March 21, 2023 – APIs have been around for over 20 years. Today, the average number of APIs organizations use can range from 15,564 to 25,592, making APIs one of the largest known software components of an enterprise attack surface. Imagine not knowing what functions many of those APIs perform, how many versions exist, or that they even exist. On the one hand, APIs give application development teams great power, but on the other, they introduce potentially significant vulnerabilities.

This Impact Report serves as a primer for CISOs on API security and provides API vendors with a view of the market not previously disclosed by market research firms. Primary research involved interviewing select API security vendors (primarily located in Israel, the U.K., and the U.S.) from December 2022 through March 2023, and receiving product demonstrations to validate market assumptions and define a product categorization schema. Desk research also included white papers, API security standards, and industry publications.

Clients of Aite-Novarica Group’s Cybersecurity service can download this report.

This report mentions 42Crunch, Aiculus Pty Ltd., Akamai Technologies, Akana, Akto.io, APIIDA AG, Apiiro Ltd., APImetrics. APIsec, Appdome Inc., Arkose Labs, Axway, BalaSys, Barracuda Networks, Beagle Security, Bionic, BLST Security, Boomi, Cequence Security, Check Point Technologies, Checkmarx Ltd., Cloud Security Alliance, Cloudflare, CloudVector, Continent 8 Technologies, Contrast Security, Corsha, Inc., CriticalBlue Ltd., Crosscheck Networks, Curity, Datadog, Data Theorem Inc., Elastic Beam, Entersoft Security, eXate, F5, Fastly, FireTail, Forum Systems, Ghost Security Inc., Google, Gravitee.io, Hellman & Friedman, Impart Security Inc., Imperva, Indusface, Inigo Labs Inc., Kong Inc., L7 Defense, Micro Focus International PLC, Microsoft, Moesif, MuleSoft LLC, National Institute of Standards and Technology, Neosec, Nevatech Inc., Noname Security, Okta, Open Web Application Security Project, Orca Security Ltd., Palo Alto Networks, Pangea Cyber, Perforce Software, Ping Identity, Postman, Radware, Rapid7, Reblaze, Red Hat, Resurface Labs, Salesforce, Salt Security, Seekret, SmartBear Software, Software AG, Spherical Defence, StackHawk Inc., Synopsys, TeejLab Inc., ThreatX, Tinfoil Security, Tyk Technologies Ltd., Traceable AI, Veracode, Wallarm, Wib, and WSO2.