Freely subscribe to our NEWSLETTER

Through the partnership, WSO2 has developed an open source extension to communicate with the PingIntelligence API Security Enforcer (ASE) module, which can be deployed in the WSO2 API Gateway. As a result, WSO2 API Manager users can apply AI-based security analysis and threat blocking to their APIs along with static policy-based security controls.

Additionally, WSO2 and Ping Identity will co-host a webinar to discuss how enterprises can protect their API infrastructure from advanced attacks by leveraging the power of machine learning and AI in conjunction with API management. The event will be held on June 20, 2019 and 10:00 a.m. Pacific Daylight Time. To learn more and register, visit https://wso2.com/library/webinars/2019/06/protecting-api-infrastructures-an-ai-powered-solution-from-ping-identity-and-wso2.

AI-Driven Security for API Management

“By 2022, API abuses will be the most-frequent attack vector resulting in data breaches for enterprise web applications,” observes Gartner in the report, How to Build an Effective API Security Strategy[1]. The report[2] further notes that, “A security strategy that manages access and protects systems from attack while still engaging digital ecosystems is essential to any API program.”

WSO2 API Manager, part of the WSO2 Integration Agile Platform, is the leading open source software for full API lifecycle management, monetisation, and policy enforcement. Designed for deployment on-premises, in the cloud, as a managed cloud service, or in hybrid environments, WSO2 API Manager offers several policy-based options for security and access control. These include OAuth 2.0 authentication and authorisation, API policy creation and enforcement, request and response validation, rate limiting, and the ability to set quotas, among others.

PingIntelligence for APIs is a leading solution for AI-powered API cybersecurity. By applying AI models to continuously inspect and report on all API activity, it automatically discovers anomalous API activity and threats across API infrastructures. Because bad actors are well versed in circumventing static security policies, PingIntelligence for APIs was purpose-built to recognise and stop emerging new threats that breach APIs while flying under the radar of foundational API security measures. The solution requires no policies or rules to be written, and it can recognise new and changing attacks.

Through the integrated functionality of PingIntelligence and WSO2 API Manager, organisations now have a complete solution for managing and protecting the APIs that drive their business. Examples of API attacks that can be reported and blocked using the integrated solution include attacks that use a valid user account to reverse engineer the API and breach other accounts to steal data—while looking like a normal user. Others include attacks that use stolen token, cookies, or API keys; attacks on login systems; remote application control; botnets scraping data; data exfiltration; API-specific denial of service/distributed denial of service (DoS/DDoS) attacks, as well as an array of attacks coming from authenticated users.

[1] Gartner, “How to Build an Effective API Security Strategy,” by Mark O’Neill, Dionisio Zumerle, Jeremy D’Hoinne, December 8, 2017.

[2] Gartner, “How to Build an Effective API Security Strategy” December 8, 2017.