Announcing API Threat Detection: Complete Application-Layer Coverage Across Cloud and Hybrid Environments

Stream platform has introduced a new API log collection capability, enhancing security teams' ability to monitor application-layer activity across cloud and hybrid environments. This feature addresses the increasing vulnerability of the API layer, which is often under-monitored, by providing comprehensive visibility from load balancers to kernel sockets, especially for AI workloads. The platform offers two methods for collecting API telemetry: kernel-level interception via the Stream eBPF sensor and direct log ingestion from cloud providers like AWS, GCP, and Azure. Both methods integrate into the CloudTwin model, enriching events with identity context and resource relationships. This allows for detailed payload visibility, enabling security teams to understand data exchanges, system instructions, and responses within AI workloads, enhancing threat detection capabilities. Stream's detection engine operates over every collected event, applying signature-based rules, anomaly detection, and IOC matching to identify potential threats. The platform ensures consistent API visibility across various infrastructures, supporting Kubernetes, VMs, and hybrid environments, while leveraging the CloudTwin model for a unified detection surface. This addition gives security teams a strategic advantage by transforming their intimate knowledge of their environment into a robust defense mechanism against cloud-based threats.