An Intellyx Brain Candy Brief
You may already know Ping Identity, certainly one of the pioneering firms in modern software access and identification techniques, but you may not have explored their recently acquired PingIntelligence for APIs solution (previously a company called Elastic Beam).
We live in an age where almost every company is seeking to open up their interaction with partners and customers, whether you are talking about APIs for new fintech startups to invoke open banking functions, or a CRM software vendor providing a library of APIs and documentation for developers to lookup and pass account information. APIs are dominating cross-company and cross-platform integration.
You would figure this means APIs are inherently secure, right? Not so fast.
Openly publishing dozens — or hundreds — of APIs for your company, with well-defined documentation for any developer to hook up to, also provides clear instructions for potential attackers – not to mention the thousands of API and cryptographic keys leaking on Github every day. Hackers will attempt to exploit APIs to steal unauthorized data, conduct an API takeover or shut down a system with traffic. API attacks are particularly insidious as they often appear to be normal, authorized users, and they can lurk undetected for months by normal security methods.
“We spent years building a machine learning engine from scratch to model and understand what is normal behavior on your APIs ,” said Tyler Reynolds, Technology Alliances Manager at Ping Intelligence. “Hackers are also using machine learning to perpetually change their attack behavior and every blocked attack seems to lead to a new one.”
Their software can build per API behavioral models to provide deep visibility into API traffic and cyberattack protection from the more advanced attacks — which can even come from authenticated users. It spots malicious behavior by continuously comparing API transactions to profiled normal human and business-to-business interactions, and blocking or reporting any anomalous behavior to the API gateway, ITSM, security and IT operations tools.
© 2019 Intellyx, LLC. Intellyx publishes the bi-weekly Cortex newsletter, and advises business executives, IT leaders and enterprise software vendors on their digital transformation initiatives. At the time of writing, none of the vendors mentioned in this article are Intellyx customers.
