SlideShare une entreprise Scribd logo

[WSO2 Integration Summit San Francisco 2019] Protecting API Infrastructures — An AI-powered Solution for APIs from PingIntelligence & WSO2 API Manager

WSO2
WSO2

What do Google, Facebook, Paypal, IRS, T-mobile, and USPS have in common? Answer -- hackers used their APIs to access sensitive customer information. Although these API attacks were exposed, most API-based attacks go undetected these days. This deck will discuss today’s evolving API threat landscape and explore what you can do to both detect and block cyberattacks from authenticated users and hackers who have reverse engineered your API with an integrated solution from WSO2 and PingIntelligence.

Technologie
1  sur  25
Télécharger pour lire hors ligne
PROTECTING API INFRASTRUCTURES Baber Amin CTO West, Ping Identity Copyright ©2019 Ping Identity Corporation. All rights reserved.1 An AI-Powered Solution from Ping Identity & WSO2
IT’S A NEW DIGITAL ERA … And your most valuable assets are now accessed via APIs! Copyright ©2019 Ping Identity Corporation. All rights reserved.2
“Discover Your APIs Before Attackers Discover them” "By 2022 API breaches will become the top attack vector that results in data loss” LACK OF VISIBILITY - A BIG PROBLEM ”API Security: What You Need to Do to Protect Your APIs”, Gartner, August 2019Copyright ©2019 Ping Identity Corporation. All rights reserved.3
Copyright ©2019 Ping Identity Corporation. All rights reserved. • 45% not confident in ability to detect malicious API access • 51% not confident in security team’s awareness of all APIs 2018 Growth in Number of APIs Growth in Number of Attacks API Security Survey: Average Time to Detect First Breach 2018 Verizon DBIR Reactive -> Proactive RECENT API ATTACKS – MOST ARE UNDETECTED 4
5 • DDoS Protection • Transport Security • Rule based Sec. • OWASP Top 10 • Fraud Detection • Browser Validation • Rate Limiting • Encryption/Signing Brute Force Data ExtractionStolen Tokens Acct. Takeover API DDoS API TAKE OVER Partner Breach Partner Abuse CDNA DC WAF Bot Detection API GW Data Theft APIs/Data ATTACK GO THROUGH EXISTING DEFENSES EVERYTIME Copyright © 2019, Ping Identity Corporation. All rights reserved. “Organizations are using Web Application Firewalls (WAF), NextGen WAFs, Bot Detection systems, and “secured” CDNs … and are still being breached!” Copyright ©2019 Ping Identity Corporation. All rights reserved.
Copyright ©2019 Ping Identity Corporation. All rights reserved.6 • Hacker uses valid account to access app and API – and is an authenticated user • Hacker reverse-engineers API logic • Uses discovered vulnerabilities to access other accounts • Takes over accounts and steal data, photos, private information • Continues for months Uses a valid account Account #1 Account #2 Account #3 Account #4 Account #5 harvest API TAKE OVER ATTACK – LOOKING LIKE A NORMAL USER
App & UI User API Data Service Hacker Tools API Data Service • Client-side rules and GUI skipped • Unexpected and untested-for API abuse scenarios – vulnerabilities • “Sniffer” on API traffic exchange • Freedom to poke around and find bugs and exploits • Finds way to get to account data without credentials Skip That Copyright ©2019 Ping Identity Corporation. All rights reserved.7 HACKERS USE YOUR API OUTSIDE OF YOUR APP
DATA EXFILTRATION SCENARIO 8 Copyright ©2019 Ping Identity Corporation. All rights reserved.
9 Copyright ©2019 Ping Identity Corporation. All rights reserved.
Security Beyond Access Control Security Beyond WAF ▪ Extending Foundational API security to protect against cyberattacks on APIs ▪ Security needs beyond existing security: • Knowing about all APIs • Identify Pre and Post login attacks • Login/Identity attack detection • API-specific DoS/DDoS attacks protection • Detecting Cyberattacks on data, apps, systems ▪ Need full API activity reporting at scale API SECURITY TODAY Access Control and WAF Tokens, Authentication/Authorization/Attack Signatures Rate Limiting Client throttling, quotas Network Privacy SSL/TLS THE MISSING PIECES Data, Application, System Attacks APTs, Data Exfiltration, Deletion…etc. API DoS/DDoS Targeted Attacks Compromised API Services Access Login/OAuth/Authentication Attacks Credential Stuffing, Fuzzing, Stolen Cookies and Tokens ADDRESSING API SECURITY GAPS WITH AI Confidential - Do not distribute. Copyright © 2019, Ping Identity Corporation. All rights reserved.10
PERSISTING API SECURITY ISSUES ▪ Unexpected and untested ”outside-the-app” scenarios ▪ Bugs and vulnerabilities ▪ Deficit of available expertise ▪ No real-time security focus ▪ Downstream vulnerabilities ▪ Users: phish, password reuse ▪ Clients that can’t keep secrets ▪ Bearer tokens Foundational API security blind spots External Vulnerabilities HOW TO MITIGATE THESE PERSISTENT VULNERABILITIES? Copyright ©2019 Ping Identity Corporation. All rights reserved.11
MITIGATE THESE PERSISTING RISKS BY LEVERAGING AI TO IDENTIFY GOOD AND BAD TRAFFIC MODEL • Learn from API traffic • Build model for legit apps DETECT • Inspect runtime traffic • Look for deviations from model BLOCK • Block compromised tokens, cookies, … • Notify / Alert Copyright ©2019 Ping Identity Corporation. All rights reserved.12
13 IDENTIFYING GOOD AND BAD TRAFFIC Copyright © 2019, Ping Identity Corporation. All rights reserved. Authentication System API Disruption • System “misfiring” and flooding API fabric due to system misconfiguration or bugBad System • Partner use of API for unintended purposes e.g. Cambridge Analytica on FacebookAPI Misuse • Extraction of customer data against company policy • Disgruntled employee abuses Insider Abuse • Compromise accounts via APIs • Extraction, injection and other attacksHacker Attack Copyright ©2019 Ping Identity Corporation. All rights reserved.
FRIENDLY FIRE SCENARIO 14 Copyright ©2019 Ping Identity Corporation. All rights reserved.
15 Copyright ©2019 Ping Identity Corporation. All rights reserved.
DISCOVERY & VISIBILITY SCENARIO 16 Copyright ©2019 Ping Identity Corporation. All rights reserved.
Copyright ©2019 Ping Identity Corporation. All rights reserved.17
Sideband Deployment APIs Users and Applications PingIntelligence For APIs PingIntelligence For APIs AI-Powered Cyberattacks Detection Automated Advanced, Attack Blocking API Deception / Honeypot Deep API Traffic Inspection and Reporting Deploy via “drop-in” pre-configured policy COMPREHENSIVE API SECURITY WITH Ping Identity AND WSO2 18 Copyright © 2019, Ping Identity Corporation. All rights reserved.
Scalable Multi-Cloud API Platform AI-powered Threat Protection for APIs Data & Application Attacks Advanced Persistent Threats, Data exfiltration, Deletion DoS & DDoS Attacks DDoS API attack, Login service DDoS attack, Botnet attacking API Login Attacks Stolen tokens or cookies, Credential stuffing, fuzzing, Message Security JSON/XML threat protection, SQL injection, XSS, Schema validation, Encryption & signature, Redaction, AV scanning Access Control Authentication, Authorization, Token Translation Rate Limiting Client throttling, Provider throttling, Quotas Network Privacy SSL/TLS PingIntelligence for APIs COMPREHENSIVE AI-POWERED SECURITY Copyright © 2019, Ping Identity Corporation. All rights reserved.19 19
ATTACKS AND BLOCKING FACTORS Detect these: • Authentication systems attacks • Data and application attacks • API DoS/DDoS attacks • API misuse • Systems misfiring • Insider threats Block by: • User identity • Token • API Key • Cookie • IP Copyright © 2019, Ping Identity Corporation. All rights reserved.2020
21 Copyright ©2019 Ping Identity Corporation. All rights reserved. VISIBILITY AND SCALING FOR LARGE ENTERPRISE SINGLE PANE OF GLASS • Continuous API Auto discovery • Single or multi-datacenter deployment • Support mix of API implementations • API activity across any datacenter • Centralized AI processing and visibility • Common models across all sites • Components can be distributed • Common Dashboard views • Centralized or distributed reporting PingIntelligence for APIs API Gateway Clusters
CONCLUSION – WSO2 AND PING ▪ Faster detection of API breaches ▪ Augments foundational API security ▪ Help sort out good and bad traffic ▪ Identify “abnormal” without static rules ▪ Single pane of glass for all clusters and datacenter – deep visibility and reporting Copyright ©2019 Ping Identity Corporation. All rights reserved.22 PingIntelligence for APIs ® API Discovery Attack Blocking Deep Reporting APIs APIs APIs
Copyright ©2019 Ping Identity Corporation. All rights reserved. 2 3 Award Winning API Cybersecurity
YOU CAN’T PROTECT WHAT YOU CAN’T SEE. Gain Deeper Insights into API Activity to Reveal Hidden Traffic and Vulnerabilities. Take a closer look. Get rewarded. Learn more & sign up at www.pingidentity.com/RevealHiddenAPITraffic Win an Arlo camera!
Q&A Copyright ©2019 Ping Identity Corporation. All rights reserved.25

Recommandé

[WSO2 API Day Toronto 2019] Extending Service Mesh with API Management
[WSO2 API Day Toronto 2019] Extending Service Mesh with API Management[WSO2 API Day Toronto 2019] Extending Service Mesh with API Management
[WSO2 API Day Toronto 2019] Extending Service Mesh with API ManagementWSO2
 
[WSO2 Integration Summit San Francisco 2019] The Composable Enterprise
[WSO2 Integration Summit San Francisco 2019] The Composable Enterprise[WSO2 Integration Summit San Francisco 2019] The Composable Enterprise
[WSO2 Integration Summit San Francisco 2019] The Composable EnterpriseWSO2
 
[WSO2 Integration Summit San Francisco 2019] The API-driven World
[WSO2 Integration Summit San Francisco 2019] The API-driven World[WSO2 Integration Summit San Francisco 2019] The API-driven World
[WSO2 Integration Summit San Francisco 2019] The API-driven WorldWSO2
 
[WSO2 Integration Summit London 2019] Identity and Access Management in an AP...
[WSO2 Integration Summit London 2019] Identity and Access Management in an AP...[WSO2 Integration Summit London 2019] Identity and Access Management in an AP...
[WSO2 Integration Summit London 2019] Identity and Access Management in an AP...WSO2
 
[WSO2 Integration Summit Stuttgart 2019] Decentralizing APIs for Agile Busine...
[WSO2 Integration Summit Stuttgart 2019] Decentralizing APIs for Agile Busine...[WSO2 Integration Summit Stuttgart 2019] Decentralizing APIs for Agile Busine...
[WSO2 Integration Summit Stuttgart 2019] Decentralizing APIs for Agile Busine...WSO2
 
[WSO2 Integration Summit Stuttgart 2019] Role of Integration in an API Driven...
[WSO2 Integration Summit Stuttgart 2019] Role of Integration in an API Driven...[WSO2 Integration Summit Stuttgart 2019] Role of Integration in an API Driven...
[WSO2 Integration Summit Stuttgart 2019] Role of Integration in an API Driven...WSO2
 
[WSO2 Summit Sydney 2019] Ballerina - Cloud Native Programming Language
[WSO2 Summit Sydney 2019] Ballerina - Cloud Native Programming Language[WSO2 Summit Sydney 2019] Ballerina - Cloud Native Programming Language
[WSO2 Summit Sydney 2019] Ballerina - Cloud Native Programming LanguageWSO2
 
[WSO2 Integration Summit Stuttgart 2019] Identity and Access Management in an...
[WSO2 Integration Summit Stuttgart 2019] Identity and Access Management in an...[WSO2 Integration Summit Stuttgart 2019] Identity and Access Management in an...
[WSO2 Integration Summit Stuttgart 2019] Identity and Access Management in an...WSO2
 

Recommandé

[WSO2 API Day Toronto 2019] Extending Service Mesh with API Management
[WSO2 API Day Toronto 2019] Extending Service Mesh with API Management[WSO2 API Day Toronto 2019] Extending Service Mesh with API Management
[WSO2 API Day Toronto 2019] Extending Service Mesh with API ManagementWSO2
 
[WSO2 Integration Summit San Francisco 2019] The Composable Enterprise
[WSO2 Integration Summit San Francisco 2019] The Composable Enterprise[WSO2 Integration Summit San Francisco 2019] The Composable Enterprise
[WSO2 Integration Summit San Francisco 2019] The Composable EnterpriseWSO2
 
[WSO2 Integration Summit San Francisco 2019] The API-driven World
[WSO2 Integration Summit San Francisco 2019] The API-driven World[WSO2 Integration Summit San Francisco 2019] The API-driven World
[WSO2 Integration Summit San Francisco 2019] The API-driven WorldWSO2
 
[WSO2 Integration Summit London 2019] Identity and Access Management in an AP...
[WSO2 Integration Summit London 2019] Identity and Access Management in an AP...[WSO2 Integration Summit London 2019] Identity and Access Management in an AP...
[WSO2 Integration Summit London 2019] Identity and Access Management in an AP...WSO2
 
[WSO2 Integration Summit Stuttgart 2019] Decentralizing APIs for Agile Busine...
[WSO2 Integration Summit Stuttgart 2019] Decentralizing APIs for Agile Busine...[WSO2 Integration Summit Stuttgart 2019] Decentralizing APIs for Agile Busine...
[WSO2 Integration Summit Stuttgart 2019] Decentralizing APIs for Agile Busine...WSO2
 
[WSO2 Integration Summit Stuttgart 2019] Role of Integration in an API Driven...
[WSO2 Integration Summit Stuttgart 2019] Role of Integration in an API Driven...[WSO2 Integration Summit Stuttgart 2019] Role of Integration in an API Driven...
[WSO2 Integration Summit Stuttgart 2019] Role of Integration in an API Driven...WSO2
 
[WSO2 Summit Sydney 2019] Ballerina - Cloud Native Programming Language
[WSO2 Summit Sydney 2019] Ballerina - Cloud Native Programming Language[WSO2 Summit Sydney 2019] Ballerina - Cloud Native Programming Language
[WSO2 Summit Sydney 2019] Ballerina - Cloud Native Programming LanguageWSO2
 
[WSO2 Integration Summit Stuttgart 2019] Identity and Access Management in an...
[WSO2 Integration Summit Stuttgart 2019] Identity and Access Management in an...[WSO2 Integration Summit Stuttgart 2019] Identity and Access Management in an...
[WSO2 Integration Summit Stuttgart 2019] Identity and Access Management in an...WSO2
 
[WSO2 Integration Summit Milan 2019] API-Driven World
[WSO2 Integration Summit Milan 2019] API-Driven World[WSO2 Integration Summit Milan 2019] API-Driven World
[WSO2 Integration Summit Milan 2019] API-Driven WorldWSO2
 
WSO2 - Yenlo Integration Summit Stuttgart 15 May 2019 - API and Cell-based Ar...
WSO2 - Yenlo Integration Summit Stuttgart 15 May 2019 - API and Cell-based Ar...WSO2 - Yenlo Integration Summit Stuttgart 15 May 2019 - API and Cell-based Ar...
WSO2 - Yenlo Integration Summit Stuttgart 15 May 2019 - API and Cell-based Ar...Yenlo
 
[WSO2 Integration Summit Nairobi 2019] Role of Integration in an API Driven W...
[WSO2 Integration Summit Nairobi 2019] Role of Integration in an API Driven W...[WSO2 Integration Summit Nairobi 2019] Role of Integration in an API Driven W...
[WSO2 Integration Summit Nairobi 2019] Role of Integration in an API Driven W...WSO2
 
WSO2 - Yenlo Integration Summit Stuttgart 15 May 2019 - Role of Integration i...
WSO2 - Yenlo Integration Summit Stuttgart 15 May 2019 - Role of Integration i...WSO2 - Yenlo Integration Summit Stuttgart 15 May 2019 - Role of Integration i...
WSO2 - Yenlo Integration Summit Stuttgart 15 May 2019 - Role of Integration i...Yenlo
 
[WSO2 Integration Summit Milan 2019] Microservices and Container Based Archit...
[WSO2 Integration Summit Milan 2019] Microservices and Container Based Archit...[WSO2 Integration Summit Milan 2019] Microservices and Container Based Archit...
[WSO2 Integration Summit Milan 2019] Microservices and Container Based Archit...WSO2
 
apidays LIVE London 2021 - Application to API Security, drivers to the Shift ...
apidays LIVE London 2021 - Application to API Security, drivers to the Shift ...apidays LIVE London 2021 - Application to API Security, drivers to the Shift ...
apidays LIVE London 2021 - Application to API Security, drivers to the Shift ...apidays
 
apidays LIVE Paris 2021 - Detecting and Protecting PII by Rob Dickinson, Resu...
apidays LIVE Paris 2021 - Detecting and Protecting PII by Rob Dickinson, Resu...apidays LIVE Paris 2021 - Detecting and Protecting PII by Rob Dickinson, Resu...
apidays LIVE Paris 2021 - Detecting and Protecting PII by Rob Dickinson, Resu...apidays
 
WSO2 Integration Summit Johannesburg 2019 - Leveraging Enterprise Integration...
WSO2 Integration Summit Johannesburg 2019 - Leveraging Enterprise Integration...WSO2 Integration Summit Johannesburg 2019 - Leveraging Enterprise Integration...
WSO2 Integration Summit Johannesburg 2019 - Leveraging Enterprise Integration...WSO2
 
[WSO2 Integration Summit Nairobi 2019] Emerging Architecture Patterns: API-ce...
[WSO2 Integration Summit Nairobi 2019] Emerging Architecture Patterns: API-ce...[WSO2 Integration Summit Nairobi 2019] Emerging Architecture Patterns: API-ce...
[WSO2 Integration Summit Nairobi 2019] Emerging Architecture Patterns: API-ce...WSO2
 
apidays LIVE Hong Kong 2021 - Event-driven APIs & Schema governance for Apach...
apidays LIVE Hong Kong 2021 - Event-driven APIs & Schema governance for Apach...apidays LIVE Hong Kong 2021 - Event-driven APIs & Schema governance for Apach...
apidays LIVE Hong Kong 2021 - Event-driven APIs & Schema governance for Apach...apidays
 
WSO2 - Yenlo Integration Summit Stuttgart 15 May 2019 - Decentralizing APIs f...
WSO2 - Yenlo Integration Summit Stuttgart 15 May 2019 - Decentralizing APIs f...WSO2 - Yenlo Integration Summit Stuttgart 15 May 2019 - Decentralizing APIs f...
WSO2 - Yenlo Integration Summit Stuttgart 15 May 2019 - Decentralizing APIs f...Yenlo
 
[WSO2 Integration Summit San Francisco 2019] Digital Transformation: Through ...
[WSO2 Integration Summit San Francisco 2019] Digital Transformation: Through ...[WSO2 Integration Summit San Francisco 2019] Digital Transformation: Through ...
[WSO2 Integration Summit San Francisco 2019] Digital Transformation: Through ...WSO2
 
[APIdays INTERFACE 2021] Programming the Cloud through APIs
[APIdays INTERFACE 2021] Programming the Cloud through APIs[APIdays INTERFACE 2021] Programming the Cloud through APIs
[APIdays INTERFACE 2021] Programming the Cloud through APIsWSO2
 
[WSO2 Integration Summit Johannesburg 2019] Technology Market Outlook and Str...
[WSO2 Integration Summit Johannesburg 2019] Technology Market Outlook and Str...[WSO2 Integration Summit Johannesburg 2019] Technology Market Outlook and Str...
[WSO2 Integration Summit Johannesburg 2019] Technology Market Outlook and Str...WSO2
 
[WSO2 API Day Toronto 2019] Cloud-native Integration for the Enterprise
[WSO2 API Day Toronto 2019] Cloud-native Integration for the Enterprise[WSO2 API Day Toronto 2019] Cloud-native Integration for the Enterprise
[WSO2 API Day Toronto 2019] Cloud-native Integration for the EnterpriseWSO2
 
[WSO2 Integration Summit Johannesburg 2019] Identity and Access Management in...
[WSO2 Integration Summit Johannesburg 2019] Identity and Access Management in...[WSO2 Integration Summit Johannesburg 2019] Identity and Access Management in...
[WSO2 Integration Summit Johannesburg 2019] Identity and Access Management in...WSO2
 
Cloud Native Application Integration With APIs
Cloud Native Application Integration With APIsCloud Native Application Integration With APIs
Cloud Native Application Integration With APIsNirmal Fernando
 
[WSO2 API Day Dallas 2019] Cloud-native Integration for the Enterprise
[WSO2 API Day Dallas 2019] Cloud-native Integration for the Enterprise[WSO2 API Day Dallas 2019] Cloud-native Integration for the Enterprise
[WSO2 API Day Dallas 2019] Cloud-native Integration for the EnterpriseWSO2
 
[apidays LIVE HONK KONG] - OAS to Managed API in Seconds
[apidays LIVE HONK KONG] - OAS to Managed API in Seconds[apidays LIVE HONK KONG] - OAS to Managed API in Seconds
[apidays LIVE HONK KONG] - OAS to Managed API in SecondsWSO2
 
APIdays London 2019 - Why the Financial Industry Needs Intelligent API Securi...
APIdays London 2019 - Why the Financial Industry Needs Intelligent API Securi...APIdays London 2019 - Why the Financial Industry Needs Intelligent API Securi...
APIdays London 2019 - Why the Financial Industry Needs Intelligent API Securi...apidays
 
apidays LIVE Singapore 2021 - Novel approaches in API security by Dr Tal Stei...
apidays LIVE Singapore 2021 - Novel approaches in API security by Dr Tal Stei...apidays LIVE Singapore 2021 - Novel approaches in API security by Dr Tal Stei...
apidays LIVE Singapore 2021 - Novel approaches in API security by Dr Tal Stei...apidays
 
Hacker vs AI
Hacker vs AI Hacker vs AI
Hacker vs AI Nordic APIs
 

Contenu connexe

Tendances

[WSO2 Integration Summit Milan 2019] API-Driven World
[WSO2 Integration Summit Milan 2019] API-Driven World[WSO2 Integration Summit Milan 2019] API-Driven World
[WSO2 Integration Summit Milan 2019] API-Driven WorldWSO2
 
WSO2 - Yenlo Integration Summit Stuttgart 15 May 2019 - API and Cell-based Ar...
WSO2 - Yenlo Integration Summit Stuttgart 15 May 2019 - API and Cell-based Ar...WSO2 - Yenlo Integration Summit Stuttgart 15 May 2019 - API and Cell-based Ar...
WSO2 - Yenlo Integration Summit Stuttgart 15 May 2019 - API and Cell-based Ar...Yenlo
 
[WSO2 Integration Summit Nairobi 2019] Role of Integration in an API Driven W...
[WSO2 Integration Summit Nairobi 2019] Role of Integration in an API Driven W...[WSO2 Integration Summit Nairobi 2019] Role of Integration in an API Driven W...
[WSO2 Integration Summit Nairobi 2019] Role of Integration in an API Driven W...WSO2
 
WSO2 - Yenlo Integration Summit Stuttgart 15 May 2019 - Role of Integration i...
WSO2 - Yenlo Integration Summit Stuttgart 15 May 2019 - Role of Integration i...WSO2 - Yenlo Integration Summit Stuttgart 15 May 2019 - Role of Integration i...
WSO2 - Yenlo Integration Summit Stuttgart 15 May 2019 - Role of Integration i...Yenlo
 
[WSO2 Integration Summit Milan 2019] Microservices and Container Based Archit...
[WSO2 Integration Summit Milan 2019] Microservices and Container Based Archit...[WSO2 Integration Summit Milan 2019] Microservices and Container Based Archit...
[WSO2 Integration Summit Milan 2019] Microservices and Container Based Archit...WSO2
 
apidays LIVE London 2021 - Application to API Security, drivers to the Shift ...
apidays LIVE London 2021 - Application to API Security, drivers to the Shift ...apidays LIVE London 2021 - Application to API Security, drivers to the Shift ...
apidays LIVE London 2021 - Application to API Security, drivers to the Shift ...apidays
 
apidays LIVE Paris 2021 - Detecting and Protecting PII by Rob Dickinson, Resu...
apidays LIVE Paris 2021 - Detecting and Protecting PII by Rob Dickinson, Resu...apidays LIVE Paris 2021 - Detecting and Protecting PII by Rob Dickinson, Resu...
apidays LIVE Paris 2021 - Detecting and Protecting PII by Rob Dickinson, Resu...apidays
 
WSO2 Integration Summit Johannesburg 2019 - Leveraging Enterprise Integration...
WSO2 Integration Summit Johannesburg 2019 - Leveraging Enterprise Integration...WSO2 Integration Summit Johannesburg 2019 - Leveraging Enterprise Integration...
WSO2 Integration Summit Johannesburg 2019 - Leveraging Enterprise Integration...WSO2
 
[WSO2 Integration Summit Nairobi 2019] Emerging Architecture Patterns: API-ce...
[WSO2 Integration Summit Nairobi 2019] Emerging Architecture Patterns: API-ce...[WSO2 Integration Summit Nairobi 2019] Emerging Architecture Patterns: API-ce...
[WSO2 Integration Summit Nairobi 2019] Emerging Architecture Patterns: API-ce...WSO2
 
apidays LIVE Hong Kong 2021 - Event-driven APIs & Schema governance for Apach...
apidays LIVE Hong Kong 2021 - Event-driven APIs & Schema governance for Apach...apidays LIVE Hong Kong 2021 - Event-driven APIs & Schema governance for Apach...
apidays LIVE Hong Kong 2021 - Event-driven APIs & Schema governance for Apach...apidays
 
WSO2 - Yenlo Integration Summit Stuttgart 15 May 2019 - Decentralizing APIs f...
WSO2 - Yenlo Integration Summit Stuttgart 15 May 2019 - Decentralizing APIs f...WSO2 - Yenlo Integration Summit Stuttgart 15 May 2019 - Decentralizing APIs f...
WSO2 - Yenlo Integration Summit Stuttgart 15 May 2019 - Decentralizing APIs f...Yenlo
 
[WSO2 Integration Summit San Francisco 2019] Digital Transformation: Through ...
[WSO2 Integration Summit San Francisco 2019] Digital Transformation: Through ...[WSO2 Integration Summit San Francisco 2019] Digital Transformation: Through ...
[WSO2 Integration Summit San Francisco 2019] Digital Transformation: Through ...WSO2
 
[APIdays INTERFACE 2021] Programming the Cloud through APIs
[APIdays INTERFACE 2021] Programming the Cloud through APIs[APIdays INTERFACE 2021] Programming the Cloud through APIs
[APIdays INTERFACE 2021] Programming the Cloud through APIsWSO2
 
[WSO2 Integration Summit Johannesburg 2019] Technology Market Outlook and Str...
[WSO2 Integration Summit Johannesburg 2019] Technology Market Outlook and Str...[WSO2 Integration Summit Johannesburg 2019] Technology Market Outlook and Str...
[WSO2 Integration Summit Johannesburg 2019] Technology Market Outlook and Str...WSO2
 
[WSO2 API Day Toronto 2019] Cloud-native Integration for the Enterprise
[WSO2 API Day Toronto 2019] Cloud-native Integration for the Enterprise[WSO2 API Day Toronto 2019] Cloud-native Integration for the Enterprise
[WSO2 API Day Toronto 2019] Cloud-native Integration for the EnterpriseWSO2
 
[WSO2 Integration Summit Johannesburg 2019] Identity and Access Management in...
[WSO2 Integration Summit Johannesburg 2019] Identity and Access Management in...[WSO2 Integration Summit Johannesburg 2019] Identity and Access Management in...
[WSO2 Integration Summit Johannesburg 2019] Identity and Access Management in...WSO2
 
Cloud Native Application Integration With APIs
Cloud Native Application Integration With APIsCloud Native Application Integration With APIs
Cloud Native Application Integration With APIsNirmal Fernando
 
[WSO2 API Day Dallas 2019] Cloud-native Integration for the Enterprise
[WSO2 API Day Dallas 2019] Cloud-native Integration for the Enterprise[WSO2 API Day Dallas 2019] Cloud-native Integration for the Enterprise
[WSO2 API Day Dallas 2019] Cloud-native Integration for the EnterpriseWSO2
 
[apidays LIVE HONK KONG] - OAS to Managed API in Seconds
[apidays LIVE HONK KONG] - OAS to Managed API in Seconds[apidays LIVE HONK KONG] - OAS to Managed API in Seconds
[apidays LIVE HONK KONG] - OAS to Managed API in SecondsWSO2
 

Tendances (19)

[WSO2 Integration Summit Milan 2019] API-Driven World
[WSO2 Integration Summit Milan 2019] API-Driven World[WSO2 Integration Summit Milan 2019] API-Driven World
[WSO2 Integration Summit Milan 2019] API-Driven World
 
WSO2 - Yenlo Integration Summit Stuttgart 15 May 2019 - API and Cell-based Ar...
WSO2 - Yenlo Integration Summit Stuttgart 15 May 2019 - API and Cell-based Ar...WSO2 - Yenlo Integration Summit Stuttgart 15 May 2019 - API and Cell-based Ar...
WSO2 - Yenlo Integration Summit Stuttgart 15 May 2019 - API and Cell-based Ar...
 
[WSO2 Integration Summit Nairobi 2019] Role of Integration in an API Driven W...
[WSO2 Integration Summit Nairobi 2019] Role of Integration in an API Driven W...[WSO2 Integration Summit Nairobi 2019] Role of Integration in an API Driven W...
[WSO2 Integration Summit Nairobi 2019] Role of Integration in an API Driven W...
 
WSO2 - Yenlo Integration Summit Stuttgart 15 May 2019 - Role of Integration i...
WSO2 - Yenlo Integration Summit Stuttgart 15 May 2019 - Role of Integration i...WSO2 - Yenlo Integration Summit Stuttgart 15 May 2019 - Role of Integration i...
WSO2 - Yenlo Integration Summit Stuttgart 15 May 2019 - Role of Integration i...
 
[WSO2 Integration Summit Milan 2019] Microservices and Container Based Archit...
[WSO2 Integration Summit Milan 2019] Microservices and Container Based Archit...[WSO2 Integration Summit Milan 2019] Microservices and Container Based Archit...
[WSO2 Integration Summit Milan 2019] Microservices and Container Based Archit...
 
apidays LIVE London 2021 - Application to API Security, drivers to the Shift ...
apidays LIVE London 2021 - Application to API Security, drivers to the Shift ...apidays LIVE London 2021 - Application to API Security, drivers to the Shift ...
apidays LIVE London 2021 - Application to API Security, drivers to the Shift ...
 
apidays LIVE Paris 2021 - Detecting and Protecting PII by Rob Dickinson, Resu...
apidays LIVE Paris 2021 - Detecting and Protecting PII by Rob Dickinson, Resu...apidays LIVE Paris 2021 - Detecting and Protecting PII by Rob Dickinson, Resu...
apidays LIVE Paris 2021 - Detecting and Protecting PII by Rob Dickinson, Resu...
 
WSO2 Integration Summit Johannesburg 2019 - Leveraging Enterprise Integration...
WSO2 Integration Summit Johannesburg 2019 - Leveraging Enterprise Integration...WSO2 Integration Summit Johannesburg 2019 - Leveraging Enterprise Integration...
WSO2 Integration Summit Johannesburg 2019 - Leveraging Enterprise Integration...
 
[WSO2 Integration Summit Nairobi 2019] Emerging Architecture Patterns: API-ce...
[WSO2 Integration Summit Nairobi 2019] Emerging Architecture Patterns: API-ce...[WSO2 Integration Summit Nairobi 2019] Emerging Architecture Patterns: API-ce...
[WSO2 Integration Summit Nairobi 2019] Emerging Architecture Patterns: API-ce...
 
apidays LIVE Hong Kong 2021 - Event-driven APIs & Schema governance for Apach...
apidays LIVE Hong Kong 2021 - Event-driven APIs & Schema governance for Apach...apidays LIVE Hong Kong 2021 - Event-driven APIs & Schema governance for Apach...
apidays LIVE Hong Kong 2021 - Event-driven APIs & Schema governance for Apach...
 
WSO2 - Yenlo Integration Summit Stuttgart 15 May 2019 - Decentralizing APIs f...
WSO2 - Yenlo Integration Summit Stuttgart 15 May 2019 - Decentralizing APIs f...WSO2 - Yenlo Integration Summit Stuttgart 15 May 2019 - Decentralizing APIs f...
WSO2 - Yenlo Integration Summit Stuttgart 15 May 2019 - Decentralizing APIs f...
 
[WSO2 Integration Summit San Francisco 2019] Digital Transformation: Through ...
[WSO2 Integration Summit San Francisco 2019] Digital Transformation: Through ...[WSO2 Integration Summit San Francisco 2019] Digital Transformation: Through ...
[WSO2 Integration Summit San Francisco 2019] Digital Transformation: Through ...
 
[APIdays INTERFACE 2021] Programming the Cloud through APIs
[APIdays INTERFACE 2021] Programming the Cloud through APIs[APIdays INTERFACE 2021] Programming the Cloud through APIs
[APIdays INTERFACE 2021] Programming the Cloud through APIs
 
[WSO2 Integration Summit Johannesburg 2019] Technology Market Outlook and Str...
[WSO2 Integration Summit Johannesburg 2019] Technology Market Outlook and Str...[WSO2 Integration Summit Johannesburg 2019] Technology Market Outlook and Str...
[WSO2 Integration Summit Johannesburg 2019] Technology Market Outlook and Str...
 
[WSO2 API Day Toronto 2019] Cloud-native Integration for the Enterprise
[WSO2 API Day Toronto 2019] Cloud-native Integration for the Enterprise[WSO2 API Day Toronto 2019] Cloud-native Integration for the Enterprise
[WSO2 API Day Toronto 2019] Cloud-native Integration for the Enterprise
 
[WSO2 Integration Summit Johannesburg 2019] Identity and Access Management in...
[WSO2 Integration Summit Johannesburg 2019] Identity and Access Management in...[WSO2 Integration Summit Johannesburg 2019] Identity and Access Management in...
[WSO2 Integration Summit Johannesburg 2019] Identity and Access Management in...
 
Cloud Native Application Integration With APIs
Cloud Native Application Integration With APIsCloud Native Application Integration With APIs
Cloud Native Application Integration With APIs
 
[WSO2 API Day Dallas 2019] Cloud-native Integration for the Enterprise
[WSO2 API Day Dallas 2019] Cloud-native Integration for the Enterprise[WSO2 API Day Dallas 2019] Cloud-native Integration for the Enterprise
[WSO2 API Day Dallas 2019] Cloud-native Integration for the Enterprise
 
[apidays LIVE HONK KONG] - OAS to Managed API in Seconds
[apidays LIVE HONK KONG] - OAS to Managed API in Seconds[apidays LIVE HONK KONG] - OAS to Managed API in Seconds
[apidays LIVE HONK KONG] - OAS to Managed API in Seconds
 

Similaire à [WSO2 Integration Summit San Francisco 2019] Protecting API Infrastructures — An AI-powered Solution for APIs from PingIntelligence & WSO2 API Manager

APIdays London 2019 - Why the Financial Industry Needs Intelligent API Securi...
APIdays London 2019 - Why the Financial Industry Needs Intelligent API Securi...APIdays London 2019 - Why the Financial Industry Needs Intelligent API Securi...
APIdays London 2019 - Why the Financial Industry Needs Intelligent API Securi...apidays
 
apidays LIVE Singapore 2021 - Novel approaches in API security by Dr Tal Stei...
apidays LIVE Singapore 2021 - Novel approaches in API security by Dr Tal Stei...apidays LIVE Singapore 2021 - Novel approaches in API security by Dr Tal Stei...
apidays LIVE Singapore 2021 - Novel approaches in API security by Dr Tal Stei...apidays
 
APIsecure 2023 - The Importance of Real-Time Protection in API Security, Jere...
APIsecure 2023 - The Importance of Real-Time Protection in API Security, Jere...APIsecure 2023 - The Importance of Real-Time Protection in API Security, Jere...
APIsecure 2023 - The Importance of Real-Time Protection in API Security, Jere...apidays
 
Catalyst 2015: Patrick Harding
Catalyst 2015: Patrick HardingCatalyst 2015: Patrick Harding
Catalyst 2015: Patrick HardingPing Identity
 
Layered API Security: What Hackers Don't Want You To Know
Layered API Security: What Hackers Don't Want You To KnowLayered API Security: What Hackers Don't Want You To Know
Layered API Security: What Hackers Don't Want You To KnowAaronLieberman5
 
Kondo-ing API Authorization
Kondo-ing API AuthorizationKondo-ing API Authorization
Kondo-ing API AuthorizationNordic APIs
 
The Case For Next Generation IAM
The Case For Next Generation IAM The Case For Next Generation IAM
The Case For Next Generation IAM Patrick Harding
 
What Hackers Don’t Want You To Know: How to Maximize Your API Security
What Hackers Don’t Want You To Know: How to Maximize Your API SecurityWhat Hackers Don’t Want You To Know: How to Maximize Your API Security
What Hackers Don’t Want You To Know: How to Maximize Your API SecurityAaronLieberman5
 
APIsecure 2023 - Discovery is the Starting Point for Defending APIs, Giora En...
APIsecure 2023 - Discovery is the Starting Point for Defending APIs, Giora En...APIsecure 2023 - Discovery is the Starting Point for Defending APIs, Giora En...
APIsecure 2023 - Discovery is the Starting Point for Defending APIs, Giora En...apidays
 
2022 APIsecure_The Real World, API Security Edition
2022 APIsecure_The Real World, API Security Edition2022 APIsecure_The Real World, API Security Edition
2022 APIsecure_The Real World, API Security EditionAPIsecure_ Official
 
WEBINAR: OWASP API Security Top 10
WEBINAR: OWASP API Security Top 10WEBINAR: OWASP API Security Top 10
WEBINAR: OWASP API Security Top 1042Crunch
 
OWASP API Security Top 10 - Austin DevSecOps Days
OWASP API Security Top 10 - Austin DevSecOps DaysOWASP API Security Top 10 - Austin DevSecOps Days
OWASP API Security Top 10 - Austin DevSecOps Days42Crunch
 
apidays London 2023 - APIs: The Attack Surface That Connects Us All, Stefan M...
apidays London 2023 - APIs: The Attack Surface That Connects Us All, Stefan M...apidays London 2023 - APIs: The Attack Surface That Connects Us All, Stefan M...
apidays London 2023 - APIs: The Attack Surface That Connects Us All, Stefan M...apidays
 
OWASP API Security Top 10 - API World
OWASP API Security Top 10 - API WorldOWASP API Security Top 10 - API World
OWASP API Security Top 10 - API World42Crunch
 
Keamanan Digital dan Privasi di Masa Pandemi-Taro Lay (Director-Kalama Cyber)
Keamanan Digital dan Privasi di Masa Pandemi-Taro Lay (Director-Kalama Cyber)Keamanan Digital dan Privasi di Masa Pandemi-Taro Lay (Director-Kalama Cyber)
Keamanan Digital dan Privasi di Masa Pandemi-Taro Lay (Director-Kalama Cyber)DicodingEvent
 
APIsecure 2023 - Exploring Advanced API Security Techniques and Technologies,...
APIsecure 2023 - Exploring Advanced API Security Techniques and Technologies,...APIsecure 2023 - Exploring Advanced API Security Techniques and Technologies,...
APIsecure 2023 - Exploring Advanced API Security Techniques and Technologies,...apidays
 

Similaire à [WSO2 Integration Summit San Francisco 2019] Protecting API Infrastructures — An AI-powered Solution for APIs from PingIntelligence & WSO2 API Manager (20)

APIdays London 2019 - Why the Financial Industry Needs Intelligent API Securi...
APIdays London 2019 - Why the Financial Industry Needs Intelligent API Securi...APIdays London 2019 - Why the Financial Industry Needs Intelligent API Securi...
APIdays London 2019 - Why the Financial Industry Needs Intelligent API Securi...
 
apidays LIVE Singapore 2021 - Novel approaches in API security by Dr Tal Stei...
apidays LIVE Singapore 2021 - Novel approaches in API security by Dr Tal Stei...apidays LIVE Singapore 2021 - Novel approaches in API security by Dr Tal Stei...
apidays LIVE Singapore 2021 - Novel approaches in API security by Dr Tal Stei...
 
Hacker vs AI
Hacker vs AI Hacker vs AI
Hacker vs AI
 
APIsecure 2023 - The Importance of Real-Time Protection in API Security, Jere...
APIsecure 2023 - The Importance of Real-Time Protection in API Security, Jere...APIsecure 2023 - The Importance of Real-Time Protection in API Security, Jere...
APIsecure 2023 - The Importance of Real-Time Protection in API Security, Jere...
 
Catalyst 2015: Patrick Harding
Catalyst 2015: Patrick HardingCatalyst 2015: Patrick Harding
Catalyst 2015: Patrick Harding
 
Layered API Security: What Hackers Don't Want You To Know
Layered API Security: What Hackers Don't Want You To KnowLayered API Security: What Hackers Don't Want You To Know
Layered API Security: What Hackers Don't Want You To Know
 
Kondo-ing API Authorization
Kondo-ing API AuthorizationKondo-ing API Authorization
Kondo-ing API Authorization
 
The Case For Next Generation IAM
The Case For Next Generation IAM The Case For Next Generation IAM
The Case For Next Generation IAM
 
What Hackers Don’t Want You To Know: How to Maximize Your API Security
What Hackers Don’t Want You To Know: How to Maximize Your API SecurityWhat Hackers Don’t Want You To Know: How to Maximize Your API Security
What Hackers Don’t Want You To Know: How to Maximize Your API Security
 
Enhancing your Security APIs
Enhancing your Security APIsEnhancing your Security APIs
Enhancing your Security APIs
 
APIsecure 2023 - Discovery is the Starting Point for Defending APIs, Giora En...
APIsecure 2023 - Discovery is the Starting Point for Defending APIs, Giora En...APIsecure 2023 - Discovery is the Starting Point for Defending APIs, Giora En...
APIsecure 2023 - Discovery is the Starting Point for Defending APIs, Giora En...
 
2022 APIsecure_The Real World, API Security Edition
2022 APIsecure_The Real World, API Security Edition2022 APIsecure_The Real World, API Security Edition
2022 APIsecure_The Real World, API Security Edition
 
WEBINAR: OWASP API Security Top 10
WEBINAR: OWASP API Security Top 10WEBINAR: OWASP API Security Top 10
WEBINAR: OWASP API Security Top 10
 
OWASP API Security Top 10 - Austin DevSecOps Days
OWASP API Security Top 10 - Austin DevSecOps DaysOWASP API Security Top 10 - Austin DevSecOps Days
OWASP API Security Top 10 - Austin DevSecOps Days
 
apidays London 2023 - APIs: The Attack Surface That Connects Us All, Stefan M...
apidays London 2023 - APIs: The Attack Surface That Connects Us All, Stefan M...apidays London 2023 - APIs: The Attack Surface That Connects Us All, Stefan M...
apidays London 2023 - APIs: The Attack Surface That Connects Us All, Stefan M...
 
OWASP API Security Top 10 - API World
OWASP API Security Top 10 - API WorldOWASP API Security Top 10 - API World
OWASP API Security Top 10 - API World
 
Keamanan Digital dan Privasi di Masa Pandemi-Taro Lay (Director-Kalama Cyber)
Keamanan Digital dan Privasi di Masa Pandemi-Taro Lay (Director-Kalama Cyber)Keamanan Digital dan Privasi di Masa Pandemi-Taro Lay (Director-Kalama Cyber)
Keamanan Digital dan Privasi di Masa Pandemi-Taro Lay (Director-Kalama Cyber)
 
CASB — Your new best friend for safe cloud adoption?
CASB — Your new best friend for safe cloud adoption? CASB — Your new best friend for safe cloud adoption?
CASB — Your new best friend for safe cloud adoption?
 
Adapt or Die Sydney - API Security
Adapt or Die Sydney - API SecurityAdapt or Die Sydney - API Security
Adapt or Die Sydney - API Security
 
APIsecure 2023 - Exploring Advanced API Security Techniques and Technologies,...
APIsecure 2023 - Exploring Advanced API Security Techniques and Technologies,...APIsecure 2023 - Exploring Advanced API Security Techniques and Technologies,...
APIsecure 2023 - Exploring Advanced API Security Techniques and Technologies,...
 

Plus de WSO2

Driving Innovation: Scania's API Revolution with WSO2
Driving Innovation: Scania's API Revolution with WSO2Driving Innovation: Scania's API Revolution with WSO2
Driving Innovation: Scania's API Revolution with WSO2WSO2
 
Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data PlatformLess Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data PlatformWSO2
 
Modernizing Legacy Systems Using Ballerina
Modernizing Legacy Systems Using BallerinaModernizing Legacy Systems Using Ballerina
Modernizing Legacy Systems Using BallerinaWSO2
 
WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...
WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...
WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...WSO2
 
WSO2CON 2024 Slides - Unlocking Value with AI
WSO2CON 2024 Slides - Unlocking Value with AIWSO2CON 2024 Slides - Unlocking Value with AI
WSO2CON 2024 Slides - Unlocking Value with AIWSO2
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityWSO2
 
Quantum Leap in Next-Generation Computing
Quantum Leap in Next-Generation ComputingQuantum Leap in Next-Generation Computing
Quantum Leap in Next-Generation ComputingWSO2
 
WSO2CON 2024 - Elevating the Integration Game to the Cloud
WSO2CON 2024 - Elevating the Integration Game to the CloudWSO2CON 2024 - Elevating the Integration Game to the Cloud
WSO2CON 2024 - Elevating the Integration Game to the CloudWSO2
 
WSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & Innovation
WSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & InnovationWSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & Innovation
WSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & InnovationWSO2
 
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open SourceWSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open SourceWSO2
 
WSO2CON 2024 Slides - Open Source to SaaS
WSO2CON 2024 Slides - Open Source to SaaSWSO2CON 2024 Slides - Open Source to SaaS
WSO2CON 2024 Slides - Open Source to SaaSWSO2
 
WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2
 
WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...
WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...
WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...WSO2
 
WSO2CON 2024 - Architecting AI in the Enterprise: APIs and Applications
WSO2CON 2024 - Architecting AI in the Enterprise: APIs and ApplicationsWSO2CON 2024 - Architecting AI in the Enterprise: APIs and Applications
WSO2CON 2024 - Architecting AI in the Enterprise: APIs and ApplicationsWSO2
 
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...WSO2
 
WSO2CON 2024 - Software Engineering for Digital Businesses
WSO2CON 2024 - Software Engineering for Digital BusinessesWSO2CON 2024 - Software Engineering for Digital Businesses
WSO2CON 2024 - Software Engineering for Digital BusinessesWSO2
 
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...WSO2
 
WSO2CON 2024 - Designing Event-Driven Enterprises: Stories of Transformation
WSO2CON 2024 - Designing Event-Driven Enterprises: Stories of TransformationWSO2CON 2024 - Designing Event-Driven Enterprises: Stories of Transformation
WSO2CON 2024 - Designing Event-Driven Enterprises: Stories of TransformationWSO2
 
WSO2CON 2024 - Not Just Microservices: Rightsize Your Services!
WSO2CON 2024 - Not Just Microservices: Rightsize Your Services!WSO2CON 2024 - Not Just Microservices: Rightsize Your Services!
WSO2CON 2024 - Not Just Microservices: Rightsize Your Services!WSO2
 
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...WSO2
 

Plus de WSO2 (20)

Driving Innovation: Scania's API Revolution with WSO2
Driving Innovation: Scania's API Revolution with WSO2Driving Innovation: Scania's API Revolution with WSO2
Driving Innovation: Scania's API Revolution with WSO2
 
Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data PlatformLess Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
 
Modernizing Legacy Systems Using Ballerina
Modernizing Legacy Systems Using BallerinaModernizing Legacy Systems Using Ballerina
Modernizing Legacy Systems Using Ballerina
 
WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...
WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...
WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...
 
WSO2CON 2024 Slides - Unlocking Value with AI
WSO2CON 2024 Slides - Unlocking Value with AIWSO2CON 2024 Slides - Unlocking Value with AI
WSO2CON 2024 Slides - Unlocking Value with AI
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
Quantum Leap in Next-Generation Computing
Quantum Leap in Next-Generation ComputingQuantum Leap in Next-Generation Computing
Quantum Leap in Next-Generation Computing
 
WSO2CON 2024 - Elevating the Integration Game to the Cloud
WSO2CON 2024 - Elevating the Integration Game to the CloudWSO2CON 2024 - Elevating the Integration Game to the Cloud
WSO2CON 2024 - Elevating the Integration Game to the Cloud
 
WSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & Innovation
WSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & InnovationWSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & Innovation
WSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & Innovation
 
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open SourceWSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
 
WSO2CON 2024 Slides - Open Source to SaaS
WSO2CON 2024 Slides - Open Source to SaaSWSO2CON 2024 Slides - Open Source to SaaS
WSO2CON 2024 Slides - Open Source to SaaS
 
WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?
 
WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...
WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...
WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...
 
WSO2CON 2024 - Architecting AI in the Enterprise: APIs and Applications
WSO2CON 2024 - Architecting AI in the Enterprise: APIs and ApplicationsWSO2CON 2024 - Architecting AI in the Enterprise: APIs and Applications
WSO2CON 2024 - Architecting AI in the Enterprise: APIs and Applications
 
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
 
WSO2CON 2024 - Software Engineering for Digital Businesses
WSO2CON 2024 - Software Engineering for Digital BusinessesWSO2CON 2024 - Software Engineering for Digital Businesses
WSO2CON 2024 - Software Engineering for Digital Businesses
 
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
 
WSO2CON 2024 - Designing Event-Driven Enterprises: Stories of Transformation
WSO2CON 2024 - Designing Event-Driven Enterprises: Stories of TransformationWSO2CON 2024 - Designing Event-Driven Enterprises: Stories of Transformation
WSO2CON 2024 - Designing Event-Driven Enterprises: Stories of Transformation
 
WSO2CON 2024 - Not Just Microservices: Rightsize Your Services!
WSO2CON 2024 - Not Just Microservices: Rightsize Your Services!WSO2CON 2024 - Not Just Microservices: Rightsize Your Services!
WSO2CON 2024 - Not Just Microservices: Rightsize Your Services!
 
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
 

Dernier

Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024SynarionITSolutions
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024The Digital Insurer
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 

Dernier (20)

Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 

[WSO2 Integration Summit San Francisco 2019] Protecting API Infrastructures — An AI-powered Solution for APIs from PingIntelligence & WSO2 API Manager

  • 1. PROTECTING API INFRASTRUCTURES Baber Amin CTO West, Ping Identity Copyright ©2019 Ping Identity Corporation. All rights reserved.1 An AI-Powered Solution from Ping Identity & WSO2
  • 2. IT’S A NEW DIGITAL ERA … And your most valuable assets are now accessed via APIs! Copyright ©2019 Ping Identity Corporation. All rights reserved.2
  • 3. “Discover Your APIs Before Attackers Discover them” "By 2022 API breaches will become the top attack vector that results in data loss” LACK OF VISIBILITY - A BIG PROBLEM ”API Security: What You Need to Do to Protect Your APIs”, Gartner, August 2019Copyright ©2019 Ping Identity Corporation. All rights reserved.3
  • 4. Copyright ©2019 Ping Identity Corporation. All rights reserved. • 45% not confident in ability to detect malicious API access • 51% not confident in security team’s awareness of all APIs 2018 Growth in Number of APIs Growth in Number of Attacks API Security Survey: Average Time to Detect First Breach 2018 Verizon DBIR Reactive -> Proactive RECENT API ATTACKS – MOST ARE UNDETECTED 4
  • 5. 5 • DDoS Protection • Transport Security • Rule based Sec. • OWASP Top 10 • Fraud Detection • Browser Validation • Rate Limiting • Encryption/Signing Brute Force Data ExtractionStolen Tokens Acct. Takeover API DDoS API TAKE OVER Partner Breach Partner Abuse CDNA DC WAF Bot Detection API GW Data Theft APIs/Data ATTACK GO THROUGH EXISTING DEFENSES EVERYTIME Copyright © 2019, Ping Identity Corporation. All rights reserved. “Organizations are using Web Application Firewalls (WAF), NextGen WAFs, Bot Detection systems, and “secured” CDNs … and are still being breached!” Copyright ©2019 Ping Identity Corporation. All rights reserved.
  • 6. Copyright ©2019 Ping Identity Corporation. All rights reserved.6 • Hacker uses valid account to access app and API – and is an authenticated user • Hacker reverse-engineers API logic • Uses discovered vulnerabilities to access other accounts • Takes over accounts and steal data, photos, private information • Continues for months Uses a valid account Account #1 Account #2 Account #3 Account #4 Account #5 harvest API TAKE OVER ATTACK – LOOKING LIKE A NORMAL USER
  • 7. App & UI User API Data Service Hacker Tools API Data Service • Client-side rules and GUI skipped • Unexpected and untested-for API abuse scenarios – vulnerabilities • “Sniffer” on API traffic exchange • Freedom to poke around and find bugs and exploits • Finds way to get to account data without credentials Skip That Copyright ©2019 Ping Identity Corporation. All rights reserved.7 HACKERS USE YOUR API OUTSIDE OF YOUR APP
  • 8. DATA EXFILTRATION SCENARIO 8 Copyright ©2019 Ping Identity Corporation. All rights reserved.
  • 9. 9 Copyright ©2019 Ping Identity Corporation. All rights reserved.
  • 10. Security Beyond Access Control Security Beyond WAF ▪ Extending Foundational API security to protect against cyberattacks on APIs ▪ Security needs beyond existing security: • Knowing about all APIs • Identify Pre and Post login attacks • Login/Identity attack detection • API-specific DoS/DDoS attacks protection • Detecting Cyberattacks on data, apps, systems ▪ Need full API activity reporting at scale API SECURITY TODAY Access Control and WAF Tokens, Authentication/Authorization/Attack Signatures Rate Limiting Client throttling, quotas Network Privacy SSL/TLS THE MISSING PIECES Data, Application, System Attacks APTs, Data Exfiltration, Deletion…etc. API DoS/DDoS Targeted Attacks Compromised API Services Access Login/OAuth/Authentication Attacks Credential Stuffing, Fuzzing, Stolen Cookies and Tokens ADDRESSING API SECURITY GAPS WITH AI Confidential - Do not distribute. Copyright © 2019, Ping Identity Corporation. All rights reserved.10
  • 11. PERSISTING API SECURITY ISSUES ▪ Unexpected and untested ”outside-the-app” scenarios ▪ Bugs and vulnerabilities ▪ Deficit of available expertise ▪ No real-time security focus ▪ Downstream vulnerabilities ▪ Users: phish, password reuse ▪ Clients that can’t keep secrets ▪ Bearer tokens Foundational API security blind spots External Vulnerabilities HOW TO MITIGATE THESE PERSISTENT VULNERABILITIES? Copyright ©2019 Ping Identity Corporation. All rights reserved.11
  • 12. MITIGATE THESE PERSISTING RISKS BY LEVERAGING AI TO IDENTIFY GOOD AND BAD TRAFFIC MODEL • Learn from API traffic • Build model for legit apps DETECT • Inspect runtime traffic • Look for deviations from model BLOCK • Block compromised tokens, cookies, … • Notify / Alert Copyright ©2019 Ping Identity Corporation. All rights reserved.12
  • 13. 13 IDENTIFYING GOOD AND BAD TRAFFIC Copyright © 2019, Ping Identity Corporation. All rights reserved. Authentication System API Disruption • System “misfiring” and flooding API fabric due to system misconfiguration or bugBad System • Partner use of API for unintended purposes e.g. Cambridge Analytica on FacebookAPI Misuse • Extraction of customer data against company policy • Disgruntled employee abuses Insider Abuse • Compromise accounts via APIs • Extraction, injection and other attacksHacker Attack Copyright ©2019 Ping Identity Corporation. All rights reserved.
  • 14. FRIENDLY FIRE SCENARIO 14 Copyright ©2019 Ping Identity Corporation. All rights reserved.
  • 15. 15 Copyright ©2019 Ping Identity Corporation. All rights reserved.
  • 16. DISCOVERY & VISIBILITY SCENARIO 16 Copyright ©2019 Ping Identity Corporation. All rights reserved.
  • 17. Copyright ©2019 Ping Identity Corporation. All rights reserved.17
  • 18. Sideband Deployment APIs Users and Applications PingIntelligence For APIs PingIntelligence For APIs AI-Powered Cyberattacks Detection Automated Advanced, Attack Blocking API Deception / Honeypot Deep API Traffic Inspection and Reporting Deploy via “drop-in” pre-configured policy COMPREHENSIVE API SECURITY WITH Ping Identity AND WSO2 18 Copyright © 2019, Ping Identity Corporation. All rights reserved.
  • 19. Scalable Multi-Cloud API Platform AI-powered Threat Protection for APIs Data & Application Attacks Advanced Persistent Threats, Data exfiltration, Deletion DoS & DDoS Attacks DDoS API attack, Login service DDoS attack, Botnet attacking API Login Attacks Stolen tokens or cookies, Credential stuffing, fuzzing, Message Security JSON/XML threat protection, SQL injection, XSS, Schema validation, Encryption & signature, Redaction, AV scanning Access Control Authentication, Authorization, Token Translation Rate Limiting Client throttling, Provider throttling, Quotas Network Privacy SSL/TLS PingIntelligence for APIs COMPREHENSIVE AI-POWERED SECURITY Copyright © 2019, Ping Identity Corporation. All rights reserved.19 19
  • 20. ATTACKS AND BLOCKING FACTORS Detect these: • Authentication systems attacks • Data and application attacks • API DoS/DDoS attacks • API misuse • Systems misfiring • Insider threats Block by: • User identity • Token • API Key • Cookie • IP Copyright © 2019, Ping Identity Corporation. All rights reserved.2020
  • 21. 21 Copyright ©2019 Ping Identity Corporation. All rights reserved. VISIBILITY AND SCALING FOR LARGE ENTERPRISE SINGLE PANE OF GLASS • Continuous API Auto discovery • Single or multi-datacenter deployment • Support mix of API implementations • API activity across any datacenter • Centralized AI processing and visibility • Common models across all sites • Components can be distributed • Common Dashboard views • Centralized or distributed reporting PingIntelligence for APIs API Gateway Clusters
  • 22. CONCLUSION – WSO2 AND PING ▪ Faster detection of API breaches ▪ Augments foundational API security ▪ Help sort out good and bad traffic ▪ Identify “abnormal” without static rules ▪ Single pane of glass for all clusters and datacenter – deep visibility and reporting Copyright ©2019 Ping Identity Corporation. All rights reserved.22 PingIntelligence for APIs ® API Discovery Attack Blocking Deep Reporting APIs APIs APIs
  • 23. Copyright ©2019 Ping Identity Corporation. All rights reserved. 2 3 Award Winning API Cybersecurity
  • 24. YOU CAN’T PROTECT WHAT YOU CAN’T SEE. Gain Deeper Insights into API Activity to Reveal Hidden Traffic and Vulnerabilities. Take a closer look. Get rewarded. Learn more & sign up at www.pingidentity.com/RevealHiddenAPITraffic Win an Arlo camera!
  • 25. Q&A Copyright ©2019 Ping Identity Corporation. All rights reserved.25