Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.

apidays LIVE Singapore - Novel approaches in API security by Dr Tal Steinherz, Syber.ai

apidays LIVE Singapore 2021 - Digitisation, Connected Services and Embedded Finance
April 21 & 22, 2021

Novel approaches in API security
Dr Tal Steinherz, CTO at Syber.ai

  • Als Erste(r) kommentieren

  • Gehören Sie zu den Ersten, denen das gefällt!

apidays LIVE Singapore - Novel approaches in API security by Dr Tal Steinherz, Syber.ai

  1. 1. Dr. Tal Steinherz, Co-Founder & CTO Syber.ai Novel approaches in API security
  2. 2. Today’s speaker Former CTO, Israel National Cyber Directorate Former head of Cyber R&D division in the Prime Minister’s office A record of delivering groundbreaking innovations PhD in machine learning Dr. Tal Steinherz, CTO 2
  3. 3. API Protection is a Major Issue
  4. 4. We live in an API Economy. Everyone needs API protection “By 2022, 50% of web attacks will be through APIs” Gartner 4 “There is an 83% to 17% split between API and HTML traffic on our secure content delivery network” Akamai, Feb ‘19 “The size of the API economy was $2.2 Trillion in 2018” Ovum
  5. 5. APIs present: Insecurity by Design
  6. 6. What makes API so vulnerable? • Open architecture • Agile development cycles • Many stakeholders • Uncontrolled users 6
  7. 7. Companies face many API-related concerns • Are there APIs that the organization is not aware of? • Is there personal information that is leaking? • Are we compliant with regulations? (HIPAA, Open Banking) • Who is using our APIs? • Is the usage authorized and reasonable? 7
  8. 8. Confidential What does good API protection include? 8 Hacking Malicious actors attacking the APIs Abuse Customers with valid credentials that are abusing their privileges. A revenue assurance risk Data Leaks Misconfiguration leading to personal information leaks A regulatory concern.
  9. 9. What Is Required?
  10. 10. 10 Specific requirements • Agentless • Hybrid (on-prem and in the cloud) • Transparent (no performance penalties) • For some customers: compliant with (privacy) regulations • Adjustable (to business logic) General requirements • API discovery • Anomaly detection • Investigation • Remediation
  11. 11. How Should One Protect APIs?
  12. 12. The Spectrum of API Security Solutions Development Production RASP API collaboration tools OpenAPI validation API BAS WAF Anti-bot API GW Network-based API monitoring RASP = Runtime Application Self Protection BAS = Breach and Attack Simulation API Agents Goal: design, document and perform development testing of APIs Goal: protect organizations against malicious API attacks, API data leaks and API abuses
  13. 13. A novel approach: Deep Message Inspection
  14. 14. • Content (payload) inspection • Multi-level profiling for every interaction between any user and any endpoint • PII detection and association • Time series and correlation 14
  15. 15. The importance of Deep Message Inspection • Discovers APIs and builds an API catalog • Detects leaking personal information • Offers vertical-specific intelligence: Open Banking, HIPAA • Cross-correlates multiple profiles to reduce false alerts • Detects APIs that deviate from their Swagger/GraphQL definitions • Captures API sessions of interest for deeper inspection and analysis 15
  16. 16. Extracting valuable information APIs carry a lot of repetitive data, Identifying the unique information allows us to: • Detect anomalies • Dramatically reduce the storage required to store significant transaction history 16
  17. 17. Example : Banking API 17 Endpoint identifier DF56KR User ID 5934023 Account number 891 5533 4567 $15,430 -- -- Account number 891 5577 1234 $79,023 -- -- Account number 891 5533 4567 $15,430 Credit rating 640 -- -- Account number 891 5533 4567 $15,430 Account number 891 5533 4568 $4,699 Account number 891 5533 4569 $1,700 Normal: Someone else’s data: Data leak: Potential attack:
  18. 18. Confidential Contact Information 18 https://www.linkedin.com/in/talsteinherz/ Tal@syber.ai https://syber.ai/
  19. 19. The importance of profiling on multiple dimensions 19 The benefits of multi-dimensional profiling • Profiling in multiple dimensions helps discover the full range of threats • Cross-correlating these dimensions dramatically reduces false alarms What we profile • Call: a single API request/response pair • Session: a set of consecutive API calls with the same credentials • User: a history of sessions for each user • IP: aggregated calls from the same IP address over time • API: all calls to the same API endpoint
  20. 20. The Importance of flexible deployment models 20 As an API Proxy • Instant deployment • Useful for 3rd party cloud-to-cloud (e.g. Teams to Hubspot, Salesforce to Marketo) • Can filter traffic As an API Sniffer • Receive a copy of the API Traffic • Supports cloud and on-prem deployments • Agentless • No impact on API reliability • No impact on API performance
  21. 21. Confidential The API protection problem is nearing an inflection point 21 Regulations Privacy regulations mandate securing the APIs Remote access Fewer in-person transactions. More remote work CISOs understand Existing security solutions don’t work for APIs Open banking Regulators forcing banks to open their API Hackers notice APIs are the next frontier in cybercrime
  22. 22. Typical on-premise deployment 22 API Servers Clients API Calls Load Balancer & SSL Terminator Tap API Sniffer Best Practices • Agentless • Not in-line • Vendor-agnostic
  23. 23. Confidential It is important to understand the specific API issues of each business process Generic API issues API issues specific to Open Banking API issues specific to Health applications API issues specific to Insurance API issues specific to Insurance API issues specific to Insurance API issues specific to Insurance 23
  24. 24. Supporting cloud AND on-prem deployments 24 On-prem is important because • Many organizations still have most of their APIs on-prem. Thus, cloud-only solutions are not sufficient • GDPR and other regulations are causing some companies to remain on-prem • Cloud bills are causing some organizations to return to on-prem • On-prem installations have greater risk of misconfigurations and risk Cloud is important because • New-economy companies are cloud- centric • Many established organizations are moving to the cloud
  25. 25. We live in an API Economy. Everyone needs API security “By 2022, 50% of web attacks will be through APIs” Gartner 25 “There is an 83% to 17% split between API and HTML traffic on our secure content delivery network” Akamai, Feb ‘19

×