Richard Bird

you have to look at the reality of a next-gen set of capabilities because the first and second gen have shown themselves incapable of being able to apply the necessary level of granularity and context to achieve API security. So the first is admitting you have a problem.

you have to look at the reality of a next-gen set of capabilities because the first and second gen have shown themselves incapable of being able to apply the necessary level of granularity and context to achieve API security. So the first is admitting you have a problem.

you have to look at the reality of a next-gen set of capabilities because the first and second gen have shown themselves incapable of being able to apply the necessary level of granularity and context to achieve API security. So the first is admitting you have a problem.

The second, truthfully, from a pure outcomes standpoint, evaluate your current tool base and recognize that in every API security breach of the last decade, Six years, every one of those organizations had a web application firewall or CDN in place. So why did they get breached if those technologies are now telling them we could have stopped that or we can stop that?

The second, truthfully, from a pure outcomes standpoint, evaluate your current tool base and recognize that in every API security breach of the last decade, Six years, every one of those organizations had a web application firewall or CDN in place. So why did they get breached if those technologies are now telling them we could have stopped that or we can stop that?

The second, truthfully, from a pure outcomes standpoint, evaluate your current tool base and recognize that in every API security breach of the last decade, Six years, every one of those organizations had a web application firewall or CDN in place. So why did they get breached if those technologies are now telling them we could have stopped that or we can stop that?

And then the next step is to move into where API security is actually happening today from a startup and solution standpoint, which is in the API security platform space. and recognize that this is a holistic effort, not a point solution. It's not enough to know all the APIs that you have. You need to understand the risk and criticality of those APIs.

And then the next step is to move into where API security is actually happening today from a startup and solution standpoint, which is in the API security platform space. and recognize that this is a holistic effort, not a point solution. It's not enough to know all the APIs that you have. You need to understand the risk and criticality of those APIs.

And then the next step is to move into where API security is actually happening today from a startup and solution standpoint, which is in the API security platform space. and recognize that this is a holistic effort, not a point solution. It's not enough to know all the APIs that you have. You need to understand the risk and criticality of those APIs.

It's not enough to test those APIs, say, on the AST DevOps side of the equation. You need to be able to address the current vulnerabilities and risk associated with the APIs that have been in production in your organization for years. Threatened vulnerability management. It's not enough to understand signature attacks from a tooling standpoint.

It's not enough to test those APIs, say, on the AST DevOps side of the equation. You need to be able to address the current vulnerabilities and risk associated with the APIs that have been in production in your organization for years. Threatened vulnerability management. It's not enough to understand signature attacks from a tooling standpoint.

It's not enough to test those APIs, say, on the AST DevOps side of the equation. You need to be able to address the current vulnerabilities and risk associated with the APIs that have been in production in your organization for years. Threatened vulnerability management. It's not enough to understand signature attacks from a tooling standpoint.

You have to have a platform that has the capability to divine and understand unknown unknowns because it's comparing known normal of an API, what that spec is, to how that API is being abused and used for bad purposes.

You have to have a platform that has the capability to divine and understand unknown unknowns because it's comparing known normal of an API, what that spec is, to how that API is being abused and used for bad purposes.

You have to have a platform that has the capability to divine and understand unknown unknowns because it's comparing known normal of an API, what that spec is, to how that API is being abused and used for bad purposes.

And unless you understand the delta between those two, then you're always going to be relying on somebody giving you vulnerabilities in the old kind of semantic AVG way of giving you a subscription list, as opposed to finding those exploits and vulnerabilities without having to sign up for all of that research feed. And then I think finally, you have to look at an API security tool

And unless you understand the delta between those two, then you're always going to be relying on somebody giving you vulnerabilities in the old kind of semantic AVG way of giving you a subscription list, as opposed to finding those exploits and vulnerabilities without having to sign up for all of that research feed. And then I think finally, you have to look at an API security tool

And unless you understand the delta between those two, then you're always going to be relying on somebody giving you vulnerabilities in the old kind of semantic AVG way of giving you a subscription list, as opposed to finding those exploits and vulnerabilities without having to sign up for all of that research feed. And then I think finally, you have to look at an API security tool

from the standpoint of what will come next, which is a move into runtime protection, where a signal will be taken off of that intelligent engine that's comparing normal to abnormal. And then that signal will be passed to an application to a microservice

from the standpoint of what will come next, which is a move into runtime protection, where a signal will be taken off of that intelligent engine that's comparing normal to abnormal. And then that signal will be passed to an application to a microservice