Name: Ep. 16 BOPLA-Driven API Security: Enforcing Process-Level Authorization for Threat Mitigation
Start: 2025-05-27T15:00:00Z
End: 2025-05-27T15:00:20.000Z
Location: BrightTALK
Rating: 5

Akamai is the cybersecurity and cloud computing company that powers and protects business online. Our market-leading security solutions, superior threat intelligence, and global operations team provide defense in depth to safeguard enterprise data and applications everywhere. Akamai’s full-stack cloud computing solutions deliver performance and affordability on the world’s most distributed platform. Global enterprises trust Akamai to provide the industry-leading reliability, scale, and expertise they need to grow their business with confidence. Learn more at akamai.com and akamai.com/blog, or follow Akamai Technologies on X and LinkedIn.

LLMs are becoming high-value attack surfaces — vulnerable to prompt injection, data exfiltration, AI-specific DoS, and output manipulation. Traditional security stacks have to evolve to see, understand, or stop these threats.

In this episode, we’ll take you under the hood of Akamai’s Firewall for AI — a purpose-built solution designed to protect generative AI and LLM applications from real-time exploitation. We’ll walk through the system’s architecture, policy models, and detection capabilities — and showcase a live demo of how it stops AI-layer threats otherwise missed.

You’ll learn:
- How Firewall for AI enforces security policies against prompt injection, jailbreaks, and abuse
- How configurable context-aware detections protect AI APIs and chat interfaces
- How organizations can monitor, control, and secure LLMs without disrupting performance or innovation

Whether you're deploying third-party models, fine-tuned internal copilots, or exposing AI via APIs — this session shows how to make AI defenses operational, scalable, and resilient by design.

Akamai is an approved ISC2 CPE Submitter Partner. Earn CPE Credits by watching our Webinar and providing us with your ISC2 Member ID number either in 'Question' or 'Rate this' section.

Firewall for AI: The Next Gen-AI Protection is Here

Cyber insurance premiums continue to rise, and insurers are increasingly refusing coverage to organizations with weak security postures. In this session, we will explore how Microsegmentation directly influences security readiness, premium costs, and coverage eligibility.

Join this engaging session to delve into:
- Methods of security evaluation by cyber insurers
- The impact of security readiness on insurance premiums and coverage eligibility
- Case study insights on the successful maintenance of insurance terms post a cyber-attack
- Strategies that turned network vulnerabilities into opportunities

Akamai is an approved ISC2 CPE Submitter Partner. Earn CPE Credits by watching our Webinar and providing us with your ISC2 Member ID number either in 'Question' or 'Rate this' section.

Lower Premiums, Stronger Security: Microsegmentation for Cyber Insurance

As AI continues to accelerate software development, new risks are emerging faster than most security teams can respond. Developers are building faster with AI-generated code, giving rise to “Shadow AI”: unsanctioned tools, agents, and automations that operate beyond the reach of visibility and governance. Every one of these AI workflows depends on APIs, and every hidden API represents potential exposure.

In this next session of Akamai’s “APIs in the Age of AI” series, experts from Akamai and Snyk unpack how to bring security back into focus. You’ll learn how AI is changing the way applications are built, why visibility into API schemas is the foundation of control, and how organizations can close the gap between AI-driven development and traditional AppSec.

What you’ll learn:

•How “Shadow AI” emerges across enterprises—and why APIs are at the center of it
•The risks of AI-generated code and agent-to-agent communication
•How visibility and schema discovery can eliminate blind spots in your API landscape
•Practical steps to integrate continuous API testing and runtime protection
•How Akamai and Snyk’s joint approach helps secure both the APIs and the AI systems they power
 
Join us to explore how to go from Shadow AI to Secure APIs—and how to safely accelerate innovation in an AI-powered world.

Akamai is an approved ISC2 CPE Submitter Partner. Earn CPE Credits by watching our Webinar and providing us with your ISC2 Member ID number either in 'Question' or 'Rate this' section.

APIs in the Age of AI: From Shadow AI to Secure APIs

In this final If APIs Could Talk session of 2025, we’ll review the most impactful updates to Akamai API Security that improved visibility, control, and usability across the platform. We’ll revisit how APIs from Code expanded discovery into source repositories, the Compliance Dashboard simplified framework alignment, and Automatic Testing for APIs enhanced validation of authentication issues directly from the inventory. We’ll also discuss how GenAI and LLM endpoint tagging helps teams monitor emerging AI-related APIs, and highlight key UI improvements that make investigation and data analysis more efficient. This session is designed for practitioners who want a clear understanding of what has changed, why it matters, and how to maximize the benefits of these capabilities in their day-to-day operations.

Ep. 22 - 2025 Recap: Features That Delivered Real-World Impact

Watch this video to learn how AI factories combine data, compute, and automation to continuously build, deploy, and evolve AI systems capable of delivering real-time intelligence at scale.

AI Factories

Cybercriminals are firmly on the naughty list this holiday season. From phishing emails to scams that exploit festive goodwill, social engineering remains one of the most effective tools in an attacker’s playbook.

In this on-demand episode of The SIG Download, Tricia Howard and Steve Winterfeld explore social engineering for both good and evil, counting down the “12 Threats of Christmas” and unpacking how these tactics are being used in real-world attacks.

In this session, you’ll learn:
- How social engineering drives modern attacks—and how it can also be used ethically
- Examples of real-world holiday-season scams and exploits
- Practical steps to help protect your organisation into the new year

Watch this festive and thought-provoking episode on demand.

Akamai is an approved ISC2 CPE Submitter Partner. Earn CPE Credits by watching our Webinar and providing us with your ISC2 Member ID number either in the 'Question' or 'Rate this' section.

SIG Download: Episode 25 – The 12 Threats of Christmas – Social Engineering for Good and Evil

Generative AI spending is projected to surge nearly 75% in 2025, as enterprises race to stay competitive while pursuing low-risk adoption strategies. This on-demand session explores key findings from The State of Enterprise AI study, revealing how organizations are approaching AI to drive value securely and at scale.

The research shows that leading enterprises are prioritizing proven use cases to quickly build AI fluency, deliver measurable ROI, and minimize security and operational risks. This strategic approach enables safe experimentation and lays the groundwork for future innovation.

Key Takeaways:
- How to balance AI innovation with built-in risk mitigation.
- Which AI use cases are delivering fast, measurable value today.
- Why infrastructure is critical for secure, scalable AI adoption.

Watch now to gain strategic insights and actionable guidance for your organization’s AI journey.

Forrester Insights: The State of Enterprise AI Adoption and Risk Management

Smarter, faster-moving cyberthreats, tighter regulations, and rising insurer demands have put network segmentation strategy back in the spotlight, but many enterprises are struggling to keep pace. Enterprise segmentation adoption is high, at a basic level. However, maturity, in the form of microsegmentation, remains low. Why the disconnect?

Independent research commissioned by Akamai reveals a clear gap between segmentation intent and execution, a gap leaving many enterprises exposed. Many enterprises still rely on legacy north–south segmentation approaches, making them vulnerable to growing cyberattacks, including those using generative and agentic artificial intelligence (AI).

Join us as we deep dive the data, and learn how early adopters, particularly large organizations with mature security operations, are already realizing multiple advantages:
- Lower insurance premiums
- Faster claims processing
- Stronger audit readiness
- Better ransomware outcomes

Akamai is an approved ISC2 CPE Submitter Partner. Earn CPE Credits by watching our Webinar and providing us with your ISC2 Member ID number either in 'Question' or 'Rate this' section.

Segmentation Impact Study 2025: Why Microsegmentation Matters Now

AI is redefining both innovation and attack surface. The rise of Agentic AI systems and autonomous AI bots has unleashed a new wave of threats — from intelligent scraping and adaptive fraud to Offensive AI models like FraudGPTand GhostGPT that automate reconnaissance and exploit generation.

This session explores the complex duality of AI as both attacker and target, examining the OWASP Top 10 for LLM Applications and highlighting a commerce-sector case study. Join Ryan Gao who uncovers how threat actors are exploiting vulnerabilities such as prompt injection, data poisoning, and model denial-of-service — and how organizations can enhance visibility, safeguard AI-driven traffic, and implement stronger controls to protect their AI environments.

Key Takeaways:
- Uncover AI’s dual risk — attacker and target.
- Understand the mechanics of Offensive and Agentic AI threats.
- See how AI-based bots operate in a real commerce case study.
- Explore the OWASP Top 10 for LLM vulnerabilities.
- Gain practical strategies to strengthen AI resilience.

Akamai is an approved ISC2 CPE Submitter Partner. Earn CPE Credits by watching our Webinar and providing us with your ISC2 Member ID number either in 'Question' or 'Rate this' section.

The Dual Nature of AI: Understanding AI as Both Target and Threat

DDoS attacks remain a persistent threat to network responsiveness and profitability. But they not only represent risk, they’re also an untapped opportunity.

Join Akamai and Corero Network Security for a 30-minute, informative conversation exploring DDoS challenges, and how they can become growth opportunities. 

You’ll discover:
-Four hidden challenges driving DDoS-related costs in service provider networks
-Why sub-second mitigation, in-network visibility, and distributed protection are essential
-How to create tiered DDoS protection offerings that your customers will pay for

This discussion will give you a framework to turn those DDoS disruption pain points into business advantages.

Turning Today's DDoS Challenges into Opportunities

Join Tricia Howard and Ryan Barnett for Episode 24 of The SIG Download. Ryan shares findings from his recent Black Hat research on how attackers exploit Unicode and encoding quirks to conceal malicious activity. They also break down the most significant attacks observed over the past 30 days and offer practical guidance on how to defend against them.

In this on-demand session, you’ll learn:
- How seemingly normal text can be weaponized
- The impact of Unicode confusables, casing, and truncation
- Recent real-world attacks and actionable mitigation strategies

Watch now to get the insights you need to strengthen your defenses.

Earn CPE Credits
Akamai is an approved ISC2 CPE Submitter Partner. Watch the webinar and provide your ISC2 Member ID in the Question or Rate This section to receive credit.

SIG Download: Episode 24 - Lost in Translation: When Benign Text Turns Malicious

Our latest research reveals how AI-driven bots are reshaping the digital landscape — from content scraping that undermines publishers to commerce surges exceeding 25 billion bot requests in just two months.

Watch this on-demand webinar to explore which regions and industries are seeing the sharpest rise in AI bot traffic, and learn how understanding bot identity and intent can help you distinguish between helpful and harmful automation.

In this session, you’ll learn:
• Why bot identity and intent are critical
• Where AI training bots introduce new challenges
• How OWASP guidance can strengthen fraud defenses while preserving good bot traffic

Speakers:
Moderator: Tricia Howard, Security Intelligence Group, Akamai
Presenters:
• David Sénécal, Director of Engineering – Fraud and Abuse, Akamai
• Tom Emmons, Principal Product Architect, Akamai

Akamai is an approved ISC2 CPE Submitter Partner. Earn CPE Credits by watching this webinar and providing your ISC2 Member ID number in the “Question” or “Rate this” section.

Watch the webinar on demand now and gain insights to help protect your business from the next wave of AI-driven threats.

SOTI Fraud and Abuse Report 2025: Navigating the AI bot surge

Cyberattacks are growing more sophisticated, leaving no industry untouched. As organizations expand digital operations and interconnect systems, the attack surface widens — particularly in high-target sectors like retail. One of the most dangerous tactics used by attackers is lateral movement, allowing them to silently escalate access and compromise critical assets.

When you're under attack, every second counts — and Akamai can help, whether you're a customer or not. From the moment a threat is detected, Akamai provides immediate support to contain and neutralize attacks in progress.

Organizations around the world rely on Akamai Guardicore to stop lateral movement through real-time microsegmentation, minimizing breach impact and securing high-value systems. And with Akamai Hunt’s proactive threat-hunting services, backed by behavioral analysis, anomaly detection, and IOC identification, even stealthy threats can be uncovered and addressed before they cause serious harm.

No matter your size, industry, or existing setup — if you're under attack, Akamai is ready to help.

Join us to learn how to:
- Contain ransomware with microsegmentation that stops lateral movement.
- Detect early-stage attacks using behavioral analysis and IOCs.
- Uncover stealthy threats through proactive threat hunting with Akamai Hunt.
- Implement Zero Trust controls across hybrid and cloud environments.

Akamai is an approved ISC2 CPE Submitter Partner. Earn CPE Credits by watching our Webinar and providing us with your ISC2 Member ID number either in 'Question' or 'Rate this' section.

Isolating Ransomware Attacks to Block Lateral Movement and Protect Critical Assets

Join host Tricia Howard (appearing as a zombie bot!) and legendary security expert Graham Cluley for a Halloween-themed dive into real-world cybersecurity scares. From insider schemes to AI-driven mischief, discover how human error, greed, and deception continue to haunt even the most secure systems.

In this episode, you’ll learn:
- How insider threats can manipulate systems for financial gain, including ransom diversions and fraud.
- The rise of AI-driven attacks and blackmail scenarios targeting organisations.
- How crypto-focused malware and hoax incidents highlight the evolving threat landscape.

Catch up on-demand.

Akamai is an approved ISC2 CPE Submitter Partner. Earn CPE Credits by watching our Webinar and providing us with your ISC2 Member ID number either in the 'Question' or 'Rate this' section.

SIG Download: Episode 23 - Night of the Living Threats – A Halloween Cybersecurity Special

Join Akamai's Director of Field Security Technology, Michael Villar, for a live webinar where we break down the microsegmentation playbook—what it is, how it fits into a Zero Trust architecture, and how to deploy it for maximum visibility and control. Whether you're defending your enterprise against lateral movement or isolating critical workloads, microsegmentation is your MVP for reducing risk.

In this session, you'll learn:
- How to tackle lateral movement and insider threats
- Key components of a successful microsegmentation strategy
- Real-world use cases and deployment tips

Akamai is an approved ISC2 CPE Submitter Partner. Earn CPE Credits by watching our Webinar and providing us with your ISC2 Member ID number either in 'Question' or 'Rate this' section.

Endpoints to End Zone: Build Your Microsegmentation Defense

In this "If APIs Could Talk" episode, we’ll explore the Akamai API Security integration with ServiceNow and how it helps organizations bring visibility and control to API security. APIs are often invisible to traditional asset management and security tools, leaving gaps in governance and response. With this integration, you can automatically push API data into the ServiceNow CMDB, link vulnerabilities to the AVR module, and give IT and security teams shared visibility and workflows for remediation. The session will include a walkthrough of how the integration works, examples of how API findings are surfaced in ServiceNow, and practical tips for streamlining response and closing security gaps more efficiently.

Akamai is an approved ISC2 CPE Submitter Partner. Earn CPE credits by watching our webinar and providing your ISC2 Member ID in the 'Questions' or 'Rate This' section.

Ep. 20 From Discovery to Remediation:  Managing API Security with Akamai and ServiceNow

Security buyers face endless claims about protection efficacy — but how do you separate marketing from measurable reality?

In this session, SecureIQLab and Akamai break down the results of the industry’s only recurring, standards-based comparative WAAP test. Join Cameron Camp, Analyst Security Researcher and Akamai’s Brent Maynard, to learn how independent testing is conducted, why resiliency and false-positive avoidance matter as much as detection rates, and where most vendors still fall short.

We’ll share Akamai’s top-performing results, key market learnings, and the practical questions every security leader should ask when evaluating a WAF or WAAP. Walk away with actionable insights to validate your current defenses and strengthen your buying decisions.

Want to learn more? Compare WAAP vendor efficacy data in this 2025 report: https://www.akamai.com/lp/report/2025-waf-comparison-report

Additional Resources:

-On-Demand Webinar: Extend WAF Protections: https://www.brighttalk.com/webcast/13169/646081
-Webinar: Adaptive Security Engine: Next-Gen WAAP: https://www.brighttalk.com/webcast/13169/651706

Independent Testing, Real Results:  How Secure Is Your WAAP?

In this "If Your APIs Could Talk" episode, we’ll take a closer look at the latest enhancements to Akamai Active Testing, designed to make API testing more flexible and scalable across development environments. We’ll cover new capabilities, including Extensible Secrets via Python Scripts, which allows teams to securely customize authentication for complex test scenarios; Active Testing support for Bamboo CI/CD, enabling seamless integration into existing DevOps workflows; and new OpenShift workers that expand test coverage for containerized applications. The session will include a walkthrough of these updates, practical examples of how they fit into the API security lifecycle, and tips for using Active Testing to identify and fix vulnerabilities earlier in the SDLC.

Akamai is an approved ISC2 CPE Submitter Partner. Earn CPE credits by watching our webinar and providing your ISC2 Member ID in the 'Questions' or 'Rate This' section.

Ep. 21 - Latest enhancements to Akamai API Security Active Testing

In this episode of If Your APIs Could Talk, we’ll dive into a new integration that brings together Akamai’s enterprise-grade API discovery with Snyk’s developer-focused DAST engine. One of the biggest blockers to effective API security testing is the lack of accurate, up-to-date API specifications, especially in large, distributed environments. That’s where this integration comes in.
 
You’ll learn how joint customers can now automatically feed APIs discovered by Akamai from traffic, code, and infrastructure into Snyk for rapid testing and remediation, all without manual schema uploads. We’ll show how this streamlines workflows, increases coverage, and helps both security and development teams reduce risk earlier in the lifecycle.
 
Whether you’re trying to shift API security left, boost test automation, or get more value from your existing tools, this session will walk you through how Akamai and Snyk are solving application security challenges together.

Akamai is an approved ISC2 CPE Submitter Partner. Earn CPE credits by watching our webinar and providing your ISC2 Member ID in the 'Questions' or 'Rate This' section.

Ep 19 - Akamai API Security + Snyk Integration Deep Dive

In this "If Your APIs Could Talk" episode, we’ll explore API Security Recon capability, now available to all Akamai API Security customers. Recon helps security teams gain an external attacker’s view of their attack surface by automatically discovering publicly exposed domains, misconfigured endpoints, leaked secrets, and other risks, without requiring traffic mirroring, internal access, or prior environment knowledge.

We’ll walk through how Recon maps your public-facing network footprint using open-source intelligence, performs lightweight detection of API exposures, and seamlessly surfaces validated findings in the platform. You’ll see how this capability enables organizations to proactively mitigate external API risk and enhance their overall security posture without incurring operational overhead.

Ep. 18 - Learn what your attackers see with API Security Recon

In this "If APIs Could Talk" episode, we’ll explore the latest enhancement to Akamai API Security’s code-based discovery capabilities: support for scanning GitHub Enterprise repositories. With this update, API Security can now automatically identify OpenAPI specifications and detect APIs written in Java and Python—adding them directly to your API inventory.The session will include a walkthrough of the setup process, a look at how code-level API discovery complements traffic-based visibility, and insights into how this feature helps eliminate blind spots and strengthen API governance.

Ep 17 Uncovering APIs in GitHub Repos

In episode 15 of "If Your APIs Could Talk" episode, we'll explore the new Compliance Dashboard in Akamai API Security. This powerful feature helps organizations track how their APIs align with major compliance and security frameworks like OWASP, PCI DSS, GDPR, ISO-27001, and NIST – offering a clear view of compliant vs. non-compliant APIs, open findings, and audit readiness over time. We’ll also highlight how this builds on existing compliance capabilities in the solution, including posture finding and runtime incident mapping to common compliance and security frameworks. The session will include a walkthrough of the dashboard, a look at how compliance data is surfaced throughout the platform, and tips for streamlining audits and reducing risk in regulated environments.

Ep. 15 - Enhancing API Compliance: A Deep Dive into Akamai’s New Compliance Dashboard

Imagine an attacker effortlessly accessing sensitive user data—simply by modifying an API request. In Episode 14 of If Your APIs Could Talk, we dig deep into Broken Object Level Authorization (BOLA), the #1 API security risk in the OWASP API Security Top 10 (2023), allows just that. This webinar unpacks how BOLA attacks happen, from unauthorized data exposure to full account takeovers, and why traditional access controls often fail. 

You’ll learn how to detect and defend against these threats using robust authorization models, API security gateways, and real-world mitigation strategies. Join us to expose the risks lurking in your APIs before attackers do.

Ep. 14 - The Hidden Dangers of BOLA

In Episode 13 of If Your APIs Could Talk, we explore how Akamai and Apiiro are transforming API security through their powerful integration. By combining Akamai’s API Security with Apiiro’s application security posture management (ASPM) platform, this partnership delivers unmatched visibility and protection for APIs from code to runtime. 

Learn how this partnership enables organizations to discover API vulnerabilities, map them to their source code, and empower developers with actionable insights to remediate faster. Together, Akamai and Apiiro bridge the gap between security and development teams, reducing risk, accelerating resolution, and fostering secure innovation. Join us to see how this collaboration redefines comprehensive API security.

Ep. 13 - From Code to Runtime: Akamai and Apiiro partnership

Join us for the next installment in our "If Your APIs Could Talk" series, where we dive into the most exciting and innovative product features we launched in 2024. In this session, we’ll explore the five most impactful updates to our API Security solution, from the ability to scan your GitHub repositories for API specs to the unique way we calculate attack confidence scores. Each feature we have developed has been designed to meet the evolving needs of our customers and push the boundaries of what’s possible with API Security solutions. 

What You’ll Learn:
- Code Repository Integrations: Discover how to seamlessly connect your GitHub repositories to API Security and add APIs in development to your library.
- In-app learning guides: Take advantage of the in-app learning resources to better understand how to use and get the most out of the product. 
- Active Testing Coverage Center: This unique feature in Active Testing provides practical guidance on fixing issues in your environments and API testing configurations. This ensures that each API can be successfully executed and thoroughly tested.
- Attacker Confidence Scoring: Our Attacker Confidence Engine utilizes context-aware machine learning algorithms to provide a confidence score for each attack. This enables you to prioritize incidents with the greatest potential impact.
- Inventory Classification Rules: The API classification rules automatically classify existing and newly added APIs, making API inventory management easier and accelerating issue remediation. 

Whether you’re a seasoned API Security user or just starting out, this webinar will provide you with valuable insights and practical tips to leverage these new features effectively. Don’t miss this opportunity to stay ahead of the curve and maximize the potential of our API Security solution in 2025 and beyond.

Ep. 12 - Top Product Highlights from 2024

In this "If Your APIs Could Talk" episode, we'll explore the Traffic Audit feature of the Akamai API Security solution. We'll introduce participants to Traffic Audit's powerful capabilities, including recording, visualizing, and analyzing API traffic within their environment. Traffic Audit allows users to easily identify and manage the risk exposure of suspicious users and unusual API behaviors by recording data flows and creating custom audits based on specific criteria. With Traffic Audit, users gain valuable insights into API activity, such as forensic analysis for specific attacks, investigation of suspicious user behavior, and troubleshooting API configurations.

The webinar will provide a comprehensive overview of how Traffic Audit works, including how to create audits that capture and retain traffic according to predetermined filters and rules. Don't miss this opportunity to learn about the innovative capabilities of Traffic Audit and how it can enhance your API security.

Ep. 11 - Deep Dive into API Security Traffic Audit Capability

In this episode of "If Your APIs Could Talk," we explore the Workflow Automation feature of Akamai API Security. This feature dramatically improves efficiency and productivity by simplifying the creation of multi-action workflows. It uses a user-friendly visual editor, customizable workflow samples, and over 300 pre-built connectors. In this session, you'll learn how to automate complex event response processes and synchronize incident-related data with third-party services like ServiceNow, JIRA, and Azure DevOps. We'll also provide examples of common workflow use cases, including: 

- Incident creation in ITSM solutions 
- Notifications to security and business teams 
- Data customization 
- Bi-directional sync with ticketing systems 
- Preventive workflows to block suspicious traffic 

Whether you're an existing user or considering Akamai API Security, this episode will provide valuable insights into using Workflow Automation to streamline your security operations.

Ep. 10 – Workflow Automation Deep Dive

In this "If Your APIs Could Talk" episode, we'll explore the Akamai API Security Native Connector feature. This new integration, built directly into our API Security solution, enables companies to send a copy of their Akamai Connected Cloud traffic to our API Security solution for analysis with just a few clicks. Enabling this integration provides complete visibility into your APIs across environments managed by Akamai, allowing for the detection of vulnerabilities and the ability to rapidly act on runtime incidents. The session will include a demonstration of the connector's seamless deployment, a technical explanation of how it works, and a spotlight on its operational benefits.

Ep. 9 - Akamai API Security Native Connector Deep Dive

In this episode of “If Your APIs Could Talk”, we will uncover intricate strategies used by cyber attackers through a real-life API breach, focusing on the vulnerabilities that were exploited to manipulate a major retailer's loyalty program. Discover the significant impact of these attacks and the measures you can take to reinforce defenses and avoid similar intrusions. This episode will help you learn more about the constantly changing landscape of API security and ways to safeguard your organization against advanced API threats.

Ep. 8 - Anatomy of an API Attack: Insights from a Real-Life Breach

If you've been wanting to double down on your API security strategy, now is the perfect time. Learn how you can locate legacy and undocumented APIs, monitor traffic to eliminate vulnerabilities, and prevent attacks in real-time. We'll show you how to integrate robust security tests, uncover data policy violations, and build security into your API development process.

With Akamai API Security's new flexible deployment options, extended intelligence across API traffic locations, and expanded suite of integrations as part of our acquisition of Noname security, you can protect your API environment across any platform.

Don't miss this chance to enhance your API security and take advantage of Akamai's new, advanced API protections for your organization.

Ep. 7 - Doubling Down on API Security

APIs are too often rushed into production without proper testing. This creates conflict between the economic demand for new business services and the security requirements to protect these new services. Plus, developers and DevOps teams are the ones who often perform API security testing since it is very technical and has a steep learning curve. 

Join this webinar to learn how testing your APIs doesn’t have to be a roadblock to your organization. With the right mindset and tools, you can reduce the cost of fixing security vulnerabilities, continue to deliver new functionality at breakneck speeds, and improve the security posture of your APIs.

Ep. 6 - Monitor Right & Shift Left: Reshaping API security with Advanced Testing

As generative AI and automation tools become more accessible, attackers are increasingly turning to AI to supercharge their efforts—and APIs are in the crosshairs. This webinar will dive into how threat actors are using AI to uncover, exploit, and scale attacks against APIs faster than ever before.

We’ll walk through real-world examples of AI-assisted reconnaissance and exploitation, and examine why traditional security tools often fail to catch these evolving tactics. Most importantly, we’ll show how defenders can fight fire with fire—using AI and machine learning to detect subtle anomalies, surface misconfigurations, and stop threats before they escalate.

You’ll learn:
 • How attackers are using AI to automate API discovery and exploit vulnerabilities
 • Common blind spots in API security defenses—and how AI is making them more dangerous
 • How modern API Security solutions use AI to detect, respond, and adapt in real time

If you’re responsible for securing APIs—or just want to understand the next wave of cyber threats—this is a session you won’t want to miss.
This session will guide attendees through the latest trends in AI-driven attacks, how attackers are using AI to attack APIs, and tips and tricks from our Threat hunting team on how they use automation to combat these fast growing threats.

AI-Assisted Attacks on API Security: What You Need to Know

Explore the lifecycle of an API with a focus on evolving security measures in episode 4 in the “If An API Could Talk” series. We will showcase how adopting a strong API security program leads to many different lenses of visibility including discovery, risk audits, and behavioral detection.

Gain insights through our recent State of the Internet report, real-world case studies on overcoming breaches and enhancing incident response. Join us to master API security best practices and stay ahead in the digital landscape.

Ep. 4 - A Year in the Life of an API: Chronicles of Security Evolution

As the reliance on APIs continues to surge, so does the scale of security threats aimed at exploiting data vulnerabilities. These threats highlight the need for effective data protection methods. Data tokenization and data encryption stand out as key techniques, each offering unique benefits and applications.

In our upcoming webinar, we'll closely examine these strategies, emphasizing the critical role of tokenization in safeguarding your API data.

Join us to explore the essentials of API data protection and discover the importance of tokenization in creating a robust security strategy. We'll demonstrate how tokenization ensures the safety of your data, maintaining its confidentiality, integrity, and accessibility in our digital era.

Ep. 3 - The Importance of Data Tokenization Over Traditional Encryption

Dive into the intricate realm of API Security Compliance with our second episode in our monthly series, If Your APIs Could Talk.  As organizations strive to meet stringent security standards, ensuring that APIs adhere to regulatory requirements becomes non-negotiable. In this session, our technical experts will guide you through the nuances of API security compliance, exploring topics such as data privacy, encryption protocols, and region-specific regulations. 

Join us for a comprehensive journey into the technical intricacies that power API Security Compliance. 

Don't miss this opportunity to decode the complexities and unveil the driving forces behind compliance in the API landscape. Register now.

Ep. 2 - What Drives API Security Compliance

In an era where data breaches and cyber threats loom large, safeguarding sensitive information within APIs stands as a paramount concern for organizations. Join us as Menachem Perlman, our Director of Solutions Engineering discusses the pivotal significance of secure data storage within API frameworks.

Join us in the first episode of our new monthly series on API Security, Join us to gain actionable insights and practical strategies for enhancing your API security posture through robust and secure data storage practices.

Don't miss this opportunity to fortify your organization's defenses and ensure the integrity of your API-driven operations. Register now for the series.

Ep. 1 - The Importance of Storing Data in Your API Security Strategy

If Your APIs Could Talk

APIs are a growing attack vector, exposing organizations to threats like unauthorized access, injection attacks, and abuse. Traditional access control models struggle to enforce business-specific authorization, leading to security gaps.

In episode 16 of If Your APIs Could Talk, we examine API3:2023, BOPLA (Business-Oriented Process-Level Authorization) as a solution for implementing fine-grained, context-aware access controls within APIs. We will cover key security challenges, real-world attack scenarios, and how BOPLA enforces dynamic policies to mitigate risks while maintaining performance and compliance.

Gain practical insights into integrating BOPLA with API gateways, designing scalable authorization frameworks, and applying policy-based access control that adapts to real-time business contexts. The session will also explore how BOPLA enhances security by leveraging attribute-based access control (ABAC), role-based access control (RBAC), and risk-aware authentication models. Additionally, we will discuss best practices for monitoring and auditing API access, ensuring regulatory compliance, and optimizing security without introducing latency.

Ep. 16 BOPLA-Driven API Security: Enforcing Process-Level Authorization for Threat Mitigation

API Security

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

Enterprise applications have become a crucial piece of infrastructure for many businesses. The enterprise applications community on BrightTALK features the latest insights in enterprise application integration, enterprise application architecture and EAS software. Join the community to gain access to thousands of videos and webinars presented by recognized enterprise information systems experts and arm yourself with the knowledge you need to succeed.

Enterprise Applications

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Ep. 16 BOPLA-Driven API Security: Enforcing Process-Level Authorization for Threat Mitigation

Presented by

About this talk

Akamai