Lack of API visibility is a top security concern at many enterprises today. APIs that operate in disconnected silos produce inconsistent analytics and decentralized security. API traffic metadata mining is the new gold rush. Learn how mining and analysing this untapped resource leads to richer API insights and stronger threat detection and blocking.
2. WHAT IS API TRAFFIC METADATA?
API Clients
{API}
{API} {API}
{API}
API Endpoints
API Traffic
• Which resource
• Which token
• Which cookie
• Where from
• How big
• Latency
• Content type
• Errors
• Over time:
o Sequence
o How many
o …
6. BLINDSPOT – THE APIS NOT ON YOUR
RADAR
Organization’sAPIs
Old forgotten versions
Shadow APIs
“We’re not confident our
security team knows about
all of the APIs that exist in
our organization.”
- 51% of respondents
Ping Identity IDENTIFY 2018 Survey
Gartner: “Discover Your APIs
Before Attackers Discover
Them”
- Aug’19 API Security Report
7. BLINDSPOT – API SILOS
APIs are deployed across
heterogenous stacks and
environments each
providing separate visibility
and governance.
Organization’sAPIs
API Silos
10. HACKERS KNOW ABOUT YOUR APIS
Your API is either well documented or easily reverse-engineered
11. HACKERS USE YOUR API OUTSIDE OF YOUR
APP
AppUser API
Data
Service
ToolsHacker API
Data
Service
• Client-side rules skipped
• Unexpected and untested-for API
abuse scenarios
• Freedom to poke around and find
vulnerabilities
• More blindspots
skip
that
YOUR API CAN’T TELL THE
DIFFERENCE
15. EFFECTIVE API VS API CATALOGUES
API Management
API Traffic Metadata “Effective” APIs
API Catalogue
16. API METADATA ACROSS API SILOS
Aggregate in a centralized data
lake
Tapping wide
– API Gateways
– Load-balancers
– Cloud fronts
– Inline
– Service Filters
Load-balancer
Word
17. TAPPING DEEP
A Sideband api for
collecting api traffic
metadata
Collect Metadata
Downstream
Microservice,
Mesh layer
Metadata collection point
20. MITIGATE PERSISTING RISKS BY
LEVERAGING MACHINE LEARNING
MODEL
• Learn from API
traffic
• Build models:
APIs traffic from
legit apps
DETECT
• Inspect runtime
traffic
• Look for
deviations from
model
BLOCK
• Block compromised
tokens
• Notify/alert
21. API TRAFFIC METADATA IS PRECIOUS
AND UNDERUTILIZED
API Visibility
– Effective API visibility
– De-siloed and enriched insights
Security posture
– ML-based attack prediction and
remediation
Legal
– Metadata is electronic equivalent of DNA
Deriving metadata from your existing
API traffic requires no heavy lifting
22. YOU CAN’T PROTECT WHATYOU
CAN’T SEE.
Gain Deeper InsightsintoAPI ActivitytoReveal Hidden Trafficand
Vulnerabilities.
Take a closerlook. Get rewarded.
Learn more & sign up at www.pingidentity.com/RevealHiddenAPITraffic
Win anArlo camera!