Upload
apigee
View
236
Download
0
Embed Size (px)
DESCRIPTION
Standard API security approaches and best practices that harden your API security can ensure safe and secure operations. However, these approaches may not be enough to protect your backend from sophisticated data extrusion through API key attacks, low and slow data scrapping that blend with your legitimate traffic. Enter data driven security. This session at I Love APIs 2014 covered how your API data can help you gain insights to traffic anomalies and security/privacy abuse. And how you can mitigate risks using data driven API security controls.
Citation preview
Data Driven API SecuritySubra Kumaraswamy @subrakMichael Russo
2
Don’t Let Your APIs get Naked!
3
What’s Keeping You Up at Night?
Key TheftMan-in-the-Middle
4
Legacy design can also haunt you..
5
How APIs are Protected?
OAuth Quota Rate Limit Threat Protection0
10
20
30
40
50
60
70
80
90
Apigee Edge – Take Care of the Basics
6
Security & Identity Capabilities
Threat Protection
Traffic Protection
Backend Service
Apps
Security for API Consumption
Authentication & Authorization
TLS
Hide the Complexity of API Security
7
Backend Service
Authentication & Authorization
Identity Services
Logging & Auditing
Security Analytics
Authentication & Authorization
Secure API Exposure
TLS
AppsSecurity & Identity
Capabilities
Take Security away from Developers
8
Communication Security
Backend Service
Security for App Developers
Single Sign-On
Developers
TLS
Security & Identity Capabilities
Application Key Security
Configure and Not Code Security
9
Authentication & Authorization
Identity & Authentication
Data Masking
Logging & Auditing
Security for API Developers
Developers
API Team
TLSRBAC
Security & Identity Capabilities
Apps
API Data Driven Approach
11
Am I Secure Now?
Security Policies Configured
12
Need to rethink the traditional coarse control security
12
Backend Service
Legitimate Traffic
API Bots
IP Blacklist
Apps
13
We need a new approach…
Continuous Data Driven API Threat Management
14
Activity Bursts
Anomalous Behavior Patterns
Data Scraping Geo Location
BotContent Scraping
Information Theft
Bot Bot
Bot
Analyze API Requests
TagThrottleBlock
Detect Anomalies
15
Apigee enables:
API security hygiene
Continuous data driven security that scales!
Thank you