apidays London 2023 - Advanced AI-powered API Security, Ricky Moorhouse (IBM) & Filip Verloy (Noname Security)

apidays
apidaysapidays
Advanced API Security Filip Verloy Field CTO, Noname Security Ricky Moorhouse Cloud Architect, API Connect, IBM
API Security is a superhuman problem. It requires Machine Learning to solve. Learn more 15,564 76% 37 days The 2022 API Security Trends Report Whitepaper Average number of Production Enterprise APIs of organizations experienced a security breach in the past year 27 days for discovery 10 days for remediation per incident 2
3 Development Secure at Runtime Analyze Behavior Manage Design Test Discover unmanaged Control Access Protect Endpt Validate content Limit rate Detect Notify Mediate / Stop attack Predict Continuous Monitor Security capabilities across the API lifecycle © 2023 IBM Corporation API Lifecycle Security policy
IBM API Connect powers digital applications by unlocking business data and assets as APIs IBM API Connect Socialize Empower application developers to explore and consume your APIs using branded self-service portals Secure Easily apply built-in and extensible policies to secure, control and mediate the delivery of APIs protecting data and business assets Create Automatically create APIs to expose data, microservices, enterprise applications, and SaaS services using open standards Manage Rapidly organize, publish and analyze any API through the full lifecycle from design to retire
Gateway 5 IBM DataPower Gateway is an industry leading, high security gateway for modern, traditional and hybrid cloud workloads Secure Easily apply built-in and extensible policies to secure access to a full range of API, Mobile, Web, SOA, B2B, and Cloud workloads at all stages. Integrate Combine modern event-based and API workloads with traditional services with advanced protocol bridging and message transformation support. Control Protect applications from over utilization with traffic control and quota enforcements. Optimize Improve response times and throughput by controlling message traffic with application caching and advanced routing.
IBM DataPower 6 Provide security, control, integration and optimized access to enterprise business process TLS Termination AAA Token exchange Message protection Message transform, rate limit & many others Harden capabilities in Gateway to make it an excellent Policy Enforcement Point
IBM DataPower 7 Provide security, control, integration and optimized access to enterprise business process TLS Termination AAA Token exchange Message protection Message transform, rate limit & many others Harden capabilities in Gateway to make it an excellent Policy Enforcement Point Record ML Policy Decision Point Rules IP Cookie Header Query
Detect and block API attacks with real-time traffic analysis powered by machine learning Uncover vulnerabilities and misconfigurations to speed remediation and ensure compliance Runtime API Security Posture Management Augment IBM API Connect & DataPower with Advanced API Security powered by Machine Learning Locate and inventory all of your APIs regardless of configuration Discovery Extend API Connect and DataPower (API Gateway)’s already powerful enterprise-grade performance and security with new Discovery, Posture Management and runtime Behavioral Threat Detection, powered by Noname Security. 8
It is as easy as dropping a policy at the API assembly step 9
Gateway Noname Advanced API Security Policy Noname Advanced API Security Policy How it Works – High Level Architecture API Consumers Protection Rules Analytics Records API definitions & Application Details API Call Information ML Policy Decision Point
Records
Rules
OOTB OWASP TOP 10
Categorize Data (e.g. PII)
| © Noname Security. All rights reserved 15 Deployment - SaaS SaaS Deployment
| © Noname Security. All rights reserved 16 OnPrem Deployment
17 Noname Advanced API Security for IBM
Learn more 01 Explore the product 02 Explore the partnership 03 Visit the IBM booth Talk to an SME, see a demo, or check out a 10-minute SmartTalk 18 ibm.biz/api-security nonamesecurity.com/ibm
Backup 19
IBM DataPower Interne t Consumer Mobile Consumer Cloud Apps & Services Firewall / Load Balancer Application Application System z Mobile Application Server Application Provide security, control, integration and optimized access to enterprise business process TLS Termination AAA Token exchange Message protection Message transform, rate limit & many others Harden capabilities in Gateway to make it an excellent Policy Enforcement Point
IBM DataPower Interne t Consumer Mobile Consumer Cloud Apps & Services Firewall / Load Balancer Application Application System z Mobile Application Server Application Record ML Policy Decision Point Rules IP Cookie Header Query Provide security, control, integration and optimized access to enterprise business process TLS Termination AAA Token exchange Message protection Message transform, rate limit & many others
IBM API Connect powers digital applications by unlocking business data and assets as APIs IBM API Connect Socialize Empower application developers to explore and consume your APIs using branded self-service portals Secure Easily apply built-in and extensible policies to secure, control and mediate the delivery of APIs protecting data and business assets Create Automatically create APIs to expose data, microservices, enterprise applications, and SaaS services using open standards Manage Rapidly organize, publish and analyze any API through the full lifecycle from design to retire
IBM API Connect Interne t Consumer Mobile Consumer Cloud Apps & Services Firewall / Load Balancer Application Application System z Mobile Application Server Application Runtime api information API Definition(security, schema ..) Application information (credential ..) Provide a full life cycle API management solution
IBM API Connect Interne t Consumer Mobile Consumer Cloud Apps & Services Firewall / Load Balancer Application Application System z Mobile Application Server Application Runtime api information API Definition(security, schema ..) Application information (credential ..) Provide a full life cycle API management solution ML Policy Decision Point IP Cookie Header Query Record Noname API Advanced Security Policy Noname API Advanced Security Policy Rules
IBM API Connect powers digital applications by unlocking business data and assets as APIs API Management Socialize Empower application developers to explore and consume your APIs using branded self-service portals Secure Easily apply built-in and extensible policies to secure, control and mediate the delivery of APIs protecting data and business assets Create Automatically create APIs to expose data, microservices, enterprise applications, and SaaS services using open standards Manage Rapidly organize, publish and analyze any API through the full lifecycle from design to retire 2 © 2023 IBM Corporation
Gateway 26 IBM DataPower Gateway is an industry leading, high security gateway for modern, traditional and hybrid cloud workloads Secure Easily apply built-in and extensible policies to secure access to a full range of API, Mobile, Web, SOA, B2B, and Cloud workloads at all stages. Integrate Combine modern event-based and API workloads with traditional services with advanced protocol bridging and message transformation support. Control Protect applications from over utilization with traffic control and quota enforcements. Optimize Improve response times and throughput by controlling message traffic with application caching and advanced routing.
Noname Security extends the capabilities of IBM DataPower and IBM API Connect to enable organizations to provide advanced security of APIs throughout their lifecycle. Find API security issues faster Intelligently identify and prioritize potential vulnerabilities. Remediate manually, semi- automatically or fully- automatically. Discover the unmanaged Catch vulnerabilities and issues earlier, and prioritize based on impact to reduce remediation costs. Ensure compliance Continuously monitor for compliance with regulatory requirements, industry standards and internal policies. See through the noise Conduct real-time traffic analysis with automated AI and machine learning detection, and use automated remediation to stop attacks in real time. Intelligent asset management
1 sur 27

apidays London 2023 - Advanced AI-powered API Security, Ricky Moorhouse (IBM) & Filip Verloy (Noname Security)

Télécharger pour lire hors ligne
Données & analyses

apidays London 2023 - APIs for Smarter Platforms and Business Processes September 13 & 14, 2023 Advanced AI-powered API Security Ricky Moorhouse, Cloud Architect at IBM API Connect Filip Verloy, Field CTO at Noname Security ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

apidays
apidaysapidays

Recommandé

Enterprise API deployment best practice par
Enterprise API deployment best practiceEnterprise API deployment best practice
Enterprise API deployment best practiceSanjay Roy
1.5K vues20 diapositives
2015/06/12 - IBM Systems & Middleware - IBM DataPower and API Management par
2015/06/12 - IBM Systems & Middleware - IBM DataPower and API Management2015/06/12 - IBM Systems & Middleware - IBM DataPower and API Management
2015/06/12 - IBM Systems & Middleware - IBM DataPower and API ManagementRui Santos
2.3K vues22 diapositives
Platform for Secure Digital Business par
Platform for Secure Digital BusinessPlatform for Secure Digital Business
Platform for Secure Digital BusinessAkana
1.3K vues58 diapositives
IBM DataPower Gateway - Common Use Cases par
IBM DataPower Gateway - Common Use CasesIBM DataPower Gateway - Common Use Cases
IBM DataPower Gateway - Common Use CasesIBM DataPower Gateway
97.5K vues91 diapositives
Datapowercommonusecases 130509114200-phpapp02 par
Datapowercommonusecases 130509114200-phpapp02Datapowercommonusecases 130509114200-phpapp02
Datapowercommonusecases 130509114200-phpapp02Krystel Hery
254 vues91 diapositives
Datapowercommonusecases 130509114200-phpapp02 par
Datapowercommonusecases 130509114200-phpapp02Datapowercommonusecases 130509114200-phpapp02
Datapowercommonusecases 130509114200-phpapp02Cristina Garrido Lema
223 vues91 diapositives

Contenu connexe

Similaire à apidays London 2023 - Advanced AI-powered API Security, Ricky Moorhouse (IBM) & Filip Verloy (Noname Security)

Developing Modern Applications in the Cloud par
Developing Modern Applications in the CloudDeveloping Modern Applications in the Cloud
Developing Modern Applications in the CloudCobus Bernard
107 vues71 diapositives
Becoming an interconnected enterprise par
Becoming an interconnected enterpriseBecoming an interconnected enterprise
Becoming an interconnected enterpriseWarba Insurance Co Kuwait
949 vues24 diapositives
APIC/DataPower security par
APIC/DataPower securityAPIC/DataPower security
APIC/DataPower securityShiu-Fun Poon
1.6K vues37 diapositives
Gateway/APIC security par
Gateway/APIC securityGateway/APIC security
Gateway/APIC securityShiu-Fun Poon
1.9K vues29 diapositives
5 pillars of API Management par
5 pillars of API Management5 pillars of API Management
5 pillars of API ManagementJames Farley-Sutton
371 vues10 diapositives
5 Pillars of API Management par
5 Pillars of API Management5 Pillars of API Management
5 Pillars of API ManagementRich Graham
611 vues22 diapositives

Similaire à apidays London 2023 - Advanced AI-powered API Security, Ricky Moorhouse (IBM) & Filip Verloy (Noname Security) (20)

Developing Modern Applications in the Cloud par Cobus Bernard
Developing Modern Applications in the CloudDeveloping Modern Applications in the Cloud
Developing Modern Applications in the Cloud
Cobus Bernard107 vues
Becoming an interconnected enterprise par Warba Insurance Co Kuwait
Becoming an interconnected enterpriseBecoming an interconnected enterprise
Becoming an interconnected enterprise
Warba Insurance Co Kuwait949 vues
APIC/DataPower security par Shiu-Fun Poon
APIC/DataPower securityAPIC/DataPower security
APIC/DataPower security
Shiu-Fun Poon1.6K vues
Gateway/APIC security par Shiu-Fun Poon
Gateway/APIC securityGateway/APIC security
Gateway/APIC security
Shiu-Fun Poon1.9K vues
5 pillars of API Management par James Farley-Sutton
5 pillars of API Management5 pillars of API Management
5 pillars of API Management
James Farley-Sutton371 vues
5 Pillars of API Management par Rich Graham
5 Pillars of API Management5 Pillars of API Management
5 Pillars of API Management
Rich Graham611 vues
5 Pillars of API Management par Sebastian Gyhlenius
5 Pillars of API Management5 Pillars of API Management
5 Pillars of API Management
Sebastian Gyhlenius289 vues
apidays Helsinki & North 2023 - API Security in the era of Generative AI, Mat... par apidays
apidays Helsinki & North 2023 - API Security in the era of Generative AI, Mat...apidays Helsinki & North 2023 - API Security in the era of Generative AI, Mat...
apidays Helsinki & North 2023 - API Security in the era of Generative AI, Mat...
apidays84 vues
Api management customer par nick_garrod
Api management customerApi management customer
Api management customer
nick_garrod517 vues
CA API Gateway par James Farley-Sutton
CA API GatewayCA API Gateway
CA API Gateway
James Farley-Sutton381 vues
DevSecOps: Integrating security into pipelines - SDD310 - AWS re:Inforce 2019 par Amazon Web Services
DevSecOps: Integrating security into pipelines - SDD310 - AWS re:Inforce 2019 DevSecOps: Integrating security into pipelines - SDD310 - AWS re:Inforce 2019
DevSecOps: Integrating security into pipelines - SDD310 - AWS re:Inforce 2019
Amazon Web Services930 vues
IBM InterConnect 2013 Cloud General Session: Jamie Thomas par IBM Events
IBM InterConnect 2013 Cloud General Session: Jamie ThomasIBM InterConnect 2013 Cloud General Session: Jamie Thomas
IBM InterConnect 2013 Cloud General Session: Jamie Thomas
IBM Events5.1K vues
Developing Modern Applications in the Cloud par Amazon Web Services
Developing Modern Applications in the CloudDeveloping Modern Applications in the Cloud
Developing Modern Applications in the Cloud
Amazon Web Services598 vues
Surviving the Mobile Phenomenon: Securing Mobile Access with Risk-Based Authe... par IBM Security
Surviving the Mobile Phenomenon: Securing Mobile Access with Risk-Based Authe...Surviving the Mobile Phenomenon: Securing Mobile Access with Risk-Based Authe...
Surviving the Mobile Phenomenon: Securing Mobile Access with Risk-Based Authe...
IBM Security1.7K vues
Surviving the Mobile Phenomenon: Protecting Devices without Disrupting the Us... par IBM Security
Surviving the Mobile Phenomenon: Protecting Devices without Disrupting the Us...Surviving the Mobile Phenomenon: Protecting Devices without Disrupting the Us...
Surviving the Mobile Phenomenon: Protecting Devices without Disrupting the Us...
IBM Security1.3K vues
Integrating network and API security into your application lifecycle - DEM07 ... par Amazon Web Services
Integrating network and API security into your application lifecycle - DEM07 ...Integrating network and API security into your application lifecycle - DEM07 ...
Integrating network and API security into your application lifecycle - DEM07 ...
Amazon Web Services492 vues
Mitigate attacks with IBM BigFix and Q-Radar par Francisco González Jiménez
Mitigate attacks with IBM BigFix and Q-RadarMitigate attacks with IBM BigFix and Q-Radar
Mitigate attacks with IBM BigFix and Q-Radar
Francisco González Jiménez1.9K vues
Cyber threats par Sonia Baratas Alves
Cyber threatsCyber threats
Cyber threats
Sonia Baratas Alves263 vues
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadar par IBM Security
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadarDon’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadar
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadar
IBM Security4K vues
IBM Maas360 with Watson par BuyOnCloud Software Service (P) Ltd.
IBM Maas360 with WatsonIBM Maas360 with Watson
IBM Maas360 with Watson
BuyOnCloud Software Service (P) Ltd.210 vues

Plus de apidays

apidays Australia - The Swiss Cheese Model of Layered API Security, Leon Andr... par
apidays Australia - The Swiss Cheese Model of Layered API Security, Leon Andr...apidays Australia - The Swiss Cheese Model of Layered API Security, Leon Andr...
apidays Australia - The Swiss Cheese Model of Layered API Security, Leon Andr...apidays
64 vues50 diapositives
apidays Australia - No API is an island, Erik Tveitnes, REA par
apidays Australia - No API is an island, Erik Tveitnes, REAapidays Australia - No API is an island, Erik Tveitnes, REA
apidays Australia - No API is an island, Erik Tveitnes, REAapidays
42 vues17 diapositives
apidays Australia - How We Built Our Generative AI Assistant; New Relic Grok,... par
apidays Australia - How We Built Our Generative AI Assistant; New Relic Grok,...apidays Australia - How We Built Our Generative AI Assistant; New Relic Grok,...
apidays Australia - How We Built Our Generative AI Assistant; New Relic Grok,...apidays
62 vues32 diapositives
apidays Australia - Discovering APIs And More With An Internal Developer Port... par
apidays Australia - Discovering APIs And More With An Internal Developer Port...apidays Australia - Discovering APIs And More With An Internal Developer Port...
apidays Australia - Discovering APIs And More With An Internal Developer Port...apidays
43 vues24 diapositives
Using APIs in a Design Thinking Approach to Problem Solving.pdf par
Using APIs in a Design Thinking Approach to Problem Solving.pdfUsing APIs in a Design Thinking Approach to Problem Solving.pdf
Using APIs in a Design Thinking Approach to Problem Solving.pdfapidays
41 vues24 diapositives
apidays Australia - Transforming Your Network To Secure, Control And Observe ... par
apidays Australia - Transforming Your Network To Secure, Control And Observe ...apidays Australia - Transforming Your Network To Secure, Control And Observe ...
apidays Australia - Transforming Your Network To Secure, Control And Observe ...apidays
31 vues43 diapositives

Plus de apidays(20)

apidays Australia - The Swiss Cheese Model of Layered API Security, Leon Andr... par apidays
apidays Australia - The Swiss Cheese Model of Layered API Security, Leon Andr...apidays Australia - The Swiss Cheese Model of Layered API Security, Leon Andr...
apidays Australia - The Swiss Cheese Model of Layered API Security, Leon Andr...
apidays64 vues
apidays Australia - No API is an island, Erik Tveitnes, REA par apidays
apidays Australia - No API is an island, Erik Tveitnes, REAapidays Australia - No API is an island, Erik Tveitnes, REA
apidays Australia - No API is an island, Erik Tveitnes, REA
apidays42 vues
apidays Australia - How We Built Our Generative AI Assistant; New Relic Grok,... par apidays
apidays Australia - How We Built Our Generative AI Assistant; New Relic Grok,...apidays Australia - How We Built Our Generative AI Assistant; New Relic Grok,...
apidays Australia - How We Built Our Generative AI Assistant; New Relic Grok,...
apidays62 vues
apidays Australia - Discovering APIs And More With An Internal Developer Port... par apidays
apidays Australia - Discovering APIs And More With An Internal Developer Port...apidays Australia - Discovering APIs And More With An Internal Developer Port...
apidays Australia - Discovering APIs And More With An Internal Developer Port...
apidays43 vues
Using APIs in a Design Thinking Approach to Problem Solving.pdf par apidays
Using APIs in a Design Thinking Approach to Problem Solving.pdfUsing APIs in a Design Thinking Approach to Problem Solving.pdf
Using APIs in a Design Thinking Approach to Problem Solving.pdf
apidays41 vues
apidays Australia - Transforming Your Network To Secure, Control And Observe ... par apidays
apidays Australia - Transforming Your Network To Secure, Control And Observe ...apidays Australia - Transforming Your Network To Secure, Control And Observe ...
apidays Australia - Transforming Your Network To Secure, Control And Observe ...
apidays31 vues
apidays Australia - Consuming And Building APIs During Hackathons, William Mc... par apidays
apidays Australia - Consuming And Building APIs During Hackathons, William Mc...apidays Australia - Consuming And Building APIs During Hackathons, William Mc...
apidays Australia - Consuming And Building APIs During Hackathons, William Mc...
apidays11 vues
apidays Australia - Building On-Premise Hybrid API Platforms, David Freeman, ... par apidays
apidays Australia - Building On-Premise Hybrid API Platforms, David Freeman, ...apidays Australia - Building On-Premise Hybrid API Platforms, David Freeman, ...
apidays Australia - Building On-Premise Hybrid API Platforms, David Freeman, ...
apidays19 vues
apidays Australia - Enable Faster Delivery With Collaborative Platform Teams,... par apidays
apidays Australia - Enable Faster Delivery With Collaborative Platform Teams,...apidays Australia - Enable Faster Delivery With Collaborative Platform Teams,...
apidays Australia - Enable Faster Delivery With Collaborative Platform Teams,...
apidays28 vues
apidays Australia - Building Trust Brick by Brick, Dasith Wijesiriwardena, Ju... par apidays
apidays Australia - Building Trust Brick by Brick, Dasith Wijesiriwardena, Ju...apidays Australia - Building Trust Brick by Brick, Dasith Wijesiriwardena, Ju...
apidays Australia - Building Trust Brick by Brick, Dasith Wijesiriwardena, Ju...
apidays39 vues
apidays Australia - The Playful Bond Between REST And Data Streams, Warren Ve... par apidays
apidays Australia - The Playful Bond Between REST And Data Streams, Warren Ve...apidays Australia - The Playful Bond Between REST And Data Streams, Warren Ve...
apidays Australia - The Playful Bond Between REST And Data Streams, Warren Ve...
apidays37 vues
apidays Australia - Unlocking The Power: The Importance Of API Registration, ... par apidays
apidays Australia - Unlocking The Power: The Importance Of API Registration, ...apidays Australia - Unlocking The Power: The Importance Of API Registration, ...
apidays Australia - Unlocking The Power: The Importance Of API Registration, ...
apidays17 vues
apidays Australia - API Strategy In The Era Of Generative AI,Shreshta Shyamsu... par apidays
apidays Australia - API Strategy In The Era Of Generative AI,Shreshta Shyamsu...apidays Australia - API Strategy In The Era Of Generative AI,Shreshta Shyamsu...
apidays Australia - API Strategy In The Era Of Generative AI,Shreshta Shyamsu...
apidays71 vues
apidays London 2023 - How APIs support the democratization of FAIR data and d... par apidays
apidays London 2023 - How APIs support the democratization of FAIR data and d...apidays London 2023 - How APIs support the democratization of FAIR data and d...
apidays London 2023 - How APIs support the democratization of FAIR data and d...
apidays69 vues
apidays London 2023 - Revolutionising fitness and well-being, David Turner, V... par apidays
apidays London 2023 - Revolutionising fitness and well-being, David Turner, V...apidays London 2023 - Revolutionising fitness and well-being, David Turner, V...
apidays London 2023 - Revolutionising fitness and well-being, David Turner, V...
apidays34 vues
apidays London 2023 - Let's make "true" impact happen!, Sandra Sydow, Climate... par apidays
apidays London 2023 - Let's make "true" impact happen!, Sandra Sydow, Climate...apidays London 2023 - Let's make "true" impact happen!, Sandra Sydow, Climate...
apidays London 2023 - Let's make "true" impact happen!, Sandra Sydow, Climate...
apidays24 vues
apidays London 2023 - 7 pillars of an API Factory, Patrick Brosse, Amadeus par apidays
apidays London 2023 - 7 pillars of an API Factory, Patrick Brosse, Amadeusapidays London 2023 - 7 pillars of an API Factory, Patrick Brosse, Amadeus
apidays London 2023 - 7 pillars of an API Factory, Patrick Brosse, Amadeus
apidays52 vues
apidays London 2023 - Meeting Relentless Business Change in a Post API Econom... par apidays
apidays London 2023 - Meeting Relentless Business Change in a Post API Econom...apidays London 2023 - Meeting Relentless Business Change in a Post API Econom...
apidays London 2023 - Meeting Relentless Business Change in a Post API Econom...
apidays20 vues
apidays London 2023 - Overengineering Weakens your API Security, Dr. David Va... par apidays
apidays London 2023 - Overengineering Weakens your API Security, Dr. David Va...apidays London 2023 - Overengineering Weakens your API Security, Dr. David Va...
apidays London 2023 - Overengineering Weakens your API Security, Dr. David Va...
apidays41 vues
apidays London 2023 - When to soar and when to dive, Claire Barrett, APIsFirst par apidays
apidays London 2023 - When to soar and when to dive, Claire Barrett, APIsFirst apidays London 2023 - When to soar and when to dive, Claire Barrett, APIsFirst
apidays London 2023 - When to soar and when to dive, Claire Barrett, APIsFirst
apidays22 vues

Dernier

4_4_WP_4_06_ND_Model.pptx par
4_4_WP_4_06_ND_Model.pptx4_4_WP_4_06_ND_Model.pptx
4_4_WP_4_06_ND_Model.pptxd6fmc6kwd4
7 vues13 diapositives
GDG Cloud Community Day 2022 - Managing data quality in Machine Learning par
GDG Cloud Community Day 2022 - Managing data quality in Machine LearningGDG Cloud Community Day 2022 - Managing data quality in Machine Learning
GDG Cloud Community Day 2022 - Managing data quality in Machine LearningSARADINDU SENGUPTA
5 vues11 diapositives
VoxelNet par
VoxelNetVoxelNet
VoxelNettaeseon ryu
20 vues21 diapositives
Dr. Ousmane Badiane-2023 ReSAKSS Conference par
Dr. Ousmane Badiane-2023 ReSAKSS ConferenceDr. Ousmane Badiane-2023 ReSAKSS Conference
Dr. Ousmane Badiane-2023 ReSAKSS ConferenceAKADEMIYA2063
5 vues34 diapositives
Games, Queries, and Argumentation Frameworks: Time for a Family Reunion par
Games, Queries, and Argumentation Frameworks: Time for a Family ReunionGames, Queries, and Argumentation Frameworks: Time for a Family Reunion
Games, Queries, and Argumentation Frameworks: Time for a Family ReunionBertram Ludäscher
9 vues37 diapositives
Data Journeys Hard Talk workshop final.pptx par
Data Journeys Hard Talk workshop final.pptxData Journeys Hard Talk workshop final.pptx
Data Journeys Hard Talk workshop final.pptxinfo828217
11 vues18 diapositives

Dernier(20)

4_4_WP_4_06_ND_Model.pptx par d6fmc6kwd4
4_4_WP_4_06_ND_Model.pptx4_4_WP_4_06_ND_Model.pptx
4_4_WP_4_06_ND_Model.pptx
d6fmc6kwd47 vues
GDG Cloud Community Day 2022 - Managing data quality in Machine Learning par SARADINDU SENGUPTA
GDG Cloud Community Day 2022 - Managing data quality in Machine LearningGDG Cloud Community Day 2022 - Managing data quality in Machine Learning
GDG Cloud Community Day 2022 - Managing data quality in Machine Learning
SARADINDU SENGUPTA5 vues
VoxelNet par taeseon ryu
VoxelNetVoxelNet
VoxelNet
taeseon ryu20 vues
Dr. Ousmane Badiane-2023 ReSAKSS Conference par AKADEMIYA2063
Dr. Ousmane Badiane-2023 ReSAKSS ConferenceDr. Ousmane Badiane-2023 ReSAKSS Conference
Dr. Ousmane Badiane-2023 ReSAKSS Conference
AKADEMIYA20635 vues
Games, Queries, and Argumentation Frameworks: Time for a Family Reunion par Bertram Ludäscher
Games, Queries, and Argumentation Frameworks: Time for a Family ReunionGames, Queries, and Argumentation Frameworks: Time for a Family Reunion
Games, Queries, and Argumentation Frameworks: Time for a Family Reunion
Bertram Ludäscher9 vues
Data Journeys Hard Talk workshop final.pptx par info828217
Data Journeys Hard Talk workshop final.pptxData Journeys Hard Talk workshop final.pptx
Data Journeys Hard Talk workshop final.pptx
info82821711 vues
Listed Instruments Survey 2022.pptx par secretariat4
Listed Instruments Survey 2022.pptxListed Instruments Survey 2022.pptx
Listed Instruments Survey 2022.pptx
secretariat4130 vues
CRM stick or twist workshop par info828217
CRM stick or twist workshopCRM stick or twist workshop
CRM stick or twist workshop
info82821714 vues
Employees attrition par MaryAlejandraDiaz
Employees attritionEmployees attrition
Employees attrition
MaryAlejandraDiaz7 vues
K-Drama Recommendation Using Python par FridaPutriassa
K-Drama Recommendation Using PythonK-Drama Recommendation Using Python
K-Drama Recommendation Using Python
FridaPutriassa7 vues
Penetration testing by Burpsuite par AyonDebnathCertified
Penetration testing by BurpsuitePenetration testing by Burpsuite
Penetration testing by Burpsuite
AyonDebnathCertified5 vues
OPPOTUS - Malaysians on Malaysia 3Q2023.pdf par Oppotus
OPPOTUS - Malaysians on Malaysia 3Q2023.pdfOPPOTUS - Malaysians on Malaysia 3Q2023.pdf
OPPOTUS - Malaysians on Malaysia 3Q2023.pdf
Oppotus34 vues
Analytics Center of Excellence | Data CoE |Analytics CoE| WNS Triange par RNayak3
Analytics Center of Excellence | Data CoE |Analytics CoE| WNS TriangeAnalytics Center of Excellence | Data CoE |Analytics CoE| WNS Triange
Analytics Center of Excellence | Data CoE |Analytics CoE| WNS Triange
RNayak35 vues
shivam tiwari.pptx par AanyaMishra4
shivam tiwari.pptxshivam tiwari.pptx
shivam tiwari.pptx
AanyaMishra49 vues
Best Home Security Systems.pptx par mogalang
Best Home Security Systems.pptxBest Home Security Systems.pptx
Best Home Security Systems.pptx
mogalang9 vues
LIVE OAK MEMORIAL PARK.pptx par ms2332always
LIVE OAK MEMORIAL PARK.pptxLIVE OAK MEMORIAL PARK.pptx
LIVE OAK MEMORIAL PARK.pptx
ms2332always8 vues
6498-Butun_Beyinli_Cocuq-Daniel_J.Siegel-Tina_Payne_Bryson-2011-259s.pdf par 10urkyr34
6498-Butun_Beyinli_Cocuq-Daniel_J.Siegel-Tina_Payne_Bryson-2011-259s.pdf6498-Butun_Beyinli_Cocuq-Daniel_J.Siegel-Tina_Payne_Bryson-2011-259s.pdf
6498-Butun_Beyinli_Cocuq-Daniel_J.Siegel-Tina_Payne_Bryson-2011-259s.pdf
10urkyr347 vues
apple.pptx par honeybeeqwe
apple.pptxapple.pptx
apple.pptx
honeybeeqwe6 vues
Report on OSINT par AyonDebnathCertified
Report on OSINTReport on OSINT
Report on OSINT
AyonDebnathCertified6 vues
Underfunded.pptx par vgarcia19
Underfunded.pptxUnderfunded.pptx
Underfunded.pptx
vgarcia1915 vues

apidays London 2023 - Advanced AI-powered API Security, Ricky Moorhouse (IBM) & Filip Verloy (Noname Security)

  • 1. Advanced API Security Filip Verloy Field CTO, Noname Security Ricky Moorhouse Cloud Architect, API Connect, IBM
  • 2. API Security is a superhuman problem. It requires Machine Learning to solve. Learn more 15,564 76% 37 days The 2022 API Security Trends Report Whitepaper Average number of Production Enterprise APIs of organizations experienced a security breach in the past year 27 days for discovery 10 days for remediation per incident 2
  • 3. 3 Development Secure at Runtime Analyze Behavior Manage Design Test Discover unmanaged Control Access Protect Endpt Validate content Limit rate Detect Notify Mediate / Stop attack Predict Continuous Monitor Security capabilities across the API lifecycle © 2023 IBM Corporation API Lifecycle Security policy
  • 4. IBM API Connect powers digital applications by unlocking business data and assets as APIs IBM API Connect Socialize Empower application developers to explore and consume your APIs using branded self-service portals Secure Easily apply built-in and extensible policies to secure, control and mediate the delivery of APIs protecting data and business assets Create Automatically create APIs to expose data, microservices, enterprise applications, and SaaS services using open standards Manage Rapidly organize, publish and analyze any API through the full lifecycle from design to retire
  • 5. Gateway 5 IBM DataPower Gateway is an industry leading, high security gateway for modern, traditional and hybrid cloud workloads Secure Easily apply built-in and extensible policies to secure access to a full range of API, Mobile, Web, SOA, B2B, and Cloud workloads at all stages. Integrate Combine modern event-based and API workloads with traditional services with advanced protocol bridging and message transformation support. Control Protect applications from over utilization with traffic control and quota enforcements. Optimize Improve response times and throughput by controlling message traffic with application caching and advanced routing.
  • 6. IBM DataPower 6 Provide security, control, integration and optimized access to enterprise business process TLS Termination AAA Token exchange Message protection Message transform, rate limit & many others Harden capabilities in Gateway to make it an excellent Policy Enforcement Point
  • 7. IBM DataPower 7 Provide security, control, integration and optimized access to enterprise business process TLS Termination AAA Token exchange Message protection Message transform, rate limit & many others Harden capabilities in Gateway to make it an excellent Policy Enforcement Point Record ML Policy Decision Point Rules IP Cookie Header Query
  • 8. Detect and block API attacks with real-time traffic analysis powered by machine learning Uncover vulnerabilities and misconfigurations to speed remediation and ensure compliance Runtime API Security Posture Management Augment IBM API Connect & DataPower with Advanced API Security powered by Machine Learning Locate and inventory all of your APIs regardless of configuration Discovery Extend API Connect and DataPower (API Gateway)’s already powerful enterprise-grade performance and security with new Discovery, Posture Management and runtime Behavioral Threat Detection, powered by Noname Security. 8
  • 9. It is as easy as dropping a policy at the API assembly step 9
  • 10. Gateway Noname Advanced API Security Policy Noname Advanced API Security Policy How it Works – High Level Architecture API Consumers Protection Rules Analytics Records API definitions & Application Details API Call Information ML Policy Decision Point
  • 12. Rules
  • 15. | © Noname Security. All rights reserved 15 Deployment - SaaS SaaS Deployment
  • 16. | © Noname Security. All rights reserved 16 OnPrem Deployment
  • 18. Learn more 01 Explore the product 02 Explore the partnership 03 Visit the IBM booth Talk to an SME, see a demo, or check out a 10-minute SmartTalk 18 ibm.biz/api-security nonamesecurity.com/ibm
  • 20. IBM DataPower Interne t Consumer Mobile Consumer Cloud Apps & Services Firewall / Load Balancer Application Application System z Mobile Application Server Application Provide security, control, integration and optimized access to enterprise business process TLS Termination AAA Token exchange Message protection Message transform, rate limit & many others Harden capabilities in Gateway to make it an excellent Policy Enforcement Point
  • 21. IBM DataPower Interne t Consumer Mobile Consumer Cloud Apps & Services Firewall / Load Balancer Application Application System z Mobile Application Server Application Record ML Policy Decision Point Rules IP Cookie Header Query Provide security, control, integration and optimized access to enterprise business process TLS Termination AAA Token exchange Message protection Message transform, rate limit & many others
  • 22. IBM API Connect powers digital applications by unlocking business data and assets as APIs IBM API Connect Socialize Empower application developers to explore and consume your APIs using branded self-service portals Secure Easily apply built-in and extensible policies to secure, control and mediate the delivery of APIs protecting data and business assets Create Automatically create APIs to expose data, microservices, enterprise applications, and SaaS services using open standards Manage Rapidly organize, publish and analyze any API through the full lifecycle from design to retire
  • 23. IBM API Connect Interne t Consumer Mobile Consumer Cloud Apps & Services Firewall / Load Balancer Application Application System z Mobile Application Server Application Runtime api information API Definition(security, schema ..) Application information (credential ..) Provide a full life cycle API management solution
  • 24. IBM API Connect Interne t Consumer Mobile Consumer Cloud Apps & Services Firewall / Load Balancer Application Application System z Mobile Application Server Application Runtime api information API Definition(security, schema ..) Application information (credential ..) Provide a full life cycle API management solution ML Policy Decision Point IP Cookie Header Query Record Noname API Advanced Security Policy Noname API Advanced Security Policy Rules
  • 25. IBM API Connect powers digital applications by unlocking business data and assets as APIs API Management Socialize Empower application developers to explore and consume your APIs using branded self-service portals Secure Easily apply built-in and extensible policies to secure, control and mediate the delivery of APIs protecting data and business assets Create Automatically create APIs to expose data, microservices, enterprise applications, and SaaS services using open standards Manage Rapidly organize, publish and analyze any API through the full lifecycle from design to retire 2 © 2023 IBM Corporation
  • 26. Gateway 26 IBM DataPower Gateway is an industry leading, high security gateway for modern, traditional and hybrid cloud workloads Secure Easily apply built-in and extensible policies to secure access to a full range of API, Mobile, Web, SOA, B2B, and Cloud workloads at all stages. Integrate Combine modern event-based and API workloads with traditional services with advanced protocol bridging and message transformation support. Control Protect applications from over utilization with traffic control and quota enforcements. Optimize Improve response times and throughput by controlling message traffic with application caching and advanced routing.
  • 27. Noname Security extends the capabilities of IBM DataPower and IBM API Connect to enable organizations to provide advanced security of APIs throughout their lifecycle. Find API security issues faster Intelligently identify and prioritize potential vulnerabilities. Remediate manually, semi- automatically or fully- automatically. Discover the unmanaged Catch vulnerabilities and issues earlier, and prioritize based on impact to reduce remediation costs. Ensure compliance Continuously monitor for compliance with regulatory requirements, industry standards and internal policies. See through the noise Conduct real-time traffic analysis with automated AI and machine learning detection, and use automated remediation to stop attacks in real time. Intelligent asset management