Data-driven API Security
description
Transcript of Data-driven API Security
Data Driven API SecuritySubra Kumaraswamy @subrakMichael Russo
2
Don’t Let Your APIs get Naked!
3
What’s Keeping You Up at Night?
Key TheftMan-in-the-Middle
4
Legacy design can also haunt you..
5
How APIs are Protected?
OAuth Quota Rate Limit Threat Protection0
10
20
30
40
50
60
70
80
90
Apigee Edge – Take Care of the Basics
6
Security & Identity Capabilities
Threat Protection
Traffic Protection
Backend Service
Apps
Security for API Consumption
Authentication & Authorization
TLS
Hide the Complexity of API Security
7
Backend Service
Authentication & Authorization
Identity Services
Logging & Auditing
Security Analytics
Authentication & Authorization
Secure API Exposure
TLS
AppsSecurity & Identity
Capabilities
Take Security away from Developers
8
Communication Security
Backend Service
Security for App Developers
Single Sign-On
Developers
TLS
Security & Identity Capabilities
Application Key Security
Configure and Not Code Security
9
Authentication & Authorization
Identity & Authentication
Data Masking
Logging & Auditing
Security for API Developers
Developers
API Team
TLSRBAC
Security & Identity Capabilities
Apps
API Data Driven Approach
11
Am I Secure Now?
Security Policies Configured
12
Need to rethink the traditional coarse control security
12
Backend Service
Legitimate Traffic
API Bots
IP Blacklist
Apps
13
We need a new approach…
Continuous Data Driven API Threat Management
14
Activity Bursts
Anomalous Behavior Patterns
Data Scraping Geo Location
BotContent Scraping
Information Theft
Bot Bot
Bot
Analyze API Requests
TagThrottleBlock
Detect Anomalies
15
Apigee enables:
API security hygiene
Continuous data driven security that scales!
Thank you