weeks, which has created major issues around discovering what to protect and ensuring that attacks against APIs don't fly under the radar (see: API Security: The New Imperative).
"If you think about security testing for APIs or assessment or security code reviews, they are not really scalable or not linear," Eliyahu said. "It depends on your security team size. Security teams did not grow as much as APIs grew. If you go from three APIs to thousands or tens of thousands of APIs, obviously, you don't have a thousand more people in your security org."
In this video interview with Information Security Media Group, Eliyahu also discussed:
- How generative AI and LLMs have affected the API security landscape;
- How API security benefits from starting with production environments;
- Why Salt is best suited for large enterprises and midmarket companies.
Eliyahu is a veteran of the elite cybersecurity unit, where he led development of high-end security systems to protect the largest network in Israel of the Israel Defense Forces and the government. He also led development of security system projects at Cigol Digital Systems, a military-grade security systems company, and founded the cybersecurity college that trains the next generation of leaders and prepares them for serving in the IDF’s elite security units.