AI-driven Security for
APIs are critical for any enterprise. But because of its widespread adoption, they are an attractive target for hackers and malicious users. Today’s sophisticated attacks can no longer be prevented by access control and rate limiting policies alone.
We partnered up with Ping to bring you the next-gen API security solution that leverages unsupervised machine learning and artificial intelligence (AI).More Info
Why We Need a Refresh on API Security
Modern security teams need to detect and respond to dynamic attacks and the unique vulnerabilities of each API. Because each API has its own access patterns and users, it’s hard to detect a specific pattern by analyzing large volumes of data manually or by using static policies.
That’s why we need to augment API security with AI. WSO2 API Manager users can now apply AI-based security analysis for their APIs in addition to static rule-based security controls.
How it Works
The solution applies AI models to continuously inspect and report on all API activity. It automatically detects anomalous API traffic behavior, recognizes and responds to attacks that usually fly under the radar, and targets API vulnerabilities without static policies, rules or code.
API attacks reported and blocked include:
- Credential stuffing attacks on login systems
- Layer 7 DDoS attacks that scrape data and disrupt API services
- Taking over accounts using stolen cookies, tokens or API keys
- Rogue insiders exfiltrating data in small amounts over extended periods of time
WSO2 API Manager’s API Gateway is the primary component that intercepts API requests and applies various types of policies. The solution enables users to connect with Ping API Security Enforcer (ASE) to check the validity of requests and responses and detect abnormal access patterns. It also builds a knowledge base that is used as a learning model.
WSO2 API Manager is a unique open approach to full lifecycle API development, integration and management. As part of the larger WSO2 Integration Agile Platform, it is a central component used to deploy and manage API-driven ecosystems. It’s hybrid integration capabilities further simplify projects that span traditional as well as microservice environments. And unlike other API and lifecycle management products, it is fully open-source allowing for extensibility and customization.
PingIntelligence for APIs represents one of the first solutions helping enterprises move away from static, policy-driven security models to continuous, proactive API threat monitoring and detection. As this trend picks up speed, companies will find that AI and machine learning complement and extend security capabilities that they’re already invested in, such as authentication/authorization solutions and API management/gateway solutions.