SlideShare a Scribd company logo

apidays London 2023 - Advanced AI-powered API Security, Ricky Moorhouse (IBM) & Filip Verloy (Noname Security)

apidays
apidays

apidays London 2023 - APIs for Smarter Platforms and Business Processes September 13 & 14, 2023 Advanced AI-powered API Security Ricky Moorhouse, Cloud Architect at IBM API Connect Filip Verloy, Field CTO at Noname Security ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Data & Analytics
1 of 27
Download to read offline
Advanced API Security Filip Verloy Field CTO, Noname Security Ricky Moorhouse Cloud Architect, API Connect, IBM
API Security is a superhuman problem. It requires Machine Learning to solve. Learn more 15,564 76% 37 days The 2022 API Security Trends Report Whitepaper Average number of Production Enterprise APIs of organizations experienced a security breach in the past year 27 days for discovery 10 days for remediation per incident 2
3 Development Secure at Runtime Analyze Behavior Manage Design Test Discover unmanaged Control Access Protect Endpt Validate content Limit rate Detect Notify Mediate / Stop attack Predict Continuous Monitor Security capabilities across the API lifecycle © 2023 IBM Corporation API Lifecycle Security policy
IBM API Connect powers digital applications by unlocking business data and assets as APIs IBM API Connect Socialize Empower application developers to explore and consume your APIs using branded self-service portals Secure Easily apply built-in and extensible policies to secure, control and mediate the delivery of APIs protecting data and business assets Create Automatically create APIs to expose data, microservices, enterprise applications, and SaaS services using open standards Manage Rapidly organize, publish and analyze any API through the full lifecycle from design to retire
Gateway 5 IBM DataPower Gateway is an industry leading, high security gateway for modern, traditional and hybrid cloud workloads Secure Easily apply built-in and extensible policies to secure access to a full range of API, Mobile, Web, SOA, B2B, and Cloud workloads at all stages. Integrate Combine modern event-based and API workloads with traditional services with advanced protocol bridging and message transformation support. Control Protect applications from over utilization with traffic control and quota enforcements. Optimize Improve response times and throughput by controlling message traffic with application caching and advanced routing.
IBM DataPower 6 Provide security, control, integration and optimized access to enterprise business process TLS Termination AAA Token exchange Message protection Message transform, rate limit & many others Harden capabilities in Gateway to make it an excellent Policy Enforcement Point
IBM DataPower 7 Provide security, control, integration and optimized access to enterprise business process TLS Termination AAA Token exchange Message protection Message transform, rate limit & many others Harden capabilities in Gateway to make it an excellent Policy Enforcement Point Record ML Policy Decision Point Rules IP Cookie Header Query
Detect and block API attacks with real-time traffic analysis powered by machine learning Uncover vulnerabilities and misconfigurations to speed remediation and ensure compliance Runtime API Security Posture Management Augment IBM API Connect & DataPower with Advanced API Security powered by Machine Learning Locate and inventory all of your APIs regardless of configuration Discovery Extend API Connect and DataPower (API Gateway)’s already powerful enterprise-grade performance and security with new Discovery, Posture Management and runtime Behavioral Threat Detection, powered by Noname Security. 8
It is as easy as dropping a policy at the API assembly step 9
Gateway Noname Advanced API Security Policy Noname Advanced API Security Policy How it Works – High Level Architecture API Consumers Protection Rules Analytics Records API definitions & Application Details API Call Information ML Policy Decision Point
Records
Rules
OOTB OWASP TOP 10
Categorize Data (e.g. PII)
| © Noname Security. All rights reserved 15 Deployment - SaaS SaaS Deployment
| © Noname Security. All rights reserved 16 OnPrem Deployment
17 Noname Advanced API Security for IBM
Learn more 01 Explore the product 02 Explore the partnership 03 Visit the IBM booth Talk to an SME, see a demo, or check out a 10-minute SmartTalk 18 ibm.biz/api-security nonamesecurity.com/ibm
Backup 19
IBM DataPower Interne t Consumer Mobile Consumer Cloud Apps & Services Firewall / Load Balancer Application Application System z Mobile Application Server Application Provide security, control, integration and optimized access to enterprise business process TLS Termination AAA Token exchange Message protection Message transform, rate limit & many others Harden capabilities in Gateway to make it an excellent Policy Enforcement Point
IBM DataPower Interne t Consumer Mobile Consumer Cloud Apps & Services Firewall / Load Balancer Application Application System z Mobile Application Server Application Record ML Policy Decision Point Rules IP Cookie Header Query Provide security, control, integration and optimized access to enterprise business process TLS Termination AAA Token exchange Message protection Message transform, rate limit & many others
IBM API Connect powers digital applications by unlocking business data and assets as APIs IBM API Connect Socialize Empower application developers to explore and consume your APIs using branded self-service portals Secure Easily apply built-in and extensible policies to secure, control and mediate the delivery of APIs protecting data and business assets Create Automatically create APIs to expose data, microservices, enterprise applications, and SaaS services using open standards Manage Rapidly organize, publish and analyze any API through the full lifecycle from design to retire
IBM API Connect Interne t Consumer Mobile Consumer Cloud Apps & Services Firewall / Load Balancer Application Application System z Mobile Application Server Application Runtime api information API Definition(security, schema ..) Application information (credential ..) Provide a full life cycle API management solution
IBM API Connect Interne t Consumer Mobile Consumer Cloud Apps & Services Firewall / Load Balancer Application Application System z Mobile Application Server Application Runtime api information API Definition(security, schema ..) Application information (credential ..) Provide a full life cycle API management solution ML Policy Decision Point IP Cookie Header Query Record Noname API Advanced Security Policy Noname API Advanced Security Policy Rules
IBM API Connect powers digital applications by unlocking business data and assets as APIs API Management Socialize Empower application developers to explore and consume your APIs using branded self-service portals Secure Easily apply built-in and extensible policies to secure, control and mediate the delivery of APIs protecting data and business assets Create Automatically create APIs to expose data, microservices, enterprise applications, and SaaS services using open standards Manage Rapidly organize, publish and analyze any API through the full lifecycle from design to retire 2 © 2023 IBM Corporation
Gateway 26 IBM DataPower Gateway is an industry leading, high security gateway for modern, traditional and hybrid cloud workloads Secure Easily apply built-in and extensible policies to secure access to a full range of API, Mobile, Web, SOA, B2B, and Cloud workloads at all stages. Integrate Combine modern event-based and API workloads with traditional services with advanced protocol bridging and message transformation support. Control Protect applications from over utilization with traffic control and quota enforcements. Optimize Improve response times and throughput by controlling message traffic with application caching and advanced routing.
Noname Security extends the capabilities of IBM DataPower and IBM API Connect to enable organizations to provide advanced security of APIs throughout their lifecycle. Find API security issues faster Intelligently identify and prioritize potential vulnerabilities. Remediate manually, semi- automatically or fully- automatically. Discover the unmanaged Catch vulnerabilities and issues earlier, and prioritize based on impact to reduce remediation costs. Ensure compliance Continuously monitor for compliance with regulatory requirements, industry standards and internal policies. See through the noise Conduct real-time traffic analysis with automated AI and machine learning detection, and use automated remediation to stop attacks in real time. Intelligent asset management

Recommended

Enterprise API deployment best practice
Enterprise API deployment best practiceEnterprise API deployment best practice
Enterprise API deployment best practice
Sanjay Roy
 
2015/06/12 - IBM Systems & Middleware - IBM DataPower and API Management
2015/06/12 - IBM Systems & Middleware - IBM DataPower and API Management2015/06/12 - IBM Systems & Middleware - IBM DataPower and API Management
2015/06/12 - IBM Systems & Middleware - IBM DataPower and API Management
Rui Santos
 
Platform for Secure Digital Business
Platform for Secure Digital BusinessPlatform for Secure Digital Business
Platform for Secure Digital Business
Akana
 
IBM DataPower Gateway - Common Use Cases
IBM DataPower Gateway - Common Use CasesIBM DataPower Gateway - Common Use Cases
IBM DataPower Gateway - Common Use Cases
IBM DataPower Gateway
 
Datapowercommonusecases 130509114200-phpapp02
Datapowercommonusecases 130509114200-phpapp02Datapowercommonusecases 130509114200-phpapp02
Datapowercommonusecases 130509114200-phpapp02
Krystel Hery
 
Datapowercommonusecases 130509114200-phpapp02
Datapowercommonusecases 130509114200-phpapp02Datapowercommonusecases 130509114200-phpapp02
Datapowercommonusecases 130509114200-phpapp02
Cristina Garrido Lema
 
Whats new in data power
Whats new in data powerWhats new in data power
Whats new in data power
sflynn073
 
WebSphere Integration User Group 13 July 2015 : DataPower session
WebSphere Integration User Group 13 July 2015 : DataPower sessionWebSphere Integration User Group 13 July 2015 : DataPower session
WebSphere Integration User Group 13 July 2015 : DataPower session
Hugh Everett
 

Recommended

Enterprise API deployment best practice
Enterprise API deployment best practiceEnterprise API deployment best practice
Enterprise API deployment best practice
Sanjay Roy
 
2015/06/12 - IBM Systems & Middleware - IBM DataPower and API Management
2015/06/12 - IBM Systems & Middleware - IBM DataPower and API Management2015/06/12 - IBM Systems & Middleware - IBM DataPower and API Management
2015/06/12 - IBM Systems & Middleware - IBM DataPower and API Management
Rui Santos
 
Platform for Secure Digital Business
Platform for Secure Digital BusinessPlatform for Secure Digital Business
Platform for Secure Digital Business
Akana
 
IBM DataPower Gateway - Common Use Cases
IBM DataPower Gateway - Common Use CasesIBM DataPower Gateway - Common Use Cases
IBM DataPower Gateway - Common Use Cases
IBM DataPower Gateway
 
Datapowercommonusecases 130509114200-phpapp02
Datapowercommonusecases 130509114200-phpapp02Datapowercommonusecases 130509114200-phpapp02
Datapowercommonusecases 130509114200-phpapp02
Krystel Hery
 
Datapowercommonusecases 130509114200-phpapp02
Datapowercommonusecases 130509114200-phpapp02Datapowercommonusecases 130509114200-phpapp02
Datapowercommonusecases 130509114200-phpapp02
Cristina Garrido Lema
 
Whats new in data power
Whats new in data powerWhats new in data power
Whats new in data power
sflynn073
 
WebSphere Integration User Group 13 July 2015 : DataPower session
WebSphere Integration User Group 13 July 2015 : DataPower sessionWebSphere Integration User Group 13 July 2015 : DataPower session
WebSphere Integration User Group 13 July 2015 : DataPower session
Hugh Everett
 
Developing Modern Applications in the Cloud
Developing Modern Applications in the CloudDeveloping Modern Applications in the Cloud
Developing Modern Applications in the Cloud
Cobus Bernard
 
Becoming an interconnected enterprise
Becoming an interconnected enterpriseBecoming an interconnected enterprise
Becoming an interconnected enterprise
Warba Insurance Co Kuwait
 
APIC/DataPower security
APIC/DataPower securityAPIC/DataPower security
APIC/DataPower security
Shiu-Fun Poon
 
Gateway/APIC security
Gateway/APIC securityGateway/APIC security
Gateway/APIC security
Shiu-Fun Poon
 
5 pillars of API Management
5 pillars of API Management5 pillars of API Management
5 pillars of API Management
James Farley-Sutton
 
5 Pillars of API Management
5 Pillars of API Management5 Pillars of API Management
5 Pillars of API Management
Sebastian Gyhlenius
 
5 Pillars of API Management
5 Pillars of API Management5 Pillars of API Management
5 Pillars of API Management
Rich Graham
 
apidays Helsinki & North 2023 - API Security in the era of Generative AI, Mat...
apidays Helsinki & North 2023 - API Security in the era of Generative AI, Mat...apidays Helsinki & North 2023 - API Security in the era of Generative AI, Mat...
apidays Helsinki & North 2023 - API Security in the era of Generative AI, Mat...
apidays
 
Api management customer
Api management customerApi management customer
Api management customer
nick_garrod
 
CA API Gateway
CA API GatewayCA API Gateway
CA API Gateway
James Farley-Sutton
 
DevSecOps: Integrating security into pipelines - SDD310 - AWS re:Inforce 2019
DevSecOps: Integrating security into pipelines - SDD310 - AWS re:Inforce 2019 DevSecOps: Integrating security into pipelines - SDD310 - AWS re:Inforce 2019
DevSecOps: Integrating security into pipelines - SDD310 - AWS re:Inforce 2019
Amazon Web Services
 
IBM InterConnect 2013 Cloud General Session: Jamie Thomas
IBM InterConnect 2013 Cloud General Session: Jamie ThomasIBM InterConnect 2013 Cloud General Session: Jamie Thomas
IBM InterConnect 2013 Cloud General Session: Jamie Thomas
IBM Events
 
Developing Modern Applications in the Cloud
Developing Modern Applications in the CloudDeveloping Modern Applications in the Cloud
Developing Modern Applications in the Cloud
Amazon Web Services
 
Surviving the Mobile Phenomenon: Securing Mobile Access with Risk-Based Authe...
Surviving the Mobile Phenomenon: Securing Mobile Access with Risk-Based Authe...Surviving the Mobile Phenomenon: Securing Mobile Access with Risk-Based Authe...
Surviving the Mobile Phenomenon: Securing Mobile Access with Risk-Based Authe...
IBM Security
 
Surviving the Mobile Phenomenon: Protecting Devices without Disrupting the Us...
Surviving the Mobile Phenomenon: Protecting Devices without Disrupting the Us...Surviving the Mobile Phenomenon: Protecting Devices without Disrupting the Us...
Surviving the Mobile Phenomenon: Protecting Devices without Disrupting the Us...
IBM Security
 
Integrating network and API security into your application lifecycle - DEM07 ...
Integrating network and API security into your application lifecycle - DEM07 ...Integrating network and API security into your application lifecycle - DEM07 ...
Integrating network and API security into your application lifecycle - DEM07 ...
Amazon Web Services
 
Mitigate attacks with IBM BigFix and Q-Radar
Mitigate attacks with IBM BigFix and Q-RadarMitigate attacks with IBM BigFix and Q-Radar
Mitigate attacks with IBM BigFix and Q-Radar
Francisco González Jiménez
 
Cyber threats
Cyber threatsCyber threats
Cyber threats
Sonia Baratas Alves
 
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadar
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadarDon’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadar
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadar
IBM Security
 
IBM Maas360 with Watson
IBM Maas360 with WatsonIBM Maas360 with Watson
IBM Maas360 with Watson
BuyOnCloud Software Service (P) Ltd.
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
apidays
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
apidays
 

More Related Content

Similar to apidays London 2023 - Advanced AI-powered API Security, Ricky Moorhouse (IBM) & Filip Verloy (Noname Security)

5 Pillars of API Management
5 Pillars of API Management5 Pillars of API Management
5 Pillars of API Management
Rich Graham
 
Surviving the Mobile Phenomenon: Securing Mobile Access with Risk-Based Authe...
Surviving the Mobile Phenomenon: Securing Mobile Access with Risk-Based Authe...Surviving the Mobile Phenomenon: Securing Mobile Access with Risk-Based Authe...
Surviving the Mobile Phenomenon: Securing Mobile Access with Risk-Based Authe...
IBM Security
 
Surviving the Mobile Phenomenon: Protecting Devices without Disrupting the Us...
Surviving the Mobile Phenomenon: Protecting Devices without Disrupting the Us...Surviving the Mobile Phenomenon: Protecting Devices without Disrupting the Us...
Surviving the Mobile Phenomenon: Protecting Devices without Disrupting the Us...
IBM Security
 
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadar
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadarDon’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadar
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadar
IBM Security
 

Similar to apidays London 2023 - Advanced AI-powered API Security, Ricky Moorhouse (IBM) & Filip Verloy (Noname Security) (20)

Developing Modern Applications in the Cloud
Developing Modern Applications in the CloudDeveloping Modern Applications in the Cloud
Developing Modern Applications in the Cloud
 
Becoming an interconnected enterprise
Becoming an interconnected enterpriseBecoming an interconnected enterprise
Becoming an interconnected enterprise
 
APIC/DataPower security
APIC/DataPower securityAPIC/DataPower security
APIC/DataPower security
 
Gateway/APIC security
Gateway/APIC securityGateway/APIC security
Gateway/APIC security
 
5 pillars of API Management
5 pillars of API Management5 pillars of API Management
5 pillars of API Management
 
5 Pillars of API Management
5 Pillars of API Management5 Pillars of API Management
5 Pillars of API Management
 
5 Pillars of API Management
5 Pillars of API Management5 Pillars of API Management
5 Pillars of API Management
 
apidays Helsinki & North 2023 - API Security in the era of Generative AI, Mat...
apidays Helsinki & North 2023 - API Security in the era of Generative AI, Mat...apidays Helsinki & North 2023 - API Security in the era of Generative AI, Mat...
apidays Helsinki & North 2023 - API Security in the era of Generative AI, Mat...
 
Api management customer
Api management customerApi management customer
Api management customer
 
CA API Gateway
CA API GatewayCA API Gateway
CA API Gateway
 
DevSecOps: Integrating security into pipelines - SDD310 - AWS re:Inforce 2019
DevSecOps: Integrating security into pipelines - SDD310 - AWS re:Inforce 2019 DevSecOps: Integrating security into pipelines - SDD310 - AWS re:Inforce 2019
DevSecOps: Integrating security into pipelines - SDD310 - AWS re:Inforce 2019
 
IBM InterConnect 2013 Cloud General Session: Jamie Thomas
IBM InterConnect 2013 Cloud General Session: Jamie ThomasIBM InterConnect 2013 Cloud General Session: Jamie Thomas
IBM InterConnect 2013 Cloud General Session: Jamie Thomas
 
Developing Modern Applications in the Cloud
Developing Modern Applications in the CloudDeveloping Modern Applications in the Cloud
Developing Modern Applications in the Cloud
 
Surviving the Mobile Phenomenon: Securing Mobile Access with Risk-Based Authe...
Surviving the Mobile Phenomenon: Securing Mobile Access with Risk-Based Authe...Surviving the Mobile Phenomenon: Securing Mobile Access with Risk-Based Authe...
Surviving the Mobile Phenomenon: Securing Mobile Access with Risk-Based Authe...
 
Surviving the Mobile Phenomenon: Protecting Devices without Disrupting the Us...
Surviving the Mobile Phenomenon: Protecting Devices without Disrupting the Us...Surviving the Mobile Phenomenon: Protecting Devices without Disrupting the Us...
Surviving the Mobile Phenomenon: Protecting Devices without Disrupting the Us...
 
Integrating network and API security into your application lifecycle - DEM07 ...
Integrating network and API security into your application lifecycle - DEM07 ...Integrating network and API security into your application lifecycle - DEM07 ...
Integrating network and API security into your application lifecycle - DEM07 ...
 
Mitigate attacks with IBM BigFix and Q-Radar
Mitigate attacks with IBM BigFix and Q-RadarMitigate attacks with IBM BigFix and Q-Radar
Mitigate attacks with IBM BigFix and Q-Radar
 
Cyber threats
Cyber threatsCyber threats
Cyber threats
 
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadar
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadarDon’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadar
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadar
 
IBM Maas360 with Watson
IBM Maas360 with WatsonIBM Maas360 with Watson
IBM Maas360 with Watson
 

More from apidays

Apidays Singapore 2024 - API Monitoring x SRE by Ryan Ashneil and Eugene Wong...
Apidays Singapore 2024 - API Monitoring x SRE by Ryan Ashneil and Eugene Wong...Apidays Singapore 2024 - API Monitoring x SRE by Ryan Ashneil and Eugene Wong...
Apidays Singapore 2024 - API Monitoring x SRE by Ryan Ashneil and Eugene Wong...
apidays
 

More from apidays (20)

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Apidays New York 2024 - The secrets to Graph success, by Leah Hurwich Adler, ...
Apidays New York 2024 - The secrets to Graph success, by Leah Hurwich Adler, ...Apidays New York 2024 - The secrets to Graph success, by Leah Hurwich Adler, ...
Apidays New York 2024 - The secrets to Graph success, by Leah Hurwich Adler, ...
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Apidays New York 2024 - API Discovery - From Crawl to Run by Rob Dickinson, G...
Apidays New York 2024 - API Discovery - From Crawl to Run by Rob Dickinson, G...Apidays New York 2024 - API Discovery - From Crawl to Run by Rob Dickinson, G...
Apidays New York 2024 - API Discovery - From Crawl to Run by Rob Dickinson, G...
 
Apidays Singapore 2024 - Building with the Planet in Mind by Sandeep Joshi, M...
Apidays Singapore 2024 - Building with the Planet in Mind by Sandeep Joshi, M...Apidays Singapore 2024 - Building with the Planet in Mind by Sandeep Joshi, M...
Apidays Singapore 2024 - Building with the Planet in Mind by Sandeep Joshi, M...
 
Apidays Singapore 2024 - Connecting Cross Border Commerce with Payments by Gu...
Apidays Singapore 2024 - Connecting Cross Border Commerce with Payments by Gu...Apidays Singapore 2024 - Connecting Cross Border Commerce with Payments by Gu...
Apidays Singapore 2024 - Connecting Cross Border Commerce with Payments by Gu...
 
Apidays Singapore 2024 - Privacy Enhancing Technologies for AI by Mark Choo, ...
Apidays Singapore 2024 - Privacy Enhancing Technologies for AI by Mark Choo, ...Apidays Singapore 2024 - Privacy Enhancing Technologies for AI by Mark Choo, ...
Apidays Singapore 2024 - Privacy Enhancing Technologies for AI by Mark Choo, ...
 
Apidays Singapore 2024 - Blending AI and IoT for Smarter Health by Matthew Ch...
Apidays Singapore 2024 - Blending AI and IoT for Smarter Health by Matthew Ch...Apidays Singapore 2024 - Blending AI and IoT for Smarter Health by Matthew Ch...
Apidays Singapore 2024 - Blending AI and IoT for Smarter Health by Matthew Ch...
 
Apidays Singapore 2024 - OpenTelemetry for API Monitoring by Danielle Kayumbi...
Apidays Singapore 2024 - OpenTelemetry for API Monitoring by Danielle Kayumbi...Apidays Singapore 2024 - OpenTelemetry for API Monitoring by Danielle Kayumbi...
Apidays Singapore 2024 - OpenTelemetry for API Monitoring by Danielle Kayumbi...
 
Apidays Singapore 2024 - Connecting Product and Engineering Teams with Testin...
Apidays Singapore 2024 - Connecting Product and Engineering Teams with Testin...Apidays Singapore 2024 - Connecting Product and Engineering Teams with Testin...
Apidays Singapore 2024 - Connecting Product and Engineering Teams with Testin...
 
Apidays Singapore 2024 - The Growing Carbon Footprint of Digitalization and H...
Apidays Singapore 2024 - The Growing Carbon Footprint of Digitalization and H...Apidays Singapore 2024 - The Growing Carbon Footprint of Digitalization and H...
Apidays Singapore 2024 - The Growing Carbon Footprint of Digitalization and H...
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Apidays Singapore 2024 - API Monitoring x SRE by Ryan Ashneil and Eugene Wong...
Apidays Singapore 2024 - API Monitoring x SRE by Ryan Ashneil and Eugene Wong...Apidays Singapore 2024 - API Monitoring x SRE by Ryan Ashneil and Eugene Wong...
Apidays Singapore 2024 - API Monitoring x SRE by Ryan Ashneil and Eugene Wong...
 
Apidays Singapore 2024 - A nuanced approach on AI costs and benefits for the ...
Apidays Singapore 2024 - A nuanced approach on AI costs and benefits for the ...Apidays Singapore 2024 - A nuanced approach on AI costs and benefits for the ...
Apidays Singapore 2024 - A nuanced approach on AI costs and benefits for the ...
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
 
Apidays Singapore 2024 - How APIs drive business at BNP Paribas by Quy-Doan D...
Apidays Singapore 2024 - How APIs drive business at BNP Paribas by Quy-Doan D...Apidays Singapore 2024 - How APIs drive business at BNP Paribas by Quy-Doan D...
Apidays Singapore 2024 - How APIs drive business at BNP Paribas by Quy-Doan D...
 

Recently uploaded

Call Girls Indiranagar Just Call 👗 7737669865 👗 Top Class Call Girl Service B...
Call Girls Indiranagar Just Call 👗 7737669865 👗 Top Class Call Girl Service B...Call Girls Indiranagar Just Call 👗 7737669865 👗 Top Class Call Girl Service B...
Call Girls Indiranagar Just Call 👗 7737669865 👗 Top Class Call Girl Service B...
amitlee9823
 
Generative AI on Enterprise Cloud with NiFi and Milvus
Generative AI on Enterprise Cloud with NiFi and MilvusGenerative AI on Enterprise Cloud with NiFi and Milvus
Generative AI on Enterprise Cloud with NiFi and Milvus
Timothy Spann
 
Call Girls Bannerghatta Road Just Call 👗 7737669865 👗 Top Class Call Girl Ser...
Call Girls Bannerghatta Road Just Call 👗 7737669865 👗 Top Class Call Girl Ser...Call Girls Bannerghatta Road Just Call 👗 7737669865 👗 Top Class Call Girl Ser...
Call Girls Bannerghatta Road Just Call 👗 7737669865 👗 Top Class Call Girl Ser...
amitlee9823
 
Predicting Loan Approval: A Data Science Project
Predicting Loan Approval: A Data Science ProjectPredicting Loan Approval: A Data Science Project
Predicting Loan Approval: A Data Science Project
Boston Institute of Analytics
 
Vip Mumbai Call Girls Marol Naka Call On 9920725232 With Body to body massage...
Vip Mumbai Call Girls Marol Naka Call On 9920725232 With Body to body massage...Vip Mumbai Call Girls Marol Naka Call On 9920725232 With Body to body massage...
Vip Mumbai Call Girls Marol Naka Call On 9920725232 With Body to body massage...
amitlee9823
 
Abortion pills in Doha Qatar (+966572737505 ! Get Cytotec
Abortion pills in Doha Qatar (+966572737505 ! Get CytotecAbortion pills in Doha Qatar (+966572737505 ! Get Cytotec
Abortion pills in Doha Qatar (+966572737505 ! Get Cytotec
Abortion pills in Riyadh +966572737505 get cytotec
 
FESE Capital Markets Fact Sheet 2024 Q1.pdf
FESE Capital Markets Fact Sheet 2024 Q1.pdfFESE Capital Markets Fact Sheet 2024 Q1.pdf
FESE Capital Markets Fact Sheet 2024 Q1.pdf
MarinCaroMartnezBerg
 
Cheap Rate Call girls Sarita Vihar Delhi 9205541914 shot 1500 night
Cheap Rate Call girls Sarita Vihar Delhi 9205541914 shot 1500 nightCheap Rate Call girls Sarita Vihar Delhi 9205541914 shot 1500 night
Cheap Rate Call girls Sarita Vihar Delhi 9205541914 shot 1500 night
Delhi Call girls
 

Recently uploaded (20)

Midocean dropshipping via API with DroFx
Midocean dropshipping via API with DroFxMidocean dropshipping via API with DroFx
Midocean dropshipping via API with DroFx
 
Call Girls Indiranagar Just Call 👗 7737669865 👗 Top Class Call Girl Service B...
Call Girls Indiranagar Just Call 👗 7737669865 👗 Top Class Call Girl Service B...Call Girls Indiranagar Just Call 👗 7737669865 👗 Top Class Call Girl Service B...
Call Girls Indiranagar Just Call 👗 7737669865 👗 Top Class Call Girl Service B...
 
Discover Why Less is More in B2B Research
Discover Why Less is More in B2B ResearchDiscover Why Less is More in B2B Research
Discover Why Less is More in B2B Research
 
Sampling (random) method and Non random.ppt
Sampling (random) method and Non random.pptSampling (random) method and Non random.ppt
Sampling (random) method and Non random.ppt
 
Generative AI on Enterprise Cloud with NiFi and Milvus
Generative AI on Enterprise Cloud with NiFi and MilvusGenerative AI on Enterprise Cloud with NiFi and Milvus
Generative AI on Enterprise Cloud with NiFi and Milvus
 
Call Girls Bannerghatta Road Just Call 👗 7737669865 👗 Top Class Call Girl Ser...
Call Girls Bannerghatta Road Just Call 👗 7737669865 👗 Top Class Call Girl Ser...Call Girls Bannerghatta Road Just Call 👗 7737669865 👗 Top Class Call Girl Ser...
Call Girls Bannerghatta Road Just Call 👗 7737669865 👗 Top Class Call Girl Ser...
 
Anomaly detection and data imputation within time series
Anomaly detection and data imputation within time seriesAnomaly detection and data imputation within time series
Anomaly detection and data imputation within time series
 
Predicting Loan Approval: A Data Science Project
Predicting Loan Approval: A Data Science ProjectPredicting Loan Approval: A Data Science Project
Predicting Loan Approval: A Data Science Project
 
Capstone Project on IBM Data Analytics Program
Capstone Project on IBM Data Analytics ProgramCapstone Project on IBM Data Analytics Program
Capstone Project on IBM Data Analytics Program
 
Vip Mumbai Call Girls Marol Naka Call On 9920725232 With Body to body massage...
Vip Mumbai Call Girls Marol Naka Call On 9920725232 With Body to body massage...Vip Mumbai Call Girls Marol Naka Call On 9920725232 With Body to body massage...
Vip Mumbai Call Girls Marol Naka Call On 9920725232 With Body to body massage...
 
Invezz.com - Grow your wealth with trading signals
Invezz.com - Grow your wealth with trading signalsInvezz.com - Grow your wealth with trading signals
Invezz.com - Grow your wealth with trading signals
 
Abortion pills in Doha Qatar (+966572737505 ! Get Cytotec
Abortion pills in Doha Qatar (+966572737505 ! Get CytotecAbortion pills in Doha Qatar (+966572737505 ! Get Cytotec
Abortion pills in Doha Qatar (+966572737505 ! Get Cytotec
 
BigBuy dropshipping via API with DroFx.pptx
BigBuy dropshipping via API with DroFx.pptxBigBuy dropshipping via API with DroFx.pptx
BigBuy dropshipping via API with DroFx.pptx
 
ALSO dropshipping via API with DroFx.pptx
ALSO dropshipping via API with DroFx.pptxALSO dropshipping via API with DroFx.pptx
ALSO dropshipping via API with DroFx.pptx
 
FESE Capital Markets Fact Sheet 2024 Q1.pdf
FESE Capital Markets Fact Sheet 2024 Q1.pdfFESE Capital Markets Fact Sheet 2024 Q1.pdf
FESE Capital Markets Fact Sheet 2024 Q1.pdf
 
Week-01-2.ppt BBB human Computer interaction
Week-01-2.ppt BBB human Computer interactionWeek-01-2.ppt BBB human Computer interaction
Week-01-2.ppt BBB human Computer interaction
 
CebaBaby dropshipping via API with DroFX.pptx
CebaBaby dropshipping via API with DroFX.pptxCebaBaby dropshipping via API with DroFX.pptx
CebaBaby dropshipping via API with DroFX.pptx
 
Call me @ 9892124323 Cheap Rate Call Girls in Vashi with Real Photo 100% Secure
Call me @ 9892124323 Cheap Rate Call Girls in Vashi with Real Photo 100% SecureCall me @ 9892124323 Cheap Rate Call Girls in Vashi with Real Photo 100% Secure
Call me @ 9892124323 Cheap Rate Call Girls in Vashi with Real Photo 100% Secure
 
Smarteg dropshipping via API with DroFx.pptx
Smarteg dropshipping via API with DroFx.pptxSmarteg dropshipping via API with DroFx.pptx
Smarteg dropshipping via API with DroFx.pptx
 
Cheap Rate Call girls Sarita Vihar Delhi 9205541914 shot 1500 night
Cheap Rate Call girls Sarita Vihar Delhi 9205541914 shot 1500 nightCheap Rate Call girls Sarita Vihar Delhi 9205541914 shot 1500 night
Cheap Rate Call girls Sarita Vihar Delhi 9205541914 shot 1500 night
 

apidays London 2023 - Advanced AI-powered API Security, Ricky Moorhouse (IBM) & Filip Verloy (Noname Security)

  • 1. Advanced API Security Filip Verloy Field CTO, Noname Security Ricky Moorhouse Cloud Architect, API Connect, IBM
  • 2. API Security is a superhuman problem. It requires Machine Learning to solve. Learn more 15,564 76% 37 days The 2022 API Security Trends Report Whitepaper Average number of Production Enterprise APIs of organizations experienced a security breach in the past year 27 days for discovery 10 days for remediation per incident 2
  • 3. 3 Development Secure at Runtime Analyze Behavior Manage Design Test Discover unmanaged Control Access Protect Endpt Validate content Limit rate Detect Notify Mediate / Stop attack Predict Continuous Monitor Security capabilities across the API lifecycle © 2023 IBM Corporation API Lifecycle Security policy
  • 4. IBM API Connect powers digital applications by unlocking business data and assets as APIs IBM API Connect Socialize Empower application developers to explore and consume your APIs using branded self-service portals Secure Easily apply built-in and extensible policies to secure, control and mediate the delivery of APIs protecting data and business assets Create Automatically create APIs to expose data, microservices, enterprise applications, and SaaS services using open standards Manage Rapidly organize, publish and analyze any API through the full lifecycle from design to retire
  • 5. Gateway 5 IBM DataPower Gateway is an industry leading, high security gateway for modern, traditional and hybrid cloud workloads Secure Easily apply built-in and extensible policies to secure access to a full range of API, Mobile, Web, SOA, B2B, and Cloud workloads at all stages. Integrate Combine modern event-based and API workloads with traditional services with advanced protocol bridging and message transformation support. Control Protect applications from over utilization with traffic control and quota enforcements. Optimize Improve response times and throughput by controlling message traffic with application caching and advanced routing.
  • 6. IBM DataPower 6 Provide security, control, integration and optimized access to enterprise business process TLS Termination AAA Token exchange Message protection Message transform, rate limit & many others Harden capabilities in Gateway to make it an excellent Policy Enforcement Point
  • 7. IBM DataPower 7 Provide security, control, integration and optimized access to enterprise business process TLS Termination AAA Token exchange Message protection Message transform, rate limit & many others Harden capabilities in Gateway to make it an excellent Policy Enforcement Point Record ML Policy Decision Point Rules IP Cookie Header Query
  • 8. Detect and block API attacks with real-time traffic analysis powered by machine learning Uncover vulnerabilities and misconfigurations to speed remediation and ensure compliance Runtime API Security Posture Management Augment IBM API Connect & DataPower with Advanced API Security powered by Machine Learning Locate and inventory all of your APIs regardless of configuration Discovery Extend API Connect and DataPower (API Gateway)’s already powerful enterprise-grade performance and security with new Discovery, Posture Management and runtime Behavioral Threat Detection, powered by Noname Security. 8
  • 9. It is as easy as dropping a policy at the API assembly step 9
  • 10. Gateway Noname Advanced API Security Policy Noname Advanced API Security Policy How it Works – High Level Architecture API Consumers Protection Rules Analytics Records API definitions & Application Details API Call Information ML Policy Decision Point
  • 12. Rules
  • 15. | © Noname Security. All rights reserved 15 Deployment - SaaS SaaS Deployment
  • 16. | © Noname Security. All rights reserved 16 OnPrem Deployment
  • 18. Learn more 01 Explore the product 02 Explore the partnership 03 Visit the IBM booth Talk to an SME, see a demo, or check out a 10-minute SmartTalk 18 ibm.biz/api-security nonamesecurity.com/ibm
  • 20. IBM DataPower Interne t Consumer Mobile Consumer Cloud Apps & Services Firewall / Load Balancer Application Application System z Mobile Application Server Application Provide security, control, integration and optimized access to enterprise business process TLS Termination AAA Token exchange Message protection Message transform, rate limit & many others Harden capabilities in Gateway to make it an excellent Policy Enforcement Point
  • 21. IBM DataPower Interne t Consumer Mobile Consumer Cloud Apps & Services Firewall / Load Balancer Application Application System z Mobile Application Server Application Record ML Policy Decision Point Rules IP Cookie Header Query Provide security, control, integration and optimized access to enterprise business process TLS Termination AAA Token exchange Message protection Message transform, rate limit & many others
  • 22. IBM API Connect powers digital applications by unlocking business data and assets as APIs IBM API Connect Socialize Empower application developers to explore and consume your APIs using branded self-service portals Secure Easily apply built-in and extensible policies to secure, control and mediate the delivery of APIs protecting data and business assets Create Automatically create APIs to expose data, microservices, enterprise applications, and SaaS services using open standards Manage Rapidly organize, publish and analyze any API through the full lifecycle from design to retire
  • 23. IBM API Connect Interne t Consumer Mobile Consumer Cloud Apps & Services Firewall / Load Balancer Application Application System z Mobile Application Server Application Runtime api information API Definition(security, schema ..) Application information (credential ..) Provide a full life cycle API management solution
  • 24. IBM API Connect Interne t Consumer Mobile Consumer Cloud Apps & Services Firewall / Load Balancer Application Application System z Mobile Application Server Application Runtime api information API Definition(security, schema ..) Application information (credential ..) Provide a full life cycle API management solution ML Policy Decision Point IP Cookie Header Query Record Noname API Advanced Security Policy Noname API Advanced Security Policy Rules
  • 25. IBM API Connect powers digital applications by unlocking business data and assets as APIs API Management Socialize Empower application developers to explore and consume your APIs using branded self-service portals Secure Easily apply built-in and extensible policies to secure, control and mediate the delivery of APIs protecting data and business assets Create Automatically create APIs to expose data, microservices, enterprise applications, and SaaS services using open standards Manage Rapidly organize, publish and analyze any API through the full lifecycle from design to retire 2 © 2023 IBM Corporation
  • 26. Gateway 26 IBM DataPower Gateway is an industry leading, high security gateway for modern, traditional and hybrid cloud workloads Secure Easily apply built-in and extensible policies to secure access to a full range of API, Mobile, Web, SOA, B2B, and Cloud workloads at all stages. Integrate Combine modern event-based and API workloads with traditional services with advanced protocol bridging and message transformation support. Control Protect applications from over utilization with traffic control and quota enforcements. Optimize Improve response times and throughput by controlling message traffic with application caching and advanced routing.
  • 27. Noname Security extends the capabilities of IBM DataPower and IBM API Connect to enable organizations to provide advanced security of APIs throughout their lifecycle. Find API security issues faster Intelligently identify and prioritize potential vulnerabilities. Remediate manually, semi- automatically or fully- automatically. Discover the unmanaged Catch vulnerabilities and issues earlier, and prioritize based on impact to reduce remediation costs. Ensure compliance Continuously monitor for compliance with regulatory requirements, industry standards and internal policies. See through the noise Conduct real-time traffic analysis with automated AI and machine learning detection, and use automated remediation to stop attacks in real time. Intelligent asset management