Recent breaches suggest attackers are shifting beyond traditional endpoints to target application programming interfaces (APIs). But typical perimeter protections can completely miss this vector. “We used to talk about defense-in-depth and endpoint protection,” says Sean Murphy, CISO at BECU, a nationwide credit union. “That morphed into identity, and now the API is the new perimeter.” BECU’s backend architecture is heavily based on microservices and APIs, making this an important — and widening — surface to secure. “They’re your front door, and if you don’t know what the inventory of your APIs is, the attackers surely will find them.” With API-first development on the rise, API portfolios h...