apidays London 2023 - Advanced AI-powered API Security, Ricky Moorhouse (IBM) & Filip Verloy (Noname Security)

apidays
apidaysapidays
Advanced API Security Filip Verloy Field CTO, Noname Security Ricky Moorhouse Cloud Architect, API Connect, IBM
API Security is a superhuman problem. It requires Machine Learning to solve. Learn more 15,564 76% 37 days The 2022 API Security Trends Report Whitepaper Average number of Production Enterprise APIs of organizations experienced a security breach in the past year 27 days for discovery 10 days for remediation per incident 2
3 Development Secure at Runtime Analyze Behavior Manage Design Test Discover unmanaged Control Access Protect Endpt Validate content Limit rate Detect Notify Mediate / Stop attack Predict Continuous Monitor Security capabilities across the API lifecycle © 2023 IBM Corporation API Lifecycle Security policy
IBM API Connect powers digital applications by unlocking business data and assets as APIs IBM API Connect Socialize Empower application developers to explore and consume your APIs using branded self-service portals Secure Easily apply built-in and extensible policies to secure, control and mediate the delivery of APIs protecting data and business assets Create Automatically create APIs to expose data, microservices, enterprise applications, and SaaS services using open standards Manage Rapidly organize, publish and analyze any API through the full lifecycle from design to retire
Gateway 5 IBM DataPower Gateway is an industry leading, high security gateway for modern, traditional and hybrid cloud workloads Secure Easily apply built-in and extensible policies to secure access to a full range of API, Mobile, Web, SOA, B2B, and Cloud workloads at all stages. Integrate Combine modern event-based and API workloads with traditional services with advanced protocol bridging and message transformation support. Control Protect applications from over utilization with traffic control and quota enforcements. Optimize Improve response times and throughput by controlling message traffic with application caching and advanced routing.
IBM DataPower 6 Provide security, control, integration and optimized access to enterprise business process TLS Termination AAA Token exchange Message protection Message transform, rate limit & many others Harden capabilities in Gateway to make it an excellent Policy Enforcement Point
IBM DataPower 7 Provide security, control, integration and optimized access to enterprise business process TLS Termination AAA Token exchange Message protection Message transform, rate limit & many others Harden capabilities in Gateway to make it an excellent Policy Enforcement Point Record ML Policy Decision Point Rules IP Cookie Header Query
Detect and block API attacks with real-time traffic analysis powered by machine learning Uncover vulnerabilities and misconfigurations to speed remediation and ensure compliance Runtime API Security Posture Management Augment IBM API Connect & DataPower with Advanced API Security powered by Machine Learning Locate and inventory all of your APIs regardless of configuration Discovery Extend API Connect and DataPower (API Gateway)’s already powerful enterprise-grade performance and security with new Discovery, Posture Management and runtime Behavioral Threat Detection, powered by Noname Security. 8
It is as easy as dropping a policy at the API assembly step 9
Gateway Noname Advanced API Security Policy Noname Advanced API Security Policy How it Works – High Level Architecture API Consumers Protection Rules Analytics Records API definitions & Application Details API Call Information ML Policy Decision Point
Records
Rules
OOTB OWASP TOP 10
Categorize Data (e.g. PII)
| © Noname Security. All rights reserved 15 Deployment - SaaS SaaS Deployment
| © Noname Security. All rights reserved 16 OnPrem Deployment
17 Noname Advanced API Security for IBM
Learn more 01 Explore the product 02 Explore the partnership 03 Visit the IBM booth Talk to an SME, see a demo, or check out a 10-minute SmartTalk 18 ibm.biz/api-security nonamesecurity.com/ibm
Backup 19
IBM DataPower Interne t Consumer Mobile Consumer Cloud Apps & Services Firewall / Load Balancer Application Application System z Mobile Application Server Application Provide security, control, integration and optimized access to enterprise business process TLS Termination AAA Token exchange Message protection Message transform, rate limit & many others Harden capabilities in Gateway to make it an excellent Policy Enforcement Point
IBM DataPower Interne t Consumer Mobile Consumer Cloud Apps & Services Firewall / Load Balancer Application Application System z Mobile Application Server Application Record ML Policy Decision Point Rules IP Cookie Header Query Provide security, control, integration and optimized access to enterprise business process TLS Termination AAA Token exchange Message protection Message transform, rate limit & many others
IBM API Connect powers digital applications by unlocking business data and assets as APIs IBM API Connect Socialize Empower application developers to explore and consume your APIs using branded self-service portals Secure Easily apply built-in and extensible policies to secure, control and mediate the delivery of APIs protecting data and business assets Create Automatically create APIs to expose data, microservices, enterprise applications, and SaaS services using open standards Manage Rapidly organize, publish and analyze any API through the full lifecycle from design to retire
IBM API Connect Interne t Consumer Mobile Consumer Cloud Apps & Services Firewall / Load Balancer Application Application System z Mobile Application Server Application Runtime api information API Definition(security, schema ..) Application information (credential ..) Provide a full life cycle API management solution
IBM API Connect Interne t Consumer Mobile Consumer Cloud Apps & Services Firewall / Load Balancer Application Application System z Mobile Application Server Application Runtime api information API Definition(security, schema ..) Application information (credential ..) Provide a full life cycle API management solution ML Policy Decision Point IP Cookie Header Query Record Noname API Advanced Security Policy Noname API Advanced Security Policy Rules
IBM API Connect powers digital applications by unlocking business data and assets as APIs API Management Socialize Empower application developers to explore and consume your APIs using branded self-service portals Secure Easily apply built-in and extensible policies to secure, control and mediate the delivery of APIs protecting data and business assets Create Automatically create APIs to expose data, microservices, enterprise applications, and SaaS services using open standards Manage Rapidly organize, publish and analyze any API through the full lifecycle from design to retire 2 © 2023 IBM Corporation
Gateway 26 IBM DataPower Gateway is an industry leading, high security gateway for modern, traditional and hybrid cloud workloads Secure Easily apply built-in and extensible policies to secure access to a full range of API, Mobile, Web, SOA, B2B, and Cloud workloads at all stages. Integrate Combine modern event-based and API workloads with traditional services with advanced protocol bridging and message transformation support. Control Protect applications from over utilization with traffic control and quota enforcements. Optimize Improve response times and throughput by controlling message traffic with application caching and advanced routing.
Noname Security extends the capabilities of IBM DataPower and IBM API Connect to enable organizations to provide advanced security of APIs throughout their lifecycle. Find API security issues faster Intelligently identify and prioritize potential vulnerabilities. Remediate manually, semi- automatically or fully- automatically. Discover the unmanaged Catch vulnerabilities and issues earlier, and prioritize based on impact to reduce remediation costs. Ensure compliance Continuously monitor for compliance with regulatory requirements, industry standards and internal policies. See through the noise Conduct real-time traffic analysis with automated AI and machine learning detection, and use automated remediation to stop attacks in real time. Intelligent asset management
1 de 27

apidays London 2023 - Advanced AI-powered API Security, Ricky Moorhouse (IBM) & Filip Verloy (Noname Security)

Descargar para leer sin conexión
Datos y análisis

apidays London 2023 - APIs for Smarter Platforms and Business Processes September 13 & 14, 2023 Advanced AI-powered API Security Ricky Moorhouse, Cloud Architect at IBM API Connect Filip Verloy, Field CTO at Noname Security ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

apidays
apidaysapidays

Recomendados

Enterprise API deployment best practice por
Enterprise API deployment best practiceEnterprise API deployment best practice
Enterprise API deployment best practiceSanjay Roy
1.5K vistas20 diapositivas
2015/06/12 - IBM Systems & Middleware - IBM DataPower and API Management por
2015/06/12 - IBM Systems & Middleware - IBM DataPower and API Management2015/06/12 - IBM Systems & Middleware - IBM DataPower and API Management
2015/06/12 - IBM Systems & Middleware - IBM DataPower and API ManagementRui Santos
2.3K vistas22 diapositivas
Platform for Secure Digital Business por
Platform for Secure Digital BusinessPlatform for Secure Digital Business
Platform for Secure Digital BusinessAkana
1.3K vistas58 diapositivas
IBM DataPower Gateway - Common Use Cases por
IBM DataPower Gateway - Common Use CasesIBM DataPower Gateway - Common Use Cases
IBM DataPower Gateway - Common Use CasesIBM DataPower Gateway
97.5K vistas91 diapositivas
Datapowercommonusecases 130509114200-phpapp02 por
Datapowercommonusecases 130509114200-phpapp02Datapowercommonusecases 130509114200-phpapp02
Datapowercommonusecases 130509114200-phpapp02Krystel Hery
254 vistas91 diapositivas
Datapowercommonusecases 130509114200-phpapp02 por
Datapowercommonusecases 130509114200-phpapp02Datapowercommonusecases 130509114200-phpapp02
Datapowercommonusecases 130509114200-phpapp02Cristina Garrido Lema
223 vistas91 diapositivas

Más contenido relacionado

Similar a apidays London 2023 - Advanced AI-powered API Security, Ricky Moorhouse (IBM) & Filip Verloy (Noname Security)

Developing Modern Applications in the Cloud por
Developing Modern Applications in the CloudDeveloping Modern Applications in the Cloud
Developing Modern Applications in the CloudCobus Bernard
107 vistas71 diapositivas
Becoming an interconnected enterprise por
Becoming an interconnected enterpriseBecoming an interconnected enterprise
Becoming an interconnected enterpriseWarba Insurance Co Kuwait
949 vistas24 diapositivas
APIC/DataPower security por
APIC/DataPower securityAPIC/DataPower security
APIC/DataPower securityShiu-Fun Poon
1.6K vistas37 diapositivas
Gateway/APIC security por
Gateway/APIC securityGateway/APIC security
Gateway/APIC securityShiu-Fun Poon
1.9K vistas29 diapositivas
5 pillars of API Management por
5 pillars of API Management5 pillars of API Management
5 pillars of API ManagementJames Farley-Sutton
371 vistas10 diapositivas
5 Pillars of API Management por
5 Pillars of API Management5 Pillars of API Management
5 Pillars of API ManagementRich Graham
611 vistas22 diapositivas

Similar a apidays London 2023 - Advanced AI-powered API Security, Ricky Moorhouse (IBM) & Filip Verloy (Noname Security) (20)

Developing Modern Applications in the Cloud por Cobus Bernard
Developing Modern Applications in the CloudDeveloping Modern Applications in the Cloud
Developing Modern Applications in the Cloud
Cobus Bernard107 vistas
Becoming an interconnected enterprise por Warba Insurance Co Kuwait
Becoming an interconnected enterpriseBecoming an interconnected enterprise
Becoming an interconnected enterprise
Warba Insurance Co Kuwait949 vistas
APIC/DataPower security por Shiu-Fun Poon
APIC/DataPower securityAPIC/DataPower security
APIC/DataPower security
Shiu-Fun Poon1.6K vistas
Gateway/APIC security por Shiu-Fun Poon
Gateway/APIC securityGateway/APIC security
Gateway/APIC security
Shiu-Fun Poon1.9K vistas
5 pillars of API Management por James Farley-Sutton
5 pillars of API Management5 pillars of API Management
5 pillars of API Management
James Farley-Sutton371 vistas
5 Pillars of API Management por Rich Graham
5 Pillars of API Management5 Pillars of API Management
5 Pillars of API Management
Rich Graham611 vistas
5 Pillars of API Management por Sebastian Gyhlenius
5 Pillars of API Management5 Pillars of API Management
5 Pillars of API Management
Sebastian Gyhlenius289 vistas
apidays Helsinki & North 2023 - API Security in the era of Generative AI, Mat... por apidays
apidays Helsinki & North 2023 - API Security in the era of Generative AI, Mat...apidays Helsinki & North 2023 - API Security in the era of Generative AI, Mat...
apidays Helsinki & North 2023 - API Security in the era of Generative AI, Mat...
apidays83 vistas
Api management customer por nick_garrod
Api management customerApi management customer
Api management customer
nick_garrod517 vistas
CA API Gateway por James Farley-Sutton
CA API GatewayCA API Gateway
CA API Gateway
James Farley-Sutton381 vistas
DevSecOps: Integrating security into pipelines - SDD310 - AWS re:Inforce 2019 por Amazon Web Services
DevSecOps: Integrating security into pipelines - SDD310 - AWS re:Inforce 2019 DevSecOps: Integrating security into pipelines - SDD310 - AWS re:Inforce 2019
DevSecOps: Integrating security into pipelines - SDD310 - AWS re:Inforce 2019
Amazon Web Services930 vistas
IBM InterConnect 2013 Cloud General Session: Jamie Thomas por IBM Events
IBM InterConnect 2013 Cloud General Session: Jamie ThomasIBM InterConnect 2013 Cloud General Session: Jamie Thomas
IBM InterConnect 2013 Cloud General Session: Jamie Thomas
IBM Events5.1K vistas
Developing Modern Applications in the Cloud por Amazon Web Services
Developing Modern Applications in the CloudDeveloping Modern Applications in the Cloud
Developing Modern Applications in the Cloud
Amazon Web Services598 vistas
Surviving the Mobile Phenomenon: Securing Mobile Access with Risk-Based Authe... por IBM Security
Surviving the Mobile Phenomenon: Securing Mobile Access with Risk-Based Authe...Surviving the Mobile Phenomenon: Securing Mobile Access with Risk-Based Authe...
Surviving the Mobile Phenomenon: Securing Mobile Access with Risk-Based Authe...
IBM Security1.7K vistas
Surviving the Mobile Phenomenon: Protecting Devices without Disrupting the Us... por IBM Security
Surviving the Mobile Phenomenon: Protecting Devices without Disrupting the Us...Surviving the Mobile Phenomenon: Protecting Devices without Disrupting the Us...
Surviving the Mobile Phenomenon: Protecting Devices without Disrupting the Us...
IBM Security1.3K vistas
Integrating network and API security into your application lifecycle - DEM07 ... por Amazon Web Services
Integrating network and API security into your application lifecycle - DEM07 ...Integrating network and API security into your application lifecycle - DEM07 ...
Integrating network and API security into your application lifecycle - DEM07 ...
Amazon Web Services492 vistas
Mitigate attacks with IBM BigFix and Q-Radar por Francisco González Jiménez
Mitigate attacks with IBM BigFix and Q-RadarMitigate attacks with IBM BigFix and Q-Radar
Mitigate attacks with IBM BigFix and Q-Radar
Francisco González Jiménez1.9K vistas
Cyber threats por Sonia Baratas Alves
Cyber threatsCyber threats
Cyber threats
Sonia Baratas Alves262 vistas
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadar por IBM Security
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadarDon’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadar
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadar
IBM Security4K vistas
IBM Maas360 with Watson por BuyOnCloud Software Service (P) Ltd.
IBM Maas360 with WatsonIBM Maas360 with Watson
IBM Maas360 with Watson
BuyOnCloud Software Service (P) Ltd.203 vistas

Más de apidays

apidays Australia - The Swiss Cheese Model of Layered API Security, Leon Andr... por
apidays Australia - The Swiss Cheese Model of Layered API Security, Leon Andr...apidays Australia - The Swiss Cheese Model of Layered API Security, Leon Andr...
apidays Australia - The Swiss Cheese Model of Layered API Security, Leon Andr...apidays
48 vistas50 diapositivas
apidays Australia - No API is an island, Erik Tveitnes, REA por
apidays Australia - No API is an island, Erik Tveitnes, REAapidays Australia - No API is an island, Erik Tveitnes, REA
apidays Australia - No API is an island, Erik Tveitnes, REAapidays
37 vistas17 diapositivas
apidays Australia - How We Built Our Generative AI Assistant; New Relic Grok,... por
apidays Australia - How We Built Our Generative AI Assistant; New Relic Grok,...apidays Australia - How We Built Our Generative AI Assistant; New Relic Grok,...
apidays Australia - How We Built Our Generative AI Assistant; New Relic Grok,...apidays
57 vistas32 diapositivas
apidays Australia - Discovering APIs And More With An Internal Developer Port... por
apidays Australia - Discovering APIs And More With An Internal Developer Port...apidays Australia - Discovering APIs And More With An Internal Developer Port...
apidays Australia - Discovering APIs And More With An Internal Developer Port...apidays
37 vistas24 diapositivas
Using APIs in a Design Thinking Approach to Problem Solving.pdf por
Using APIs in a Design Thinking Approach to Problem Solving.pdfUsing APIs in a Design Thinking Approach to Problem Solving.pdf
Using APIs in a Design Thinking Approach to Problem Solving.pdfapidays
27 vistas24 diapositivas
apidays Australia - Transforming Your Network To Secure, Control And Observe ... por
apidays Australia - Transforming Your Network To Secure, Control And Observe ...apidays Australia - Transforming Your Network To Secure, Control And Observe ...
apidays Australia - Transforming Your Network To Secure, Control And Observe ...apidays
27 vistas43 diapositivas

Más de apidays(20)

apidays Australia - The Swiss Cheese Model of Layered API Security, Leon Andr... por apidays
apidays Australia - The Swiss Cheese Model of Layered API Security, Leon Andr...apidays Australia - The Swiss Cheese Model of Layered API Security, Leon Andr...
apidays Australia - The Swiss Cheese Model of Layered API Security, Leon Andr...
apidays48 vistas
apidays Australia - No API is an island, Erik Tveitnes, REA por apidays
apidays Australia - No API is an island, Erik Tveitnes, REAapidays Australia - No API is an island, Erik Tveitnes, REA
apidays Australia - No API is an island, Erik Tveitnes, REA
apidays37 vistas
apidays Australia - How We Built Our Generative AI Assistant; New Relic Grok,... por apidays
apidays Australia - How We Built Our Generative AI Assistant; New Relic Grok,...apidays Australia - How We Built Our Generative AI Assistant; New Relic Grok,...
apidays Australia - How We Built Our Generative AI Assistant; New Relic Grok,...
apidays57 vistas
apidays Australia - Discovering APIs And More With An Internal Developer Port... por apidays
apidays Australia - Discovering APIs And More With An Internal Developer Port...apidays Australia - Discovering APIs And More With An Internal Developer Port...
apidays Australia - Discovering APIs And More With An Internal Developer Port...
apidays37 vistas
Using APIs in a Design Thinking Approach to Problem Solving.pdf por apidays
Using APIs in a Design Thinking Approach to Problem Solving.pdfUsing APIs in a Design Thinking Approach to Problem Solving.pdf
Using APIs in a Design Thinking Approach to Problem Solving.pdf
apidays27 vistas
apidays Australia - Transforming Your Network To Secure, Control And Observe ... por apidays
apidays Australia - Transforming Your Network To Secure, Control And Observe ...apidays Australia - Transforming Your Network To Secure, Control And Observe ...
apidays Australia - Transforming Your Network To Secure, Control And Observe ...
apidays27 vistas
apidays Australia - Consuming And Building APIs During Hackathons, William Mc... por apidays
apidays Australia - Consuming And Building APIs During Hackathons, William Mc...apidays Australia - Consuming And Building APIs During Hackathons, William Mc...
apidays Australia - Consuming And Building APIs During Hackathons, William Mc...
apidays11 vistas
apidays Australia - Building On-Premise Hybrid API Platforms, David Freeman, ... por apidays
apidays Australia - Building On-Premise Hybrid API Platforms, David Freeman, ...apidays Australia - Building On-Premise Hybrid API Platforms, David Freeman, ...
apidays Australia - Building On-Premise Hybrid API Platforms, David Freeman, ...
apidays17 vistas
apidays Australia - Enable Faster Delivery With Collaborative Platform Teams,... por apidays
apidays Australia - Enable Faster Delivery With Collaborative Platform Teams,...apidays Australia - Enable Faster Delivery With Collaborative Platform Teams,...
apidays Australia - Enable Faster Delivery With Collaborative Platform Teams,...
apidays28 vistas
apidays Australia - Building Trust Brick by Brick, Dasith Wijesiriwardena, Ju... por apidays
apidays Australia - Building Trust Brick by Brick, Dasith Wijesiriwardena, Ju...apidays Australia - Building Trust Brick by Brick, Dasith Wijesiriwardena, Ju...
apidays Australia - Building Trust Brick by Brick, Dasith Wijesiriwardena, Ju...
apidays39 vistas
apidays Australia - The Playful Bond Between REST And Data Streams, Warren Ve... por apidays
apidays Australia - The Playful Bond Between REST And Data Streams, Warren Ve...apidays Australia - The Playful Bond Between REST And Data Streams, Warren Ve...
apidays Australia - The Playful Bond Between REST And Data Streams, Warren Ve...
apidays36 vistas
apidays Australia - Unlocking The Power: The Importance Of API Registration, ... por apidays
apidays Australia - Unlocking The Power: The Importance Of API Registration, ...apidays Australia - Unlocking The Power: The Importance Of API Registration, ...
apidays Australia - Unlocking The Power: The Importance Of API Registration, ...
apidays17 vistas
apidays Australia - API Strategy In The Era Of Generative AI,Shreshta Shyamsu... por apidays
apidays Australia - API Strategy In The Era Of Generative AI,Shreshta Shyamsu...apidays Australia - API Strategy In The Era Of Generative AI,Shreshta Shyamsu...
apidays Australia - API Strategy In The Era Of Generative AI,Shreshta Shyamsu...
apidays64 vistas
apidays London 2023 - How APIs support the democratization of FAIR data and d... por apidays
apidays London 2023 - How APIs support the democratization of FAIR data and d...apidays London 2023 - How APIs support the democratization of FAIR data and d...
apidays London 2023 - How APIs support the democratization of FAIR data and d...
apidays67 vistas
apidays London 2023 - Revolutionising fitness and well-being, David Turner, V... por apidays
apidays London 2023 - Revolutionising fitness and well-being, David Turner, V...apidays London 2023 - Revolutionising fitness and well-being, David Turner, V...
apidays London 2023 - Revolutionising fitness and well-being, David Turner, V...
apidays31 vistas
apidays London 2023 - Let's make "true" impact happen!, Sandra Sydow, Climate... por apidays
apidays London 2023 - Let's make "true" impact happen!, Sandra Sydow, Climate...apidays London 2023 - Let's make "true" impact happen!, Sandra Sydow, Climate...
apidays London 2023 - Let's make "true" impact happen!, Sandra Sydow, Climate...
apidays22 vistas
apidays London 2023 - 7 pillars of an API Factory, Patrick Brosse, Amadeus por apidays
apidays London 2023 - 7 pillars of an API Factory, Patrick Brosse, Amadeusapidays London 2023 - 7 pillars of an API Factory, Patrick Brosse, Amadeus
apidays London 2023 - 7 pillars of an API Factory, Patrick Brosse, Amadeus
apidays48 vistas
apidays London 2023 - Meeting Relentless Business Change in a Post API Econom... por apidays
apidays London 2023 - Meeting Relentless Business Change in a Post API Econom...apidays London 2023 - Meeting Relentless Business Change in a Post API Econom...
apidays London 2023 - Meeting Relentless Business Change in a Post API Econom...
apidays16 vistas
apidays London 2023 - Overengineering Weakens your API Security, Dr. David Va... por apidays
apidays London 2023 - Overengineering Weakens your API Security, Dr. David Va...apidays London 2023 - Overengineering Weakens your API Security, Dr. David Va...
apidays London 2023 - Overengineering Weakens your API Security, Dr. David Va...
apidays37 vistas
apidays London 2023 - When to soar and when to dive, Claire Barrett, APIsFirst por apidays
apidays London 2023 - When to soar and when to dive, Claire Barrett, APIsFirst apidays London 2023 - When to soar and when to dive, Claire Barrett, APIsFirst
apidays London 2023 - When to soar and when to dive, Claire Barrett, APIsFirst
apidays20 vistas

Último

SUPER STORE SQL PROJECT.pptx por
SUPER STORE SQL PROJECT.pptxSUPER STORE SQL PROJECT.pptx
SUPER STORE SQL PROJECT.pptxkhan888620
12 vistas16 diapositivas
Organic Shopping in Google Analytics 4.pdf por
Organic Shopping in Google Analytics 4.pdfOrganic Shopping in Google Analytics 4.pdf
Organic Shopping in Google Analytics 4.pdfGA4 Tutorials
14 vistas13 diapositivas
Ukraine Infographic_22NOV2023_v2.pdf por
Ukraine Infographic_22NOV2023_v2.pdfUkraine Infographic_22NOV2023_v2.pdf
Ukraine Infographic_22NOV2023_v2.pdfAnastosiyaGurin
1.4K vistas3 diapositivas
UNEP FI CRS Climate Risk Results.pptx por
UNEP FI CRS Climate Risk Results.pptxUNEP FI CRS Climate Risk Results.pptx
UNEP FI CRS Climate Risk Results.pptxpekka28
11 vistas51 diapositivas
MOSORE_BRESCIA por
MOSORE_BRESCIAMOSORE_BRESCIA
MOSORE_BRESCIAFederico Karagulian
5 vistas8 diapositivas
CRIJ4385_Death Penalty_F23.pptx por
CRIJ4385_Death Penalty_F23.pptxCRIJ4385_Death Penalty_F23.pptx
CRIJ4385_Death Penalty_F23.pptxyvettemm100
6 vistas24 diapositivas

Último(20)

SUPER STORE SQL PROJECT.pptx por khan888620
SUPER STORE SQL PROJECT.pptxSUPER STORE SQL PROJECT.pptx
SUPER STORE SQL PROJECT.pptx
khan88862012 vistas
Organic Shopping in Google Analytics 4.pdf por GA4 Tutorials
Organic Shopping in Google Analytics 4.pdfOrganic Shopping in Google Analytics 4.pdf
Organic Shopping in Google Analytics 4.pdf
GA4 Tutorials14 vistas
Ukraine Infographic_22NOV2023_v2.pdf por AnastosiyaGurin
Ukraine Infographic_22NOV2023_v2.pdfUkraine Infographic_22NOV2023_v2.pdf
Ukraine Infographic_22NOV2023_v2.pdf
AnastosiyaGurin1.4K vistas
UNEP FI CRS Climate Risk Results.pptx por pekka28
UNEP FI CRS Climate Risk Results.pptxUNEP FI CRS Climate Risk Results.pptx
UNEP FI CRS Climate Risk Results.pptx
pekka2811 vistas
MOSORE_BRESCIA por Federico Karagulian
MOSORE_BRESCIAMOSORE_BRESCIA
MOSORE_BRESCIA
Federico Karagulian5 vistas
CRIJ4385_Death Penalty_F23.pptx por yvettemm100
CRIJ4385_Death Penalty_F23.pptxCRIJ4385_Death Penalty_F23.pptx
CRIJ4385_Death Penalty_F23.pptx
yvettemm1006 vistas
[DSC Europe 23] Stefan Mrsic_Goran Savic - Evolving Technology Excellence.pptx por DataScienceConferenc1
[DSC Europe 23] Stefan Mrsic_Goran Savic - Evolving Technology Excellence.pptx[DSC Europe 23] Stefan Mrsic_Goran Savic - Evolving Technology Excellence.pptx
[DSC Europe 23] Stefan Mrsic_Goran Savic - Evolving Technology Excellence.pptx
DataScienceConferenc15 vistas
SAP-TCodes.pdf por mustafaghulam8181
SAP-TCodes.pdfSAP-TCodes.pdf
SAP-TCodes.pdf
mustafaghulam818110 vistas
3196 The Case of The East River por ErickANDRADE90
3196 The Case of The East River3196 The Case of The East River
3196 The Case of The East River
ErickANDRADE9016 vistas
Data about the sector workshop por info828217
Data about the sector workshopData about the sector workshop
Data about the sector workshop
info82821712 vistas
Advanced_Recommendation_Systems_Presentation.pptx por neeharikasingh29
Advanced_Recommendation_Systems_Presentation.pptxAdvanced_Recommendation_Systems_Presentation.pptx
Advanced_Recommendation_Systems_Presentation.pptx
neeharikasingh295 vistas
[DSC Europe 23] Milos Grubjesic Empowering Business with Pepsico s Advanced M... por DataScienceConferenc1
[DSC Europe 23] Milos Grubjesic Empowering Business with Pepsico s Advanced M...[DSC Europe 23] Milos Grubjesic Empowering Business with Pepsico s Advanced M...
[DSC Europe 23] Milos Grubjesic Empowering Business with Pepsico s Advanced M...
DataScienceConferenc16 vistas
Chapter 3b- Process Communication (1) (1)(1) (1).pptx por ayeshabaig2004
Chapter 3b- Process Communication (1) (1)(1) (1).pptxChapter 3b- Process Communication (1) (1)(1) (1).pptx
Chapter 3b- Process Communication (1) (1)(1) (1).pptx
ayeshabaig20046 vistas
[DSC Europe 23] Zsolt Feleki - Machine Translation should we trust it.pptx por DataScienceConferenc1
[DSC Europe 23] Zsolt Feleki - Machine Translation should we trust it.pptx[DSC Europe 23] Zsolt Feleki - Machine Translation should we trust it.pptx
[DSC Europe 23] Zsolt Feleki - Machine Translation should we trust it.pptx
DataScienceConferenc15 vistas
CRM stick or twist.pptx por info828217
CRM stick or twist.pptxCRM stick or twist.pptx
CRM stick or twist.pptx
info82821710 vistas
[DSC Europe 23] Ivana Sesic - Use of AI in Public Health.pptx por DataScienceConferenc1
[DSC Europe 23] Ivana Sesic - Use of AI in Public Health.pptx[DSC Europe 23] Ivana Sesic - Use of AI in Public Health.pptx
[DSC Europe 23] Ivana Sesic - Use of AI in Public Health.pptx
DataScienceConferenc15 vistas
Cross-network in Google Analytics 4.pdf por GA4 Tutorials
Cross-network in Google Analytics 4.pdfCross-network in Google Analytics 4.pdf
Cross-network in Google Analytics 4.pdf
GA4 Tutorials6 vistas
[DSC Europe 23] Spela Poklukar & Tea Brasanac - Retrieval Augmented Generation por DataScienceConferenc1
[DSC Europe 23] Spela Poklukar & Tea Brasanac - Retrieval Augmented Generation[DSC Europe 23] Spela Poklukar & Tea Brasanac - Retrieval Augmented Generation
[DSC Europe 23] Spela Poklukar & Tea Brasanac - Retrieval Augmented Generation
DataScienceConferenc113 vistas
RIO GRANDE SUPPLY COMPANY INC, JAYSON.docx por JaysonGarabilesEspej
RIO GRANDE SUPPLY COMPANY INC, JAYSON.docxRIO GRANDE SUPPLY COMPANY INC, JAYSON.docx
RIO GRANDE SUPPLY COMPANY INC, JAYSON.docx
JaysonGarabilesEspej6 vistas
TGP 2.docx por sandi636490
TGP 2.docxTGP 2.docx
TGP 2.docx
sandi63649010 vistas

apidays London 2023 - Advanced AI-powered API Security, Ricky Moorhouse (IBM) & Filip Verloy (Noname Security)

  • 1. Advanced API Security Filip Verloy Field CTO, Noname Security Ricky Moorhouse Cloud Architect, API Connect, IBM
  • 2. API Security is a superhuman problem. It requires Machine Learning to solve. Learn more 15,564 76% 37 days The 2022 API Security Trends Report Whitepaper Average number of Production Enterprise APIs of organizations experienced a security breach in the past year 27 days for discovery 10 days for remediation per incident 2
  • 3. 3 Development Secure at Runtime Analyze Behavior Manage Design Test Discover unmanaged Control Access Protect Endpt Validate content Limit rate Detect Notify Mediate / Stop attack Predict Continuous Monitor Security capabilities across the API lifecycle © 2023 IBM Corporation API Lifecycle Security policy
  • 4. IBM API Connect powers digital applications by unlocking business data and assets as APIs IBM API Connect Socialize Empower application developers to explore and consume your APIs using branded self-service portals Secure Easily apply built-in and extensible policies to secure, control and mediate the delivery of APIs protecting data and business assets Create Automatically create APIs to expose data, microservices, enterprise applications, and SaaS services using open standards Manage Rapidly organize, publish and analyze any API through the full lifecycle from design to retire
  • 5. Gateway 5 IBM DataPower Gateway is an industry leading, high security gateway for modern, traditional and hybrid cloud workloads Secure Easily apply built-in and extensible policies to secure access to a full range of API, Mobile, Web, SOA, B2B, and Cloud workloads at all stages. Integrate Combine modern event-based and API workloads with traditional services with advanced protocol bridging and message transformation support. Control Protect applications from over utilization with traffic control and quota enforcements. Optimize Improve response times and throughput by controlling message traffic with application caching and advanced routing.
  • 6. IBM DataPower 6 Provide security, control, integration and optimized access to enterprise business process TLS Termination AAA Token exchange Message protection Message transform, rate limit & many others Harden capabilities in Gateway to make it an excellent Policy Enforcement Point
  • 7. IBM DataPower 7 Provide security, control, integration and optimized access to enterprise business process TLS Termination AAA Token exchange Message protection Message transform, rate limit & many others Harden capabilities in Gateway to make it an excellent Policy Enforcement Point Record ML Policy Decision Point Rules IP Cookie Header Query
  • 8. Detect and block API attacks with real-time traffic analysis powered by machine learning Uncover vulnerabilities and misconfigurations to speed remediation and ensure compliance Runtime API Security Posture Management Augment IBM API Connect & DataPower with Advanced API Security powered by Machine Learning Locate and inventory all of your APIs regardless of configuration Discovery Extend API Connect and DataPower (API Gateway)’s already powerful enterprise-grade performance and security with new Discovery, Posture Management and runtime Behavioral Threat Detection, powered by Noname Security. 8
  • 9. It is as easy as dropping a policy at the API assembly step 9
  • 10. Gateway Noname Advanced API Security Policy Noname Advanced API Security Policy How it Works – High Level Architecture API Consumers Protection Rules Analytics Records API definitions & Application Details API Call Information ML Policy Decision Point
  • 12. Rules
  • 15. | © Noname Security. All rights reserved 15 Deployment - SaaS SaaS Deployment
  • 16. | © Noname Security. All rights reserved 16 OnPrem Deployment
  • 18. Learn more 01 Explore the product 02 Explore the partnership 03 Visit the IBM booth Talk to an SME, see a demo, or check out a 10-minute SmartTalk 18 ibm.biz/api-security nonamesecurity.com/ibm
  • 20. IBM DataPower Interne t Consumer Mobile Consumer Cloud Apps & Services Firewall / Load Balancer Application Application System z Mobile Application Server Application Provide security, control, integration and optimized access to enterprise business process TLS Termination AAA Token exchange Message protection Message transform, rate limit & many others Harden capabilities in Gateway to make it an excellent Policy Enforcement Point
  • 21. IBM DataPower Interne t Consumer Mobile Consumer Cloud Apps & Services Firewall / Load Balancer Application Application System z Mobile Application Server Application Record ML Policy Decision Point Rules IP Cookie Header Query Provide security, control, integration and optimized access to enterprise business process TLS Termination AAA Token exchange Message protection Message transform, rate limit & many others
  • 22. IBM API Connect powers digital applications by unlocking business data and assets as APIs IBM API Connect Socialize Empower application developers to explore and consume your APIs using branded self-service portals Secure Easily apply built-in and extensible policies to secure, control and mediate the delivery of APIs protecting data and business assets Create Automatically create APIs to expose data, microservices, enterprise applications, and SaaS services using open standards Manage Rapidly organize, publish and analyze any API through the full lifecycle from design to retire
  • 23. IBM API Connect Interne t Consumer Mobile Consumer Cloud Apps & Services Firewall / Load Balancer Application Application System z Mobile Application Server Application Runtime api information API Definition(security, schema ..) Application information (credential ..) Provide a full life cycle API management solution
  • 24. IBM API Connect Interne t Consumer Mobile Consumer Cloud Apps & Services Firewall / Load Balancer Application Application System z Mobile Application Server Application Runtime api information API Definition(security, schema ..) Application information (credential ..) Provide a full life cycle API management solution ML Policy Decision Point IP Cookie Header Query Record Noname API Advanced Security Policy Noname API Advanced Security Policy Rules
  • 25. IBM API Connect powers digital applications by unlocking business data and assets as APIs API Management Socialize Empower application developers to explore and consume your APIs using branded self-service portals Secure Easily apply built-in and extensible policies to secure, control and mediate the delivery of APIs protecting data and business assets Create Automatically create APIs to expose data, microservices, enterprise applications, and SaaS services using open standards Manage Rapidly organize, publish and analyze any API through the full lifecycle from design to retire 2 © 2023 IBM Corporation
  • 26. Gateway 26 IBM DataPower Gateway is an industry leading, high security gateway for modern, traditional and hybrid cloud workloads Secure Easily apply built-in and extensible policies to secure access to a full range of API, Mobile, Web, SOA, B2B, and Cloud workloads at all stages. Integrate Combine modern event-based and API workloads with traditional services with advanced protocol bridging and message transformation support. Control Protect applications from over utilization with traffic control and quota enforcements. Optimize Improve response times and throughput by controlling message traffic with application caching and advanced routing.
  • 27. Noname Security extends the capabilities of IBM DataPower and IBM API Connect to enable organizations to provide advanced security of APIs throughout their lifecycle. Find API security issues faster Intelligently identify and prioritize potential vulnerabilities. Remediate manually, semi- automatically or fully- automatically. Discover the unmanaged Catch vulnerabilities and issues earlier, and prioritize based on impact to reduce remediation costs. Ensure compliance Continuously monitor for compliance with regulatory requirements, industry standards and internal policies. See through the noise Conduct real-time traffic analysis with automated AI and machine learning detection, and use automated remediation to stop attacks in real time. Intelligent asset management