And all too often, static security controls fail to stop these attacks. Now, WSO2 and Ping Identity have partnered to protect APIs against cyber-attacks by combining the artificial intelligence (AI) powered API cybersecurity of PingIntelligence for APIs with the robust policy-based controls in the open source WSO2 API Manager.

Through the partnership, WSO2 has developed an open source extension to communicate with the PingIntelligence API Security Enforcer (ASE) module, which can be deployed in the WSO2 API Gateway. As a result, WSO2 API Manager users can apply AI-based security analysis and threat blocking to their APIs along with static policy-based security controls.

Additionally, WSO2 and Ping Identity will co-host a webinar to discuss how enterprises can protect their API infrastructure from advanced attacks by leveraging the power of machine learning and AI in conjunction with API management. The event will be held on June 20, 2019 and 10:00 a.m. Pacific Daylight Time. To learn more and register, visit https://wso2.com/library/webinars/2019/06/protecting-api-infrastructures-an-ai-powered-solution-from-ping-identity-and-wso2.

AI-Driven Security for API Management

“By 2022, API abuses will be the most-frequent attack vector resulting in data breaches for enterprise web applications,” observes Gartner in the report, How to Build an Effective API Security Strategy¹. The report² further notes that, “A security strategy that manages access and protects systems from attack while still engaging digital ecosystems is essential to any API program.”

WSO2 API Manager, part of the WSO2 Integration Agile Platform, is the leading open source software for full API lifecycle management, monetisation, and policy enforcement. Designed for deployment on-premises, in the cloud, as a managed cloud service, or in hybrid environments, WSO2 API Manager offers several policy-based options for security and access control. These include OAuth 2.0 authentication and authorisation, API policy creation and enforcement, request and response validation, rate limiting, and the ability to set quotas, among others.

PingIntelligence for APIs is a leading solution for AI-powered API cybersecurity. By applying AI models to continuously inspect and report on all API activity, it automatically discovers anomalous API activity and threats across API infrastructures. Because bad actors are well versed in circumventing static security policies, PingIntelligence for APIs was purpose-built to recognise and stop emerging new threats that breach APIs while flying under the radar of foundational API security measures. The solution requires no policies or rules to be written, and it can recognise new and changing attacks.

Through the integrated functionality of PingIntelligence and WSO2 API Manager, organisations now have a complete solution for managing and protecting the APIs that drive their business. Examples of API attacks that can be reported and blocked using the integrated solution include attacks that use a valid user account to reverse engineer the API and breach other accounts to steal data—while looking like a normal user. Others include attacks that use stolen token, cookies, or API keys; attacks on login systems; remote application control; botnets scraping data; data exfiltration; API-specific denial of service/distributed denial of service (DoS/DDoS) attacks, as well as an array of attacks coming from authenticated users.

“Ping Identity’s alliance with WSO2 extends our commitment to expanding our API security ecosystem,” said Bernard Harguindeguy, CTO, Ping Identity. “The advanced API security we deliver via PingIntelligence for APIs’ machine learning and artificial intelligence provides a strong complement to WSO2 API Manager in supporting the cybersecurity needs of today’s API-driven enterprises.”

“As more organisations implement internal and external API strategies to drive their digital transformation, APIs are becoming attractive targets for hackers,” said Paul Fremantle, co-founder and CTO at WSO2. “By integrating the extensive API management and control functionality of WSO2 API Manager with the AI-powered security of PingIntelligence for APIs, we can ensure that enterprises are well-equipped to detect and block attacks on their APIs—whether on-premises, across devices, or in the cloud.”
 

^{1. Gartner, “How to Build an Effective API Security Strategy,” by Mark O'Neill, Dionisio Zumerle, Jeremy D'Hoinne, December 8, 2017.
2. Gartner, “How to Build an Effective API Security Strategy” December 8, 2017.}