apidays LIVE London 2021 - Application to API Security, drivers to the Shift by Doron Chema, L7 Defense LTD.
•
0 likes•205 views
apidays LIVE London 2021 - Reaching Maximum Potential in Banking & Insurance with API Mindset October 27 & 28, 2021 API Architecture and Security Application to API Security, drivers to the Shift Doron Chema, CEO & Co-Founder at L7 Defense LTD.
Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Similar to apidays LIVE London 2021 - Application to API Security, drivers to the Shift by Doron Chema, L7 Defense LTD.
Similar to apidays LIVE London 2021 - Application to API Security, drivers to the Shift by Doron Chema, L7 Defense LTD. (20)
More from apidays
More from apidays (20)
Recently uploaded
Recently uploaded (20)
apidays LIVE London 2021 - Application to API Security, drivers to the Shift by Doron Chema, L7 Defense LTD.
- 1. Application to API Security Drivers to the Shift Dr. Doron Chema Co Founder & CEO of L7 Defense
- 2. L7 Defense | Brief Introduction • Founded in 2015 • Series A funding • HQ located at IL, branches at US, UK • BFSI • Telco • Internet Sales WW, US Product Recognition (2020) Ammune™ Fully-Automated API Security Solution that Protects in Real Time from a Full Spectrum of API-Related Cyber Attacks Product Leadership Award 2020 Overview
- 3. With its unique approach to analyzing traffic, leveraged by its groundbreaking technology that delivers distinct competitive advantages, L7 Defense received Frost & Sullivan's 2020 Global Product Leadership Award for its fully autonomous AI-based machine leaning API security solution. Product Leadership | Award 2020 Fully Autonomous AI-based API Security Solution “ “ | 3
- 4. New York JULY Australia SEPTEMBER Singapore APRIL Helsinki & North MARCH Paris DECEMBER London OCTOBER Jakarta FEBRUARY Hong Kong AUGUST JUNE India MAY Check out our API Conferences here 50+ events since 2012, 14 countries, 2,000+ speakers, 50,000+ attendees, 300k+ online community Want to talk at one of our conferences? Apply to speak here
- 5. Accelerating API Security Adaptation - The SecOp Challenge | 4 ‘Comfort Zone’ Barrier API Security Risk WAF Automation
- 6. WAF or API Security? Total Value vs. Habits API Security WAF Protection Demand Protecting × • API Assets control API Assets & Policy Management × • security policy per API endpoint • Protecting from web attacks API Protection and Data Leakage (DL) × • Protecting from BL attacks & DL +/- • Protecting from Bot attacks +/- • Performing full DPI analysis Advanced Analysis Capabilities × • Performing contextual analysis × • Performing campaign analysis The customer choice by value The customer choice by habit
- 7. Protecting Service-Based Applications (Started at 2010?) WAF Breaking Points - #1 Services • No API assets transparency & control • No API-centric protection policy auto-setting • Weak protection from Bot based BL attacks • No protection from Users based BL attacks WAF or API Security? Web Browser, Apps Web Services Business Logic Services Databases Attack Surfrace grows by: • uncontrolled data exposure • Rapid versions realeasing
- 8. Protecting ‘3rd Party’ (B2B2C) Attack Scenarios Partner Web Servers WAF Breaking point - #2 Context matters • Identity analysis (Source-IP & Client side biometric) are useless • Post-login attacks demand DPI • Context analysis is essential (FP) • Trusted partners as source for mass data leakage and fraud Web Browser, Apps Web Services Business Logic Services Databases WAF or API Security? WAF or API Security?
- 9. API attacks can initiate from: • Compromised nodes • User apps • Direct from the outside User APP User APP User APP User APP API-GW’s LB’s Data Center Decentralized Architecture App Service Nodes Infra Service Nodes Infra App Service Nodes Protecting Kubernetes Applications - The Emerging Risk WAF Breaking point - #3 Nodes • Accelerating time to damage (TTD) • Any internal API can shift into external at any time • Dynamic protection is a must • Node-based protection • Seperated & scaled Analytics unit • Advanced analysis is a must • Context based analysis • Full DPI (zero trust)
- 10. What Next? API security needs mostly to beats customers habits • More inline & active enforcement installations • Concord more “nowhere lands” • Functional use cases • UpToDate architectures • Continuous market education with all the above • Upgrade traditional app sec sales channels • More presence at the marketplaces (self-services) | 9
- 11. 10 The Artificial Intelligence (AI) in banking market was valued at US$10.096 billion in 2019, with CAGR of 42.9% https://www.emergenresearch.com/industry-report/ai-in-banking-market Expected Global Adaptation of AI in Banking Including API Security?
- 12. Confidential |2021 For more information, please contact me at: doron@l7defense.com
- 13. New York JULY Australia SEPTEMBER Singapore APRIL Helsinki & North MARCH Paris DECEMBER London OCTOBER Jakarta FEBRUARY Hong Kong AUGUST JUNE India MAY Check out our API Conferences here 50+ events since 2012, 14 countries, 2,000+ speakers, 50,000+ attendees, 300k+ online community Want to talk at one of our conferences? Apply to speak here