APIsecure 2023 - AI in API Security, Carolina Ruiz (Brier & Thorn)
0 likes20 views
The document discusses the role of artificial intelligence in API security, emphasizing its necessity for preventing security breaches and managing access. It outlines the limitations of current API management solutions and presents AI tools like Salt Security, Cequence Security, Wallarm, and Ping Identity that enhance API protection through continuous monitoring and advanced authentication methods. The document highlights the importance of implementing AI to detect and prevent sophisticated attacks on APIs for enterprises.
APIsecure 2023 - AI in API Security, Carolina Ruiz (Brier & Thorn)
- 1. Artificial Intelligence in API SECURITY B Y C A R O L I N A R U I Z
- 2. ABOUT ME Business Executive, Entrepreneur, and Business Leader, Chief Executive Officer at Brier & Thorn Mexico. As part of the founding employees, with the entry role as a Project Manager, Internal Auditor and subsequently promoted to CEO for Mexico and Latin-American markets and Head of Managed Services Practices Internationally. Lead ISO 27001 auditor with experience in Information Security Management Systems Development, Risk Assessments, and Internal/External Audit support for clients as it relates to ISO 27001, SOC 2, and PCI DSS security standards.
- 3. Artificial Intelligence in Cybersecurity Threats Open AI ChatGPT, launched in November of 2022 it has been the platform that has made artificial intelligence publicly available. Ben-Moshe, S., Gekker, G., & Cohen, G. (2022, December 19). OPWNAI: AI THAT CAN SAVE THE DAY OR HACK IT AWAY. Cp. https://research.checkpoint.com/2022/opwnai-ai-that-can-save-the-day-or- hack-it-away/
- 4. API gateways perform several static security scans to prevent attacks such as SQL injection, cohesive parsing attacks, entity expansion attacks, and schema poisoning, among others. 01 Static security checks API gateways use authentication to distinguish each API user uniquely. Basic authentication, OAuth 2.0, JWT security, and certificate-based security are commonly supported by API gateway solutions. 03 Authentication Dynamic security checks differ from static security scans in that they are continuously checking against varying factors, often involving validating request data against existing data. 02 Dynamic security checks AI in API Security As part of Traditional API Security, Every API management solution must include rule-based and policy-based security checks, which can be performed either statically or dynamically. These checks are essential for maintaining security and managing access to APIs.
- 5. Limitations of current API Management Solutions -API gateways are responsible for managing multiple web services and often handle a large number of sessions associated with the APIs they manage. While policies and processes can be applied to analyze all these sessions, it can still be challenging for gateways to inspect every request without additional computational power. In other words, the sheer volume of requests and sessions can make it difficult for gateways to thoroughly examine each one. -API Management solutions are not equipped to deal with internal attacks when users with valid credentials and access leverage it to execute attacks on the systems. -Even if we increase the policies and rules added to the API gateway, the cost for the overhead required to support this would be cost- prohibited for most companies.
- 6. Using AI as a security layer APIs are essential for enterprises and are increasingly becoming attractive targets for hackers and malicious users. To have a successful API security strategy, baseline requirements include policy-based mechanisms such as authentication, authorization, payload scanning, schema validation, throttling, and rate limiting. However, to fully protect against the most advanced security attacks, AI models are necessary to continuously monitor and analyze all API activity. By doing so, enterprises can identify potential security threats and prevent security breaches before they occur. Anomaly Detection Fraud Detection Enhance Access Control
- 7. Let's talk about tools Salt Security: This tool uses AI and machine learning to automatically discover and classify APIs, detect and prevent API attacks, and provide continuous API security. Cequence Security: An AI-based security tool that uses machine learning algorithms to detect and prevent automated bot attacks targeting APIs. It provides real-time threat detection and protection against API-centric cyber-attacks, including credential stuffing, API abuse, and data scraping. Wallarm: A cloud-native application security tool that uses AI-based behavioral analysis to protect APIs and applications against known and unknown threats. It provides real-time monitoring and protection against OWASP Top 10 vulnerabilities, as well as API-specific threats such as account takeover, data exfiltration, and injection attacks. Ping Identity: An AI-based identity and access management tool that offers API security as part of its capabilities. It provides advanced authentication and authorization features, including multi-factor authentication, adaptive authentication, and contextual access control, to secure API access and prevent unauthorized access and data breaches.
- 8. Thank You STUDIO SHODWE F O L L O W U S I N S O C I A L M E D I A https://www.facebook.com/brierandthorn/ https://www.linkedin.com/company/brier-&-thorn/ @brierandthorn https://www.facebook.com/brierandthornmx/ https://mx.linkedin.com/company/brier-&-thorn-mexico-s-a-p-i-de-c-v @Brier&ThornMX Brier & Thorn Mexico Brier & Thorn Inc.