apidays London 2023 - APIs for Smarter Platforms and Business Processes
September 13 & 14, 2023
Advanced AI-powered API Security
Ricky Moorhouse, Cloud Architect at IBM API Connect
Filip Verloy, Field CTO at Noname Security
------
Check out our conferences at https://www.apidays.global/
Do you want to sponsor or talk at one of our conferences?
https://apidays.typeform.com/to/ILJeAaV8
Learn more on APIscene, the global media made by the community for the community:
https://www.apiscene.io
Explore the API ecosystem with the API Landscape:
https://apilandscape.apiscene.io/
apidays London 2023 - Advanced AI-powered API Security, Ricky Moorhouse (IBM) & Filip Verloy (Noname Security)
1. Advanced API Security
Filip Verloy
Field CTO, Noname Security
Ricky Moorhouse
Cloud Architect, API Connect, IBM
2. API Security is a superhuman problem.
It requires Machine Learning to solve.
Learn more
15,564
76%
37 days
The 2022 API Security Trends Report
Whitepaper
Average number of Production Enterprise APIs
of organizations experienced a security
breach in the past year
27 days for discovery
10 days for remediation
per incident
2
4. IBM API Connect powers
digital applications by unlocking
business data and assets as APIs
IBM API Connect
Socialize
Empower application developers to explore and
consume your APIs using branded self-service portals
Secure
Easily apply built-in and extensible policies
to secure, control and mediate the delivery
of APIs protecting data and business assets
Create
Automatically create APIs to expose data,
microservices, enterprise applications,
and SaaS services using open standards
Manage
Rapidly organize, publish and analyze any API
through the full lifecycle from design to retire
5. Gateway
5
IBM DataPower Gateway is an
industry leading, high security
gateway for modern, traditional
and hybrid cloud workloads
Secure
Easily apply built-in and extensible policies to secure
access to a full range of API, Mobile, Web, SOA, B2B, and
Cloud workloads at all stages.
Integrate
Combine modern event-based and API workloads with
traditional services with advanced protocol bridging and
message transformation support.
Control
Protect applications from over utilization with traffic control
and quota enforcements.
Optimize
Improve response times and throughput by controlling
message traffic with application caching and advanced
routing.
6. IBM DataPower
6
Provide security, control, integration and
optimized access to enterprise business
process
TLS Termination
AAA
Token exchange
Message protection
Message transform, rate limit & many others
Harden capabilities in Gateway to make it
an excellent Policy Enforcement Point
7. IBM DataPower
7
Provide security, control, integration and
optimized access to enterprise business
process
TLS Termination
AAA
Token exchange
Message protection
Message transform, rate limit & many others
Harden capabilities in Gateway to make it
an excellent Policy Enforcement Point
Record
ML Policy Decision Point
Rules
IP
Cookie
Header
Query
8. Detect and block API attacks
with real-time traffic analysis
powered by machine learning
Uncover vulnerabilities and
misconfigurations to speed
remediation and ensure
compliance
Runtime
API Security
Posture Management
Augment IBM API Connect & DataPower
with Advanced API Security powered by Machine Learning
Locate and inventory all of your
APIs regardless of configuration
Discovery
Extend API Connect and DataPower (API Gateway)’s already powerful enterprise-grade performance and security
with new Discovery, Posture Management and runtime Behavioral Threat Detection, powered by Noname Security. 8
9. It is as easy as dropping a policy at the API assembly step
9
10. Gateway
Noname Advanced
API Security Policy
Noname Advanced
API Security Policy
How it Works – High Level Architecture
API Consumers
Protection
Rules
Analytics
Records
API definitions
& Application
Details
API Call
Information
ML Policy Decision Point
18. Learn more
01
Explore the
product
02
Explore the
partnership
03
Visit the IBM booth
Talk to an SME, see a demo,
or check out a 10-minute
SmartTalk
18
ibm.biz/api-security nonamesecurity.com/ibm
20. IBM DataPower
Interne
t
Consumer
Mobile
Consumer
Cloud Apps
& Services
Firewall / Load
Balancer
Application
Application
System z
Mobile
Application
Server
Application
Provide security, control, integration and
optimized access to enterprise business
process
TLS Termination
AAA
Token exchange
Message protection
Message transform, rate limit & many others
Harden capabilities in Gateway to make it
an excellent Policy Enforcement Point
21. IBM DataPower
Interne
t
Consumer
Mobile
Consumer
Cloud Apps
& Services
Firewall / Load
Balancer
Application
Application
System z
Mobile
Application
Server
Application
Record
ML Policy Decision Point
Rules
IP
Cookie
Header
Query
Provide security, control, integration and
optimized access to enterprise business
process
TLS Termination
AAA
Token exchange
Message protection
Message transform, rate limit & many others
22. IBM API Connect powers
digital applications by unlocking
business data and assets as APIs
IBM API Connect
Socialize
Empower application developers to explore and
consume your APIs using branded self-service portals
Secure
Easily apply built-in and extensible policies
to secure, control and mediate the delivery
of APIs protecting data and business assets
Create
Automatically create APIs to expose data,
microservices, enterprise applications,
and SaaS services using open standards
Manage
Rapidly organize, publish and analyze any API
through the full lifecycle from design to retire
23. IBM API Connect
Interne
t
Consumer
Mobile
Consumer
Cloud Apps
& Services
Firewall / Load
Balancer
Application
Application
System z
Mobile
Application
Server
Application
Runtime api information
API Definition(security, schema ..)
Application information (credential ..)
Provide a full life cycle API management solution
24. IBM API Connect
Interne
t
Consumer
Mobile
Consumer
Cloud Apps
& Services
Firewall / Load
Balancer
Application
Application
System z
Mobile
Application
Server
Application
Runtime api information
API Definition(security, schema ..)
Application information (credential ..)
Provide a full life cycle API management solution
ML Policy Decision Point
IP
Cookie
Header
Query
Record
Noname API Advanced
Security Policy
Noname API Advanced
Security Policy
Rules
26. Gateway
26
IBM DataPower Gateway is an
industry leading, high security
gateway for modern, traditional
and hybrid cloud workloads
Secure
Easily apply built-in and extensible policies to secure
access to a full range of API, Mobile, Web, SOA, B2B, and
Cloud workloads at all stages.
Integrate
Combine modern event-based and API workloads with
traditional services with advanced protocol bridging and
message transformation support.
Control
Protect applications from over utilization with traffic control
and quota enforcements.
Optimize
Improve response times and throughput by controlling
message traffic with application caching and advanced
routing.
27. Noname Security extends the capabilities of IBM DataPower and IBM API Connect to
enable organizations to provide advanced security of APIs throughout their lifecycle.
Find API security
issues faster
Intelligently identify and
prioritize potential
vulnerabilities. Remediate
manually, semi-
automatically or fully-
automatically.
Discover the
unmanaged
Catch vulnerabilities and
issues earlier, and prioritize
based on impact to reduce
remediation costs.
Ensure
compliance
Continuously monitor for
compliance with regulatory
requirements, industry
standards and internal
policies.
See through the
noise
Conduct real-time traffic
analysis with automated AI
and machine learning
detection, and use
automated remediation to
stop attacks in real time.
Intelligent asset management