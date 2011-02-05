WSO2 and Ping Identity Partner to Provide Comprehensive, AI-Powered Cyber-Attack Protection for APIs

June 2019 by Marc Jacob

The proliferation of APIs catalysed by digital transformation initiatives is viewed as a virtual goldmine by hackers, who are hijacking tokens, cookies and keys, as well as targeting weaknesses in individual APIs. And all too often, static security controls fail to stop these attacks. Now, WSO2 and Ping Identity have partnered to protect APIs against cyber-attacks by combining the artificial intelligence (AI) powered API cybersecurity of PingIntelligence for APIs with the robust policy-based controls in the open source WSO2 API Manager.

Through the partnership, WSO2 has developed an open source extension to communicate with the PingIntelligence API Security Enforcer (ASE) module, which can be deployed in the WSO2 API Gateway. As a result, WSO2 API Manager users can apply AI-based security analysis and threat blocking to their APIs along with static policy-based security controls.

AI-Driven Security for API Management

“By 2022, API abuses will be the most-frequent attack vector resulting in data breaches for enterprise web applications,” observes Gartner in the report, How to Build an Effective API Security Strategy[1]. The report[2] further notes that, “A security strategy that manages access and protects systems from attack while still engaging digital ecosystems is essential to any API program.”

WSO2 API Manager, part of the WSO2 Integration Agile Platform, is the leading open source software for full API lifecycle management, monetisation, and policy enforcement. Designed for deployment on-premises, in the cloud, as a managed cloud service, or in hybrid environments, WSO2 API Manager offers several policy-based options for security and access control. These include OAuth 2.0 authentication and authorisation, API policy creation and enforcement, request and response validation, rate limiting, and the ability to set quotas, among others.

PingIntelligence for APIs is a leading solution for AI-powered API cybersecurity. By applying AI models to continuously inspect and report on all API activity, it automatically discovers anomalous API activity and threats across API infrastructures. Because bad actors are well versed in circumventing static security policies, PingIntelligence for APIs was purpose-built to recognise and stop emerging new threats that breach APIs while flying under the radar of foundational API security measures. The solution requires no policies or rules to be written, and it can recognise new and changing attacks.

Through the integrated functionality of PingIntelligence and WSO2 API Manager, organisations now have a complete solution for managing and protecting the APIs that drive their business. Examples of API attacks that can be reported and blocked using the integrated solution include attacks that use a valid user account to reverse engineer the API and breach other accounts to steal data—while looking like a normal user. Others include attacks that use stolen token, cookies, or API keys; attacks on login systems; remote application control; botnets scraping data; data exfiltration; API-specific denial of service/distributed denial of service (DoS/DDoS) attacks, as well as an array of attacks coming from authenticated users.

