ThreatX has unveiled new sensitive data exposure capabilities for APIs that help security teams detect and visualize API transactions that contain sensitive user information (e.g., personally identifiable information) and authentication data. This will help boost the security of high-risk APIs, prevent data breaches, and meet compliance for privacy regulations such as Payment Card Industry (PCI) Data Security Standards (DSS) and the European Union General Data Protection Regulation (GDPR).
ThreatX’s sensitive data exposure capability is fully integrated within its API catalog 2.0. ThreatX’s API catalog provides a comprehensive solution for security teams to protect their APIs and sensitive API transactions, and investigate the threats targeting them.
ThreatX’s sensitive data exposure capabilities detect and visualize APIs that are most at risk of being targeted in an attack due to the sensitive data they contain. This helps organizations adhere to privacy regulations like PCI DSS and GDPR by identifying and monitoring API traffic containing personal information, payment card data, and authentication information that would expose the risk of unauthorized access to systems.
The risk of sensitive data loss is significant and can have serious consequences, such as identity theft, financial losses, damage to a brand’s reputation, and legal and regulatory fines. According to IBM’s 2023 Cost of Data Breach Report, nearly 40% of data breaches studied resulted in the loss of data across multiple environments including public cloud, private cloud, and on-prem—showing that attackers were able to compromise multiple environments while avoiding detection. The report found that data breaches that impacted multiple environments also led to higher breach costs ($4.75 million on average).
“The new sensitive data exposure capabilities will be an important tool for customers, particularly in the context of addressing key compliance requirements,” said Bret Settle, Chief Product Officer at ThreatX. “With this release, we continue our commitment to delivering a comprehensive solution for security teams to protect their APIs and sensitive API transactions, and investigate the threats targeting them.”