This document discusses the importance of API security and how AI can be used to augment API security. It notes that cyber threats are evolving quickly and becoming more sophisticated. API usage has increased access points for potential hackers. The document then outlines how the Accenture APIQ platform uses AI and machine learning for automated API assessment and security. It analyzes API configurations and behavior patterns to provide insights, detect anomalies, monitor APIs, and provide real-time remediation to protect digital assets.

1. API SECURITY & AI
Deb Roy
Senior Manager
Accenture

2. Why API security Important? 01
Foundational API security is not
sufficient 02
How to augment API security with
the power of AI? 03
Agenda

3. 3
CYBER THREATS
ARE EVOLVING
QUICKLY AND THERE
ARE NO SIGNS
OF SLOWING DOWN

4. Threats are more sophisticated and effective
Sophistication
of
attack
Session
hijacking
Password
cracking
1990s 2000s 2010s Today
Packet
sniffing
Virus Worms
Trojans Spyware
Backdoors
Bots
Zero day
Malware
Ransomware
Cryptojacking
Heartbleed
Social
Media-based
Smart device
attacks
Cyber
terrorism
Targeted
attacks
Cyberwarfare
Deepfake
Threat class timeline
With sophisticated exploits and AI tools
powering cyberattacks,
countermeasures require security
strategy to redefine and adapt to the
latest dynamics.

5. ARE YOUR APIS SECURE?
https://techcrunch.com/2019/06/16/million
s-venmo-transactions-scraped/
https://krebsonsecurity.com/2021/04/experian-api-exposed-credit-scores-of-most-americans/
https://techcrunch.com/2021/05/05/
peloton-bug-account-data-leak/
https://www.securitymagazine.com/articles/94962-
facebook-breach-exposes-533-million-users

6. Monolithic Business
System
DB
Monolith Business
System
Intelligent Connected
Business System
Monolithic System
Distributed
Systems
SOA
Architecture
Cloud
&
API
Cloud
&
Microservices
Extracted UI from
monolith
DB
SOA Architecture
User
Interface
SOA
INCREASING API ATTACK SURFACE

7. HOW TRADITIONAL DATA DRIVEN
DECISIONS CAN BE WRONG
SURVIVORSHIP BIAS
YOU ARE MISSING SOMETHING
“Gentlemen , you need to put more Armor-plate where the holes aren’t because that’s where the holes were on
the airplanes that didn’t returned.”
Abraham Wald
Mathematician who
contributed to decision
theory
Patrick Blackett
British experimental
physicist

8. API SECURITY IS THE NEW APPLICATION
SECURITY
System API APPLICATION
4
Process API
2 3
On-Prem
System
Public Cloud
System
Private Cloud
Business Transaction
Monitor
1
Experience API

9. 9
Copyright © 2018 Accenture. All rights reserved.
Why API Security Important?
INTERNET OF THINGS
The growth of IoT devices
increases the number of
entry points into the
network for potential
hackers
OPEN APIS
Hackers target
applications that
organizations have
intentionally opened to the
outside world
CLOUD
Security concerns
associated with cloud
computing adoption and
storage
ARTIFICIAL
INTELLIGENCE
The improved automation
capabilities as a result of
AI has led to the
emergence of intelligence
techniques that can be
deployed to create
malicious agents.
API usage to different channels has provided increased access to data and information

10. Copyright © 2021 Accenture. All rights reserved. 10
HOW CAN WE APPLY AI IN API SECURITY?
API
3. Logic Abuse Detection
Intelligent Data Access pattern
2. Anomaly Detection
Behavioral and usage Pattern
1. Access Control
Intelligent access violation detection
4. API Monitoring
End to end Correlated monitoring
5. API Deep Visibility
Context driven visibility
6. API Protection BOT
Intelligent BOT protecting Digital assets
7. API Remediation
Real time remediation of APIs

11. PATENTED APIQ PLATFORM - OVERVIEW
11
Automated API assessment check
ensures security, quality & uniformity
Early detection of possible
security issues in API
API Dashboard for API Product
managers/Owners provides key insights
from technical API configuration
API Policy word cloud provides
highly technical information from the
system in a easy to understand
manner
Ensures overall good API design

12. API
DATA INGESTION &
PRE-PROCESSING
STORAGE & PROCESSING
API Analyzer
API
GOVERNENCE
API
OPERATION
API
STRATEGY
API
LEADERSHIP
API Corpus
Accenture APIQ Platform for API Assessment
API Configurations
Data
Retrieval
API
Hierarchy
Tree
Machine
Learning
Insights & Actions
AI Powered assessment
1
4
5
6
API Policy
Corpus
API Auto
Healing Corpus
7
User Interface
(APIQ Insights)
API BOT
API Definitions
(Swagger,YAML)
API Policy
Classifier
API Policy
Analyzer
API Risk Profiler
API
SECURITY
API Runtime API Industry Dataset
API
Corpus
Builder
API Auto Healing
2
3
3
API RISK TO Action
Mapper
API Risk Insights
8

13. APIQ – API ASSESMENT
13
Security Assessment using Multi level
approach
Sub classification methodology to
reduce bias in the assessment
Categorize APIs into 5 bucket based on
possible security risks Severe, High,
Elevated, Guarded & Low

14. APIQ – API SECURITY ASSESMENT
14

15. APIQ – API SYSTEM ANALYZER
15

16. THANK YOU
FOR MORE INFORMATION
Deb Roy
Senior Manager
Accenture
d.roy@accenture.com