Richard Bird

Those creepy crawlers are definitely the APIs that are engineered to exchange information without a tremendous amount of oversight. And this is really interesting because I think we're in a time right now where so much of the attention is being put on catalog and discovery, on creating an inventory or directory of all the APIs that we're exposed to.

Those creepy crawlers are definitely the APIs that are engineered to exchange information without a tremendous amount of oversight. And this is really interesting because I think we're in a time right now where so much of the attention is being put on catalog and discovery, on creating an inventory or directory of all the APIs that we're exposed to.

Those creepy crawlers are definitely the APIs that are engineered to exchange information without a tremendous amount of oversight. And this is really interesting because I think we're in a time right now where so much of the attention is being put on catalog and discovery, on creating an inventory or directory of all the APIs that we're exposed to.

That focus tends to orient people towards their old line technology providers where they go, oh, I've got a CDN. I've got a web application firewall. And they should know because all the APIs go over those channels. The estimate is somewhere around 30% of your API traffic in any large enterprise actually goes through those connectivity points. So now you've got 70% that you can't see.

That focus tends to orient people towards their old line technology providers where they go, oh, I've got a CDN. I've got a web application firewall. And they should know because all the APIs go over those channels. The estimate is somewhere around 30% of your API traffic in any large enterprise actually goes through those connectivity points. So now you've got 70% that you can't see.

That focus tends to orient people towards their old line technology providers where they go, oh, I've got a CDN. I've got a web application firewall. And they should know because all the APIs go over those channels. The estimate is somewhere around 30% of your API traffic in any large enterprise actually goes through those connectivity points. So now you've got 70% that you can't see.

There's your creepy crawlers. You've got 70% that are interacting with each other across these applications and are also finding or being built with pathways out of your organization that either bypass or just functionally ignore those web application firewall tools and those CDN tools. Now you've got this really interesting space where You don't know exactly what the API is doing.

There's your creepy crawlers. You've got 70% that are interacting with each other across these applications and are also finding or being built with pathways out of your organization that either bypass or just functionally ignore those web application firewall tools and those CDN tools. Now you've got this really interesting space where You don't know exactly what the API is doing.

There's your creepy crawlers. You've got 70% that are interacting with each other across these applications and are also finding or being built with pathways out of your organization that either bypass or just functionally ignore those web application firewall tools and those CDN tools. Now you've got this really interesting space where You don't know exactly what the API is doing.

You don't know exactly what it's supposed to be doing. You definitely don't understand how it's currently behaving. And in the meantime, information, revenue, reputation are leaking out of whatever access pathway that API is being directed to to push things out externally or receive things internally.

You don't know exactly what it's supposed to be doing. You definitely don't understand how it's currently behaving. And in the meantime, information, revenue, reputation are leaking out of whatever access pathway that API is being directed to to push things out externally or receive things internally.

You don't know exactly what it's supposed to be doing. You definitely don't understand how it's currently behaving. And in the meantime, information, revenue, reputation are leaking out of whatever access pathway that API is being directed to to push things out externally or receive things internally.

So the creepy crawlers are really all the things that you don't know about in your environment that are associated with APIs that are not in any kind of channel where you can see them.

So the creepy crawlers are really all the things that you don't know about in your environment that are associated with APIs that are not in any kind of channel where you can see them.

So the creepy crawlers are really all the things that you don't know about in your environment that are associated with APIs that are not in any kind of channel where you can see them.

There's two very precise ones that have received a lot of publicity. First of all, they result in tens of millions of customer records being lost. One is a very large, one of the largest mobile carriers in the world. And the other was a healthcare services organization.

There's two very precise ones that have received a lot of publicity. First of all, they result in tens of millions of customer records being lost. One is a very large, one of the largest mobile carriers in the world. And the other was a healthcare services organization.

There's two very precise ones that have received a lot of publicity. First of all, they result in tens of millions of customer records being lost. One is a very large, one of the largest mobile carriers in the world. And the other was a healthcare services organization.

And in both of those cases, I think this is such a powerful example of why so many people in the survey that we presented said their current technology is so ineffective in finding these API exploits. The reason that these particular breaches were successful was because at some point an API was taken out of production, an API that was already resident.

And in both of those cases, I think this is such a powerful example of why so many people in the survey that we presented said their current technology is so ineffective in finding these API exploits. The reason that these particular breaches were successful was because at some point an API was taken out of production, an API that was already resident.