APIsecure 2023 - The Importance of Real-Time Protection in API Security, Jeremy Ventura (ThreatX)
0 likes40 views
APIs face significant security challenges due to their vulnerability and the rise of sophisticated multi-mode attacks. Real-time protection is crucial, as attackers use advanced techniques to exploit weaknesses, leading to potential data breaches affecting millions. Effective API security requires a shift in strategies, incorporating real-time analysis and blocking to defend against evolving threats.
APIsecure 2023 - The Importance of Real-Time Protection in API Security, Jeremy Ventura (ThreatX)
- 1. THE IMPORTANCE OF REAL-TIME PROTECTION IN API SECURITY Jeremy Ventura Field CISO
- 2. AGENDA Copyrights 2 The key challenges and risk associated with API Security Case Studies from ThreatX The importance of real-time blocking
- 3. APIS REPRESENT A TARGET RICH ENVIRONMENT • Thousands of APIs and endpoints with limited visibility • API vulnerabilities easily exposed and discoverable • Attackers continually leverage advanced techniques against APIs • Multi-mode attacks becoming the norm 3 Increased Usage = Increased Risk
- 4. APIS IN THE NEWS • Entity had access from November to January to an API • Data attained via API was done “without authorization” • Name, Address, Email, Phone, DoB, Account # • 37 million end users affected • More info to come but: • Lack of visibility? • Misconfiguration/Misuse? • Broken business logic? • Stolen Credentials? 4 Incidents & Breaches on the Rise
- 5. COMPLEXITY & AUTOMATION OF ATTACKS IS EVER INCREASING 5 • Hacking is easier than ever • Industrialized hacking tools • Rent-a-bot/Solver Services • Attack-as-a-Service • Residential proxies, anonymizers • Advanced attacks are far more coordinated • Security tools do not keep up Multi-mode attacks require a fundamental shift in protection strategies Traditional OWASP Top 10 Sophisticated, multi-mode attacks
- 6. THE THREAT OF MULTI-VECTOR ATTACKS 6 • Orchestrated attacks that span varied phases & techniques • Distributed IPs • Massive volumes • Diversionary tactics • Embedded, multi-step automation Disguise true attack through diversion, distraction & evasion
- 7. A WORD ABOUT BOTS 7 • Bot management critical, but must evolve with attacks • Current approaches best suited for high volume, binary attacks • Heavy reliance on static threat intel feeds • APIs present new challenges • No browser injections • No Captcha or IP challenges • Attacker profiling & behavioral context critical for protection against multi- mode attacks Bots present a new challenge to protecting APIs
- 8. TALES FROM THE THREATX SOC 8 • Large online retailer taking fire from multiple directions • Periodic mid-grade DDoS attacks • Increased login failure rates on web • High rate of rebate fraud • Goal: trigger BGP routing to bypass fraud protection for mobile APIs while the security team is distracted • Multiple best-of-breed technologies fail to identify & block attacks Attackers deploy multiple techniques to distract security & target APIs
- 9. TALES FROM THE THREATX SOC 9 • Gaming company launching new product • Attacker engaged foreign botnet to discover potentially vulnerable API endpoints • Later during product launch, attacker deployed large ATO attack while quietly attempting vulnerability exploits • Although rotating IPs and user agents, TLS signatures & IP fingerprints detected same attacker profile to block all suspicious behavior Tracking & correlating attacker behavior – to enable real-time protection
- 10. PROTECTING APIS STARTS WITH FOCUS ON THE ATTACKER 10 • Understanding attacker risk profile • Digital fingerprints to each unique attacker • Cumulative across multiple attack vectors • Continually evaluate risk & response • Behavioral fingerprints of an attack reveal patterns, techniques & targets Context of attack over time is key to protecting APIs
- 11. INSIGHT & CONTEXT THROUGH CROSS PLATFORM VISIBILITY 11 • Identify unique attacker executing campaigns across multiple methods and vectors • Correlate data over time to see through deception • Understanding behaviors and intentions • Biggest challenge = enabling effective response Correlating attack patterns to identify and mitigate API risk
- 12. BLOCKING API ATTACKS IN REAL TIME 12 • Observing attack data offline will not enable real-time protection of APIs • Often too late by the time an attack is discovered • Complexity required to identify attacks typically can’t be replicated in 3rd party firewall • Blocking single IP at a time • Responses must occur as the attack is underway – and based on insights gathered over time Real-time API protection key to defense
- 13. API PROTECTION: KEY CAPABILITIES 13 Real-time Analysis & Response • AI/ML/Context Engine • IP Interrogation & Fingerprinting • Active Deception • Tarpit/Rate Limiting • Attacker/User Behavior Analysis • Data Flow Analysis & Enforcement • Real-time Blocking 13 API Discovery & Analysis • API Discovery • API Specification Mgt • Endpoint Usage Analysis • Endpoint Attack Metrics • Endpoint Risk Scoring Fully Integrated Attack Prevention • API Protection • Web App Protection • DDoS Protection • Bot Mgt & Mitigation • Fraud Protection Flexible Deployment Options • Inline / Agentless • Inline / Agent-based • Out-of-Band / Agentless • Hosted, Cloud, On-Premise Managed Services • Managed Cloud Platform • Managed Threat Analysis • Managed Policy Enforcement • Managed Attack Response • APIs are under siege – by mixed-mode, high volume attacks, including bots and DDoS • API observability does not = real-time protection • API protection must deliver active, real-time attack blocking • API protection should have ability to extend to broader application portfolio Can’t block? Then you’re not protecting APIs.