When it comes to APIs used by connected vehicles, the security teams that oversee that connectivity simply lack the visibility and defense capabilities they need to protect the ever-growing risk from APIs and other application connections. Many believe that compliance with industry standards and a “shift-left, DevOps” approach are sufficient solutions to protect their APIs. The problem with these strategies is that they don’t have a way to “know the unknown”, meaning they aren’t able to look for all APIs, including legacy and shadow APIs, and API vulnerabilities without knowing where to look. Even if all APIs are discovered and “known”, attackers can still leverage seemingly legitimate traffic to gain control of a vehicle. Traditional approaches that use WAFs or API gateways depend on easily evadable detection, lack the real-time ability to discern good from bad API activity and are reliant on static, least common denominator protection spread across multiple technology components.