Which vendors lead the API security solution market? With over 80 API protection solutions available, financial institutions can easily be confused about which solution to choose.

Hackers are continually looking for ways to exploit API vulnerabilities, of which there is no shortage. Since 1999, there have been over 3,600 vulnerabilities involving APIs. 2023 is shaping up to be a banner year, with 342 API vulnerabilities reported in the Common Vulnerability Enumeration database already as of April 2023. On the one hand, APIs give application development teams great power, but on the other, they introduce potentially significant vulnerabilities.

According to Datos Insights’ 2023 Cybersecurity Trends You Need to Know About report, API security is number two of the 10 top concerns of security teams. With over 80 API protection solutions available, financial institutions and insurance companies can easily be confused about which solutions best address their API threat landscape.

To help organizations wade through the marketing noise and product clutter, Datos-Insights recently completed an in-depth analysis of the API security solution market, including extensive voice of the customer research, on four stand-alone API security solutions used by over 240 organizations. This analysis, published in the new report Datos Insights Vendor Guide: API Security Solutions, serves as a buyer’s guide for organizations seeking a stand-alone API security solution.

Participants of this report represent startup and scaleup vendors that submitted their API security solutions to 100 points of evaluation scrutiny. The report also dives into the market history, size, investment, API threats, and standards. Web application and API protection solutions (WAAPs) are encroaching on distributed denial of service (DDoS), web application firewall (WAF), and bot defense solution markets—organizations would rather acquire an integrated solution that addresses all their web application and API security needs than acquire singular solutions.

Cequence and Salt Security achieved best-in-class in the 2023 Datos Insights Vendor Guide. Both API security solutions scored solidly across all four categories. Cequence (96.3%) edged out Salt Security (92.4%), mainly in the vendor stability category.

In addition to identifying these two vendors as leading the market, our team noted several key findings, including:

Modest market size, despite healthy compound annual growth rate (CAGR): The API security solution market size is projected to reach US$289 million in 2023. The market is estimated to grow at 24% CAGR, reaching nearly US$700 million in 2027, half the size of the WAAP solution market.

Managed API security solutions grow in popularity: Customers and prospects prefer solutions where the provider takes care of the heavy lifting of API protection. Many organizations lack API security expertise and access to API threat intelligence to protect APIs effectively. Customers, however, must recognize they still own the risk.

Solutions are pricey but offer substantial value: Stand-alone API security solutions are a six-figure decision for most organizations. Entry-level pricing can begin below US$100,000, but the annual recurring revenue (ARR) can quickly grow based on use and adoption. Despite the cost, customers are staunchly supportive of their investment and the value stand-alone API protection products provide.

To learn more about the products covered in this research, check out Cequence, FireTail, TeejLab Inc., and Salt Security. This report is part three of a four-part series on API security. To read the predecessor reports, API Security: Market Landscape, March 2023, and Web Application and API Protection (WAAP): Market Landscape and Product Deep Dive, July 2023. Contact me here to ask any API-related questions or share your API protection experiences.

About the author

Tari Schreider, C|CISO, CRISC, ITILf, and MCRP, is a Strategic Advisor at Datos Insights specializing in cybersecurity, information assurance, security program architecture, and maturity improvement. He lives in metropolitan Atlanta and brings more than 40 years of security, privacy, and recovery management to Datos Insights.

Tari is an author of top-rated cybersecurity architecture and law books and is a master instructor of chief information security officer (CISO) certification courses. He is a co-author of a U.S. patent titled Method for Analyzing Risk. He has designed security operations centers, was responsible for creating the first Information Sharing and Analysis Center in collaboration with the Information Technology Association of America (IT-ISCA), and has created complex cybersecurity programs in many industries and international locations. Tari is a member of the Writers Board for CISO MAG.

Prior to joining Datos Insights, Tari was a distinguished technologist and Chief Security Architect for Hewlett Packard Enterprise, Vice President of Global Operations for Internet Security Systems, Director of Security and Disaster Recovery Services for Sprint E-Solutions, and the Managing Partner of Contingency Planning Research.