APIsecure 2023 - The world's first and only API security conference
March 14 & 15, 2023
The Importance of Real-Time Protection in API Security
Jeremy Ventura, Director, Security Strategy & Field CISO at ThreatX
------
Check out our conferences at https://www.apidays.global/
Do you want to sponsor or talk at one of our conferences?
https://apidays.typeform.com/to/ILJeAaV8
Learn more on APIscene, the global media made by the community for the community:
https://www.apiscene.io
Explore the API ecosystem with the API Landscape:
https://apilandscape.apiscene.io/
APIsecure 2023 - The Importance of Real-Time Protection in API Security, Jeremy Ventura (ThreatX)
1. THE IMPORTANCE OF REAL-TIME
PROTECTION IN API SECURITY
Jeremy Ventura
Field CISO
2. AGENDA
Copyrights 2
The key challenges and risk
associated with API Security
Case Studies from ThreatX
The importance of real-time
blocking
3. APIS REPRESENT A TARGET RICH ENVIRONMENT
โข Thousands of APIs and
endpoints with limited visibility
โข API vulnerabilities easily
exposed and discoverable
โข Attackers continually leverage
advanced techniques against
APIs
โข Multi-mode attacks becoming
the norm
3
Increased Usage = Increased Risk
4. APIS IN THE NEWS
โข Entity had access from November to
January to an API
โข Data attained via API was done
โwithout authorizationโ
โข Name, Address, Email, Phone,
DoB, Account #
โข 37 million end users affected
โข More info to come but:
โข Lack of visibility?
โข Misconfiguration/Misuse?
โข Broken business logic?
โข Stolen Credentials?
4
Incidents & Breaches on the Rise
5. COMPLEXITY & AUTOMATION OF ATTACKS IS EVER INCREASING
5
โข Hacking is easier than ever
โข Industrialized hacking tools
โข Rent-a-bot/Solver Services
โข Attack-as-a-Service
โข Residential proxies, anonymizers
โข Advanced attacks are far more
coordinated
โข Security tools do not keep up
Multi-mode attacks require a fundamental shift in protection strategies
Traditional
OWASP Top 10
Sophisticated,
multi-mode
attacks
6. THE THREAT OF MULTI-VECTOR ATTACKS
6
โข Orchestrated attacks that span
varied phases & techniques
โข Distributed IPs
โข Massive volumes
โข Diversionary tactics
โข Embedded, multi-step
automation
Disguise true attack through diversion, distraction & evasion
7. A WORD ABOUT BOTS
7
โข Bot management critical, but must
evolve with attacks
โข Current approaches best suited for high
volume, binary attacks
โข Heavy reliance on static threat intel
feeds
โข APIs present new challenges
โข No browser injections
โข No Captcha or IP challenges
โข Attacker profiling & behavioral context
critical for protection against multi-
mode attacks
Bots present a new challenge to protecting APIs
8. TALES FROM THE THREATX SOC
8
โข Large online retailer taking fire from
multiple directions
โข Periodic mid-grade DDoS attacks
โข Increased login failure rates on web
โข High rate of rebate fraud
โข Goal: trigger BGP routing to bypass
fraud protection for mobile APIs while
the security team is distracted
โข Multiple best-of-breed technologies
fail to identify & block attacks
Attackers deploy multiple techniques to distract security & target APIs
9. TALES FROM THE THREATX SOC
9
โข Gaming company launching new
product
โข Attacker engaged foreign botnet to
discover potentially vulnerable API
endpoints
โข Later during product launch, attacker
deployed large ATO attack while
quietly attempting vulnerability
exploits
โข Although rotating IPs and user agents,
TLS signatures & IP fingerprints
detected same attacker profile to
block all suspicious behavior
Tracking & correlating attacker behavior โ to enable real-time protection
10. PROTECTING APIS STARTS WITH FOCUS ON THE ATTACKER
10
โข Understanding attacker risk profile
โข Digital fingerprints to each unique
attacker
โข Cumulative across multiple attack
vectors
โข Continually evaluate risk &
response
โข Behavioral fingerprints of an attack
reveal patterns, techniques &
targets
Context of attack over time is key to protecting APIs
11. INSIGHT & CONTEXT THROUGH CROSS PLATFORM VISIBILITY
11
โข Identify unique attacker
executing campaigns across
multiple methods and vectors
โข Correlate data over time to see
through deception
โข Understanding behaviors and
intentions
โข Biggest challenge = enabling
effective response
Correlating attack patterns to identify and mitigate API risk
12. BLOCKING API ATTACKS IN REAL TIME
12
โข Observing attack data offline will not
enable real-time protection of APIs
โข Often too late by the time an attack is
discovered
โข Complexity required to identify attacks
typically canโt be replicated in 3rd party
firewall
โข Blocking single IP at a time
โข Responses must occur as the attack
is underway โ and based on insights
gathered over time
Real-time API protection key to defense
13. API PROTECTION: KEY CAPABILITIES
13
Real-time Analysis
& Response
โข AI/ML/Context Engine
โข IP Interrogation &
Fingerprinting
โข Active Deception
โข Tarpit/Rate Limiting
โข Attacker/User Behavior
Analysis
โข Data Flow Analysis &
Enforcement
โข Real-time Blocking
13
API Discovery &
Analysis
โข API Discovery
โข API Specification Mgt
โข Endpoint Usage Analysis
โข Endpoint Attack Metrics
โข Endpoint Risk Scoring
Fully Integrated
Attack Prevention
โข API Protection
โข Web App Protection
โข DDoS Protection
โข Bot Mgt & Mitigation
โข Fraud Protection
Flexible
Deployment
Options
โข Inline / Agentless
โข Inline / Agent-based
โข Out-of-Band / Agentless
โข Hosted, Cloud, On-Premise
Managed Services
โข Managed Cloud Platform
โข Managed Threat Analysis
โข Managed Policy Enforcement
โข Managed Attack Response
โข APIs are under siege โ by mixed-mode, high volume attacks, including bots and DDoS
โข API observability does not = real-time protection
โข API protection must deliver active, real-time attack blocking
โข API protection should have ability to extend to broader application portfolio
Canโt block?
Then youโre not protecting APIs.