Today’s enterprises are changing their relationships with data and applications in a hurry. Eager to realize the organization-wide benefits of API-driven access, executives are providing broad financial support to build infrastructure that delivers on the promises of the API economy. These investments enable modern organizations to leave behind their legacies of managing data and applications in silos and begin a new chapter where every resource can be accessed by anyone at any time, without the need to build custom integrations for each and every new corporate initiative.
Few, however, are taking a standardized approach across their organizations to ensure the security of data and other digital resources exposed via APIs. This has resulted in a number of highly publicized breaches and will undoubtedly be the cause of future incidents for many as the API attack surface continues to expand and a new generation of threats emerges.
Digital businesses must arm themselves with the tools necessary to win these battles. One critical weapon: a comprehensive approach to APIs that protects against a range of common and advanced cyber attacks.
Digital Business Is Built on APIs AND a Secure API Infrastructure Early adopters of APIs were the first beneficiaries of eased integrations, reusable architecture and faster applications delivery. They were also the first faced with questions such as:
How can I provide different levels of access and permissions for using my API?
How can I ensure that only a certain amount of data can be accessed by certain clients?
How can I protect my APIs against critical security risks (e.g., the OWASP Top 10)?
Full LifeCycle API Management providers like Axway have been on the forefront of answering these questions and guiding enterprises through successful business unit and organization wide API deployments for over a decade. With capabilities to build, govern, secure, publish, promote and analyze the performance of APIs, Axway’s AMPLIFY Platform was designed to help enterprises innovate faster, and also more securely. All of these capabilities ensure that Axway customers can rapidly deliver new APIs with the confidence that security best practices have been followed.
But hackers are getting smarter, and today’s API security must extend beyond both traditional application security best practices and access control. Ping and Axway’s joint solution delivers a new, comprehensive approach to securing your API infrastructures against the emerging cyber attacks that target them
Foundational API Security from Axway Axway’s AMPLIFY platform ensures that APIs are protected against common threat vectors. To provide broad coverage for all APIs, it offers optimal flexibility and granularity of security policies, which can be applied globally or at the business or technical API level. Some of these protections include:
Access Control Enterprises leverage a diverse range of authentication sources, user stores, web access management systems, token providers and more. This is why Axway supports over 30 ways to authenticate and authorize users to ensure access can be managed for any API, including the ability to use standards-based methods like OAuth.
Rate Limiting Enforcing quotas is common for those with multiple API usage plans. Usage aside, rate limiting enables you to limit the number of requests that pass through an API Gateway in a specified time period to protect against denial of service (DoS) attacks. With Axway, you can enforce a specified message quota or rate limit on an application to protect a back-end service from message flooding.
Network Privacy Transport security is necessary to protect the security of an API payload in transit. Axway ensures the integrity of a payload with the ability to detect unauthorized modifications. Additionally, confidentiality is protected with transport and message-level encryption to create a secure connection between all product components.
Advanced API Security from Ping Identity PingIntelligence for APIs adds a layer of cyber security which goes beyond foundational protections to fill the gaps in API security programs. Using artificial intelligence (AI), it detects anomalous behavior on APIs, as well as the data and applications exposed via APIs. Key protections include:
Attack Detection and Automated Blocking PingIntelligence for APIs uses AI-based API behavioral analytics to recognize and automatically block pre and post-login attacks, including:
Attempts to bypass login systems using botnet credential stuffing, brute force methods, or stolen credentials, such as tokens and cookies.
Attacks that attempt to take over accounts to steal, modify or delete data such as credit card information, social security numbers and health records
Threats that target specific API vulnerabilities with DoS or DDoS attacks that stay below rate-limiting barriers to disable an API or damage the user experience.
Attacks on session management components
Threats that attempt to remote control applications or take over systems.
Once detected, an attack is immediately reported and automatically blocked. When integrated with Axway’s platform, the attack information is shared amongst all AMPLIFY instances in a cluster to prevent a bad actor from reconnecting via another channel.
API Deception Decoy APIs (honeypots) can be created to instantly reveal hacking activity. Since decoy APIs would never be accessed by legitimate clients and applications, API deception l immediately recognizes an attack and prevents any access to production APIs.
Deep Visibility and Reporting Detailed audit trails of all API activity, including every method (command) used throughout a session, are available for compliance, forensic and Devops monitoring and reporting. Built-in dashboards deliver a graphical view of your API infrastructure’s security posture, including attack information, anomalies and metrics to help operations track and respond to threats.
With Axway and Ping together, your APIs will benefit from protection against a range of common and advanced cyber attacks. Listen to our webinar replay to learn about the evolving API threat landscape, and how you can easily augment the security layer provided by Axway’s AMPLIFY API Management with an intelligent AI-based API cybersecurity solution from Ping Identity.