Secful Aims to Automatically Detect and Thwart API Attacks in Real-Time

Secful aims to help companies identify attacks against their APIs and respond with a "custom-tailored" security-layer. The startup profiles its customers' legitimate API usage and analyzes usage data to identify abnormal patterns. Once an attack has been identified, Secful's website says the service can "provide a single attacker profile which contains a real-time attack-timeline" and respond in an automated fashion to thwart the attacker without "manual processes such as rules and policy updates."

Secful points to research showing that 84% of attacks are targeted at the application layer and according to the company, most attacks don't violate signature and rule-based security solutions. Those can be difficult to implement because each API is unique and have different vulnerabilities. It can also be challenging to keep signature and rule-based security solutions up-to-date as APIs evolve and new features are added. As a result of these challenges, many API breaches aren't detected until it's too late.

Secful is part of the Y Combinator Winter 2016 class. Y Combinator is a prominent Silicon Valley startup accelerator that has produced a number of prominent companies such as AirBnB, including a number of successful API-centric companies, including payments API provider Stripe.

Be sure to read the next Security article: FBI Apple Debacle Is a Reminder of How Fingerprint Sensors Actually Worsen Security