The exponential increase in API adoption has made it a prime target for hackers who are hijacking tokens, cookies and keys, as well as targeting weaknesses in individual APIs. Because of the complexity of these attacks and the different access patterns and users of an API, static security controls alone cannot prevent a breach. That’s why we partnered with Ping Identity to protect APIs against cyber-attacks by combining the artificial intelligence (AI) powered API cybersecurity of PingIntelligence for APIs with the robust policy-based controls in the open source WSO2 API Manager.
WSO2 API Manager is a unique open source approach to addressing the full API lifecycle. It offers various static policy-based options for security and access control. These include:
PingIntelligence for APIs is the leading solution for AI-powered API cybersecurity. They help enterprises augment their static controls and extend their security capabilities with continuous, proactive API threat monitoring and detecting that automatically discovers anomalous API traffic behavior. Because bad actors are well versed in circumventing static security policies, PingIntelligence for APIs was purpose-built to recognize and respond to attacks which fly under the radar of foundational API security measures, and target API vulnerabilities—without policies, rules or code. These include:
WSO2 has developed an open source extension to communicate with the PingIntelligence API Security Enforcer (ASE), which can be deployed in the WSO2 API Gateway. This means that WSO2 API Manager users can apply AI-based security analysis for their APIs along with static policy-based security controls. Meanwhile, PingIntelligence users can utilize AI-based analytics when they externally expose their services as APIs.
To learn more about how the extension works and what attacks it can detect, read WSO2 Associate Director and Architect Sanjeewa Malalgoda’s article or register for our webinar. Download the extension for WSO2 API Manager here.