How it Works
The solution applies AI models to continuously inspect and report on all API activity. It automatically detects anomalous API traffic behavior, recognizes and responds to attacks that usually fly under the radar, and targets API vulnerabilities without static policies, rules or code.
API attacks reported and blocked include:
- Credential stuffing attacks on login systems
- Layer 7 DDoS attacks that scrape data and disrupt API services
- Taking over accounts using stolen cookies, tokens or API keys
- Rogue insiders exfiltrating data in small amounts over extended periods of time
WSO2 API Manager’s API Gateway is the primary component that intercepts API requests and applies various types of policies. The solution enables users to connect with Ping API Security Enforcer (ASE) to check the validity of requests and responses and detect abnormal access patterns. It also builds a knowledge base that is used as a learning model.