69% of organizations have been compromised due to an unknown, unmanaged, or poorly managed external asset
49% of breaches in 2022 involved credentials
68% of enterprises experienced a business impact event and along with it increased costs related to an identity breach.
Static API keys are easy for threat actors to locate and steal. Stolen API keys and those from a trusted workload are identical. Bulk key replacement due to a breach is costly in reputation loss, financial impact, and erodes customer trust.
Equip public-facing API endpoints with trust verification capabilities to recognize ensure only API keys used by trusted third parties reach the API endpoint.
The security of API keys issued to third parties relies on the vigilance of the third party to secure them. Third parties may not secure their keys. All keys are passed between endpoints for authentication and lose their secrecy over time.
Equip trusted third parties with AMTD technology that makes the API keys the pass to the API endpoint distinguishable from stolen keys presented by an imposter third party.
Authentication requires passing keys between client and API endpoints exposing them to theft. Stolen keys are authenticated without verifying the user identity and trust. Authentication cannot prevent the use of a stolen API key
Equip trusted third parties to wrap their API keys in Synchronous Ephemeral Encryption (SEE) when making an API call. API keys in calls arriving from untrusted third parties are detected when they fail decryption and are rejected.