From Rule- to Machine Learning-Based Security
Many enterprises have responded by implementing the aforementioned API management solutions that provide mechanisms, such as authentication, authorization and throttling. These are long-standing must haves for controlling who accesses APIs across the application ecosystem—and how often.
However, organizations also need to address the growth of more sophisticated attacks on APIs by complementing these “point” solutions with machine learning-driven security.
Rule-based and policy-based security checks, which can be performed in a static or dynamic manner, are mandatory parts of any API management solution. API gateways serve as the main entry point for API access and therefore typically handle policy enforcement by inspecting incoming requests against policies and rules related to security, rate limits, throttling, etc.
These policy-based approaches around authentication, authorization, rate limiting and throttling are effective tools, but they still leave vulnerabilities through which hackers can exploit APIs. Notably, API gateways front multiple web services, and the APIs they manage are frequently loaded with high numbers of sessions, making it difficult for a gateway to inspect every request.
Moreover, SAST and DAST testing solutions, while effective at evaluating source code and testing application functionality for security vulnerabilities, only provide reactive insight into API and application vulnerabilities; they do not provide proactive, automated protection.
Machine-learning based application security solutions are adaptive by automatically detecting and responding to dynamic attacks and application/API vulnerabilities. First and foremost, they should automatically detect and protect new web applications as they are
added to the network via automatic policy generation.
In addition, machine learning can eliminate API abuse such as token manipulations, parameter tampering, protocol attacks, invalid schemas and more. An enterprise-grade firewall should import, enumerate and catalog APIs to enforce standards and schemas using behavioral protections and positive security.
Here are seven warning signs your applications/APIs are vulnerable:
- Using non-defined/non-allowed HTTP methods for an API endpoint
- Embedding web attacks in JSON payloads or parameters
- Excessively utilizing the APIs
- Attempting to break the API authentication process through an account takeover attack
- Sending requests not according to the JSON/XML schemas
- An API key rotation – or a successful login from an unusual source
- Extremely high application usage from a single IP address or API token