This document discusses the importance of API security and how AI can be used to augment API security. It notes that cyber threats are evolving quickly and becoming more sophisticated. API usage has increased access points for potential hackers. The document then outlines how the Accenture APIQ platform uses AI and machine learning for automated API assessment and security. It analyzes API configurations and behavior patterns to provide insights, detect anomalies, monitor APIs, and provide real-time remediation to protect digital assets.
4. Threats are more sophisticated and effective
Sophistication
of
attack
Session
hijacking
Password
cracking
1990s 2000s 2010s Today
Packet
sniffing
Virus Worms
Trojans Spyware
Backdoors
Bots
Zero day
Malware
Ransomware
Cryptojacking
Heartbleed
Social
Media-based
Smart device
attacks
Cyber
terrorism
Targeted
attacks
Cyberwarfare
Deepfake
Threat class timeline
With sophisticated exploits and AI tools
powering cyberattacks,
countermeasures require security
strategy to redefine and adapt to the
latest dynamics.
5. ARE YOUR APIS SECURE?
https://techcrunch.com/2019/06/16/million
s-venmo-transactions-scraped/
https://krebsonsecurity.com/2021/04/experian-api-exposed-credit-scores-of-most-americans/
https://techcrunch.com/2021/05/05/
peloton-bug-account-data-leak/
https://www.securitymagazine.com/articles/94962-
facebook-breach-exposes-533-million-users
6. Monolithic Business
System
DB
Monolith Business
System
Intelligent Connected
Business System
Monolithic System
Distributed
Systems
SOA
Architecture
Cloud
&
API
Cloud
&
Microservices
Extracted UI from
monolith
DB
SOA Architecture
User
Interface
SOA
INCREASING API ATTACK SURFACE
7. HOW TRADITIONAL DATA DRIVEN
DECISIONS CAN BE WRONG
SURVIVORSHIP BIAS
YOU ARE MISSING SOMETHING
“Gentlemen , you need to put more Armor-plate where the holes aren’t because that’s where the holes were on
the airplanes that didn’t returned.”
Abraham Wald
Mathematician who
contributed to decision
theory
Patrick Blackett
British experimental
physicist
8. API SECURITY IS THE NEW APPLICATION
SECURITY
System API APPLICATION
4
Process API
2 3
On-Prem
System
Public Cloud
System
Private Cloud
Business Transaction
Monitor
1
Experience API
11. PATENTED APIQ PLATFORM - OVERVIEW
11
Automated API assessment check
ensures security, quality & uniformity
Early detection of possible
security issues in API
API Dashboard for API Product
managers/Owners provides key insights
from technical API configuration
API Policy word cloud provides
highly technical information from the
system in a easy to understand
manner
Ensures overall good API design
12. API
DATA INGESTION &
PRE-PROCESSING
STORAGE & PROCESSING
API Analyzer
API
GOVERNENCE
API
OPERATION
API
STRATEGY
API
LEADERSHIP
API Corpus
Accenture APIQ Platform for API Assessment
API Configurations
Data
Retrieval
API
Hierarchy
Tree
Machine
Learning
Insights & Actions
AI Powered assessment
1
4
5
6
API Policy
Corpus
API Auto
Healing Corpus
7
User Interface
(APIQ Insights)
API BOT
API Definitions
(Swagger,YAML)
API Policy
Classifier
API Policy
Analyzer
API Risk Profiler
API
SECURITY
API Runtime API Industry Dataset
API
Corpus
Builder
API Auto Healing
2
3
3
API RISK TO Action
Mapper
API Risk Insights
8
13. APIQ – API ASSESMENT
13
Security Assessment using Multi level
approach
Sub classification methodology to
reduce bias in the assessment
Categorize APIs into 5 bucket based on
possible security risks Severe, High,
Elevated, Guarded & Low
16. THANK YOU
FOR MORE INFORMATION
Deb Roy
Senior Manager
Accenture
d.roy@accenture.com
Editor's Notes
Facebook 530 ml profiles leak
Office 365 outlook
Chess.com
During World War II, Abraham Wald took survivorship bias into his calculations when considering how to minimize bomber losses to enemy fire. They examined the damage done to aircraft that had returned from missions and recommended adding armor to the areas that showed the least damage, based on his reasoning. This contradicted the US military's conclusions that the most-hit areas of the plane needed additional armor.
“Gentlemen , you need to put more Armor-plate where the holes aren’t because that’s where the holes were on the airplanes that didn’t returned.”