The future of security is always changing—especially with an increasing number of organizations migrating their applications from on-prem to cloud environments. With this shift, securing distributed and mobile apps is becoming increasingly difficult. So, what new vulnerabilities exist in a hybrid environment? And, how can security professionals protect their IP in a borderless environment?

Radware, a global leader of cybersecurity and application delivery solutions for physical, cloud and software-defined data centers, hosted a thought leadership event to discuss these burning questions. On December 1st, they gathered a virtual expert panel atThe Future of Securing Apps and APIs to share strategies for protecting applications & APIs without disrupting other aspects of your business.

Here are a few top takeaways from our virtual roundtable on the 1st:

1. Leverage AI when possible

Adan Mendoza of VTX1 Companies said that while his team uses a WAF solution to keep things secure as they move from an on-prem to cloud solution, they also rely heavily on behavioral analytics and artificial intelligence to keep track of “normal” patterns.

If the AI detects an anomalous or suspicious behavior, such as never before seen activity or activity at an unexpected time of the day, the appropriate team members will be notified. This adds an added layer of security to their work environment.

2. Vulnerabilities are the biggest security problem for organizations

In June of 2022, Radware conducted a survey to try and figure out the current environment’s application attack distribution and what tools companies are using to protect their APIs. Prakash Sinha , the panel’s moderator, shared the results during the discussion.

The two biggest security problems found in production APIs in the past 12 months were authentication problems (38%) and vulnerabilities (47%). To protect against this, the most common tools were web application firewalls (WAF) and web application and API protection (WAAP).

3. Applications are more exposed than ever

Sam Satyanathan of Freddie Mac spoke about the difference between historic and current attacks. He said that while historic attacks happened on the network layer, every organization today is functioning off of APIs—creating a greater attack surface for bad actors.

“Not only do you have a base application, but you have single paid applications, [and] you have mobile applications, all of which use APIs behind the scenes. So, if those are not secured properly, it makes it a lot easier for hackers... to try to get into your business.”

4. How to satisfy developers & security teams

During the live Q&A at the end of the event, one participant asked about developers moving too fast on their projects without keeping security teams in the loop. In his example, developers are creating products to meet the business KPIs, and if security gets in the way, they’re slowing them down and creating a roadblock within the organization. So, how do you keep both parties happy?

Prakash shared a customer story and suggested a similar solution. Their team worked in a Kubernetes-based environment and automatically distributed a corporate-approved security profile to new deployments. In this way, security teams still have control over how services are exposed without hindering DevOps’s productivity.

4.Communication is key

Especially in a large organization, it’s critical to keep in constant communication across departments to maintain visibility over all systems in play. Adan stated, “Sometimes, we don’t know what we don’t know, so it’s important to stay in sync anytime... that something comes up.”

He also emphasized the importance of following best practices so that everyone’s in the loop on who’s responsible for updating which systems, etc.

If you’re interested in hearing more about the discussion with Radware and our expert panelists, simply fill out the form at the top of the page. We’ll send you the full panel recording, as well as exclusive, bite-size video clips from the event.