Data-driven Security: Protect APIs from Adaptive Threats
Transcript of Data-driven Security: Protect APIs from Adaptive Threats
1
Data-Driven Security – Protect APIs from Adaptive ThreatsSubra
Kumaraswamy, Apigee
2©2015 Apigee. All Rights Reserved.
Agenda
1. Adaptive Threat Challenges
2. Why Data-Driven Security
3. Apigee’s Aproach
4. Key Takeaways
Adaptive Threats
Source: Incapsula
DoS/SpamPrice Scrappers
Attack API VulnerabilitiesPollute Analytics
Loyalty Program Abuse
Current layers of security are not adaptive
4
Rules BasedNot Agile Friendly
Address Web VulnsNo Biz logic visibilityCompliance Driven
WAF Security
IP CentricRules Based
No API Context Weak Blocking
CDN Security
5
We need a new approach…
Apigee Sense : Protecting from adaptive threats
6
• A new adaptive API security product to prevent sophisticated bot attacks
• Detects threat patterns at the API layer, including bot attacks
• Enables you to take actions on bots you find
Apigee Sense
7
E
Data Warehouse
CRM, ERP, etc.
SOA
Database
Analyze billions of events
Apigee SenseData Driven Security
Machine learning algorithms
Detect Anomalous Behavior Patters
Hacker
Bot Bot
Hacker
Bot Attack Stopped
Legitimate Traffic
Adaptive Threats
• Content Scraping
• Information Theft
• Denial of Service
Bot signatures
Apigee Sense Advantage - Deep Behavioral Analysis • Sophisticated rules and learning algorithms that compute
a risk score. Models look at anomalous behavior patterns, activity bursts, geo patterns, device fingerprinting, etc.
• Analyze billions of API calls across customers. Include purchased external IP reputation data.
• Focus on the anomalies using baseline traffic behavior
• Enable variable enforcement based on risk score (0-100)8
Bad Bot Patterns
9
Content Stealer
Spiker/DoS Credentia
l Stuffer
Guessor
Price Scraper Storm
AttackerSpear
Attacker
Vulnerability Scanner
• Shield your APIs from Bots and adaptive threats Save valuable system resources and from abusive
Bots. Reduce Analytics pollution due to Bot activities. Protect your proprietary content (images, pricing, etc)
and intellectual property from scrapping Bots. Gain visibility to API Key breaches to take immediate
action to limit damage.• Get started today!• No setup or additional configuration required• Register at https://pages.apigee.com/Apigee-Sense-product-
reg.html
Use Apigee Sense to:
10
Thank You