Microsoft Defender for APIs enriches Defender CSPM capabilities.

We are excited to unveil the integration of Defender for APIs (Preview) and Defender CSPM in the Microsoft Defender for Cloud (MDC) to provide contextual API security findings and guide prioritized remediation.

Microsoft Defender for APIs, announced at RSA 2023, is the latest addition to our lineup of robust Defender plans in Microsoft Defender for Cloud. Defender for APIs helps organizations' business-critical APIs managed by Azure API Management with a holistic approach to prevent, detect and respond to API security threats with integrated cloud security context.

Improve API Security Posture:
Misconfigured APIs, including unauthenticated and inactive/zombie APIs, pose a significant threat to data security and broader web applications. These vulnerabilities can potentially expose sensitive information to unauthorized access and malicious exfiltration. The consequences of such breaches can be severe, leading to reputational damage and financial losses. Defender for APIs is designed to help you improve your API security posture within the context of your organizations' holistic cloud security by assessing the API misconfigurations and vulnerabilities. With a comprehensive set of assessment capabilities and sensitive data classification, the solution monitors for security best practices providing a defense in depth approach to empower organizations to stay protected from API attacks such as Broken Object Level Authorization (BOLA), injection and data exfiltration, especially when they are externally exposed. In addition, Defender for APIs goes a step further by providing actionable recommendations to harden APIs configurations, enhancing the overall application security posture. 

Unlocking the Power of Integration to prioritize API Security Posture Hardening:

Security teams often face the daunting task of managing numerous security signals and recommendations on a daily basis. This can lead to fatigue and make it challenging to effectively prioritize and address the most critical issues. Defender for Cloud’s Contextual Cloud Security Explorer, solves this problem by providing capabilities to identify highest-risk issues that need to be resolved first. With APIs accounting for over 83% of web traffic, they have become a prime target for attackers seeking to exploit the entry points into cloud assets and resources. The new integration capabilities expand the category of resources that can be directly queried within the Cloud Security Explorer across your API Management services, API Collections and API Endpoints within the subscription. With this unified view, you can gain a holistic understanding of your API security posture and make informed decisions to mitigate risks effectively.

For instance, the below query helps you to identify the API endpoints that are exposed to the internet and carry sensitive data over unencrypted protocols.

Another example with unauthenticated API endpoints exposed to the internet containing sensitive data in their request or response to prioritize remediation.

Getting Started

To start using the capabilities that Defender for APIs offer and leverage contextual Cloud Security Graph capabilities you need to -

• Enable Defender for APIs and onboard API endpoints to the plan.
• Enable Defender CSPM to see the API endpoint related insights within the Cloud Security Explorer.

Resources 

• To learn more about Microsoft Defender for APIs, check out our documentation 
• To learn more about Microsoft Defender CSPM and to build queries with Cloud Security Explorer, check out this link
• Check out our product launch announcement Microsoft Defender for APIs launch
• Learn more about our API Security Recommendations