WSO2 and Ping Identity Partner to Provide Comprehensive, AI-Powered Cyber-Attack Protection for APIs

New open source extension integrates the AI-powered cybersecurity of PingIntelligence for APIs with the robust, policy-based security controls in WSO2 API Manager

Mountain View, CA and Denver, CO – June 10, 2019 – The proliferation of APIs catalyzed by digital transformation initiatives is viewed as a virtual goldmine by hackers, who are hijacking tokens, cookies and keys, as well as targeting weaknesses in individual APIs. And all too often, static security controls fail to stop these attacks. Now, WSO2 and Ping Identity have partnered to protect APIs against cyber-attacks by combining the artificial intelligence (AI) powered API cybersecurity of PingIntelligence for APIs with the robust policy-based controls in the open source WSO2 API Manager.

Through the partnership, WSO2 has developed an open source extension to communicate with the PingIntelligence API Security Enforcer (ASE) module, which can be deployed in the WSO2 API Gateway. As a result, WSO2 API Manager users can apply AI-based security analysis and threat blocking to their APIs along with static policy-based security controls.

Additionally, WSO2 and Ping Identity will co-host a webinar to discuss how enterprises can protect their API infrastructure from advanced attacks by leveraging the power of machine learning and AI in conjunction with API management. The event will be held on June 20, 2019 at 10:00 a.m. Pacific Daylight Time. To learn more and register, visit https://wso2.com/library/webinars/2019/06/protecting-api-infrastructures-an-ai-powered-solution-from-ping-identity-and-wso2.

AI-Driven Security for API Management

“By 2022, API abuses will be the most-frequent attack vector resulting in data breaches for enterprise web applications,” observes Gartner in the report, How to Build an Effective API Security Strategy1. The report2 further notes that, “A security strategy that manages access and protects systems from attack while still engaging digital ecosystems is essential to any API program.”

WSO2 API Manager, part of the WSO2 Integration Agile Platform, is the leading open source software for full API lifecycle management, monetization, and policy enforcement. Designed for deployment on-premises, in the cloud, as a managed cloud service, or in hybrid environments, WSO2 API Manager offers several policy-based options for security and access control. These include OAuth 2.0 authentication and authorization, API policy creation and enforcement, request and response validation, rate limiting, and the ability to set quotas, among others.

PingIntelligence for APIs is a leading solution for AI-powered API cybersecurity. By applying AI models to continuously inspect and report on all API activity, it automatically discovers anomalous API activity and threats across API infrastructures. Because bad actors are well versed in circumventing static security policies, PingIntelligence for APIs was purpose-built to recognize and stop emerging new threats that breach APIs while flying under the radar of foundational API security measures. The solution requires no policies or rules to be written, and it can recognize new and changing attacks.

Through the integrated functionality of PingIntelligence and WSO2 API Manager, organizations now have a complete solution for managing and protecting the APIs that drive their business. Examples of API attacks that can be reported and blocked using the integrated solution include attacks that use a valid user account to reverse engineer the API and breach other accounts to steal data—while looking like a normal user. Others include attacks that use stolen token, cookies, or API keys; attacks on login systems; remote application control; botnets scraping data; data exfiltration; API-specific denial of service/distributed denial of service (DoS/DDoS) attacks, as well as an array of attacks coming from authenticated users. To learn more and download the extension, visit https://wso2.com/ai-driven-security-enforcement-for-api-management.

“Ping Identity’s alliance with WSO2 extends our commitment to expanding our API security ecosystem,” said Bernard Harguindeguy, CTO, Ping Identity. “The advanced API security we deliver via PingIntelligence for APIs’ machine learning and artificial intelligence provides a strong complement to WSO2 API Manager in supporting the cybersecurity needs of today’s API-driven enterprises.”

“As more organizations implement internal and external API strategies to drive their digital transformation, APIs are becoming attractive targets for hackers,” said Paul Fremantle, WSO2 co-founder and CTO. “By integrating the extensive API management and control functionality of WSO2 API Manager with the AI-powered security of PingIntelligence for APIs, we can ensure that enterprises are well-equipped to detect and block attacks on their APIs—whether on-premises, across devices, or in the cloud.”

1Gartner, “How to Build an Effective API Security Strategy,” by Mark O'Neill, Dionisio Zumerle, Jeremy D'Hoinne, December 8, 2017.

2Gartner, “How to Build an Effective API Security Strategy” December 8, 2017.

About Ping Identity

Ping Identity envisions a digital world powered by intelligent identity. We help enterprises achieve Zero Trust identity-defined security and more personalized, streamlined user experiences. The Ping Intelligent Identity Platform provides customers, employees and partners with access to cloud, mobile, SaaS and on-premises applications and APIs, while also managing identity and profile data at scale. Over half of the Fortune 100 choose us for our identity expertise, open standards leadership, and partnership with companies including Microsoft, Amazon, and Google. We provide flexible options to extend hybrid IT environments and accelerate digital business initiatives with multi-factor authentication, single sign-on, access management, intelligent API security, directory, and data governance capabilities.

About WSO2

WSO2 is the world’s #1 open source integration vendor, helping digital-driven organizations become integration agile. Customers choose us for our broad integrated platform, approach to open source, and agile transformation methodology. The company’s hybrid platform for developing, reusing, running and managing integrations prevents lock-in through open source software that runs on-premises or in the cloud. Today, hundreds of leading brands and thousands of global projects execute 6 trillion transactions annually using WSO2 integration technologies. Visit https://wso2.com to learn more.

Trademarks and registered trademarks are the properties of their respective owners.