PingIntelligence for APIs Now Integrates with IBMâ€™s API Connect and DataPower Gateway to Provide Advanced AI-powered API Threat Detection and Blocking
Ping Identity, the leader in Identity Defined Security, announced that its AI-powered API security solution, PingIntelligence for APIs, now tightly integrates with IBMâ€™s API Connect and DataPower Gateway to provide IBM customers advanced cyber protection for their API infrastructures.
Security breaches that originate at the API levelâ€”like those announced by Facebook, Google and USPS most recently (see Forbes article) â€” can take months or even years to be detected. The problem is perpetuated by security and IT professionalsâ€™ lack of visibility into their API infrastructure activity. Â According to a recent Ping Identity survey, nearly half (45 percent) of those entrusted with API security lack confidence in their ability to detect malicious API activity, and 51 percent question if they even know about all of the APIs in their organizations.
When evaluating the attack surface presented by your APIs, bad actors might find a number of ways to gain access. But their efforts generally follow four patterns:
- Login Attacks – Attacks on login and authentication systems are a natural starting point as they’re difficult to detect and stop with existing API security solutions. Bad actors attempt to find a “way in” to access the digital resources linked to APIs by using brute force and automated credential stuffing attacks.
- DoS and DDoS Attacks â€“ An API DDoS attack typically involves sending traffic from multiple clients to overload an API service. Hackers most often execute these attacks using botnets trained to detect and stay under rate-limiting controls to maximize effectivenessâ€”while rendering all existing DoS/DDoS protection solutions useless.
- Application and Data Attacks â€“ Phishing, malware and man-in-the-middle attacks are often used to trick users into connecting to a compromised system, which then captures their tokens, credentials and API keys. The hacker, posing as the authenticated user, is then able to gain access to API services unbeknownst to the API management system. Since APIs expose a range of functions, attackers can subsequently engage in data extraction or theft, data deletion or manipulation, account takeover, data injection into an application service, malicious code injection into an application service, remote application or system control, or other application and data attacks.
- API Take-Over Attacks â€“ These attacks use a valid account for a social site, a bank, an insurance company, a healthcare provider or other services to gain access to the APIs with the objective to reverse engineer them and find a vulnerability that they can exploit to gain access to most other accounts. This is the attack type that has been used successfully in almost all recent public breaches.
Using AI to provide real-time intelligence on how each API is accessed and used, PingIntelligence for APIs helps enterprises:
- Identify API misuse and abuseâ€”whether internal or external
- Detect, report and block anomalous behaviors and attacks such as API takeovers that steal data and private information
- Discover and secure new APIs
The tight integration of PingIntelligence with the API Connect/DataPower Gateway from IBM brings AI-based cybersecurity protection to IBM customersâ€™ APIs. The Ping solution detects and reports anomalous behavior and cyberattacks on each API under its watch. Once detected, the attack information is shared with the API Connect/DataPower gateway for automated blocking. These include attacks on login systems, data theft, remote application control, API-specific DoS/DDoS attacks, stolen credential attacks, data exfiltration over extended periods of time, content scraping and more. The integrated solution provides cluster-based scalability, as well as support for multi-cloud and hybrid deployments.
â€śSecurity and IT leaders are being challenged to protect their enterprisesâ€™ API infrastructures,â€ť said Bernard Harguindeguy (@bernardharguindeguy), CTO, Ping Identity. â€śThe integration of PingIntelligence for APIs with IBM API Connect and DataPower Gateway gives these professionals the most advanced and robust AI-powered API security available today, so they can secure their environments against the new generation of cyberattacks that target APIs.â€ť
Ozair Sheikh (@ozairsheikh), Program Director, APIs and Gateway for IBM, adds, â€śThe partnership between IBM and Ping Identity delivers the next-level of threat detection and blocking to IBM API Connect customers. Weâ€™re pleased to offer this integration to our customers to help secure their APIs, enabling them to confidently expose their APIs to consumers and partners without worrying about security and data exposures.â€ť
To understand more about IBMâ€™s thoughts on Digital Business and the API Economy visit the IBM API Economy website.Â IBM API Connect is IBMâ€™s complete foundation to Create, Secure, Manage, Test, and Monitor APIs.Â You can find more information about IBM API Connect at the API Connect website.Â And you can also experience a trial version of API Connect.
Ping Identity envisions a digital world powered by intelligent identity. We help enterprises achieve Zero Trust identity-defined security and more personalized, streamlined user experiences. The Ping Intelligent Identity Platform provides customers, employees and partners with access to cloud, mobile, SaaS and on-premises applications and APIs, while also managing identity and profile data at scale. Over half of the Fortune 100 choose Ping Identity for our identity expertise, open standards leadership, and partnership with companies including IBM, Microsoft, Amazon and Google. We provide flexible options to extend hybrid IT environments and accelerate digital business initiatives with multi-factor authentication, single sign-on, access management, intelligent API security, directory and data governance capabilities. Visit www.pingidentity.com.Â You can request a trial for PingIntelligence for APIs here and to learn more about how Ping Identity is helping enterprises secure their APIs against cyberattacks, visit the API Cybersecurity page.