Artificial Intelligence

Applying AI to API Security

While there is quite a bit of buzz and hype around AI, it is a technology that can add tremendous value to security programs.

Joshua Goldfarb

October 11, 2023

It is hard to go anywhere in the security profession these days without the topic of artificial intelligence (AI) coming up. Indeed, AI is a popular topic. Like many popular topics, there is quite a bit of buzz and hype around it. All of a sudden, it seems that everyone you meet is leveraging AI in a big way.

As you can imagine, this creates quite a bit of fog around the topic of AI. In particular, it can be difficult to understand when AI can add value and when it is merely being used for its buzz and hype. Beyond buzz and hype, however, how can we know when AI is being leveraged in a useful way to creatively solve problems?

In my experience, AI works best when applied to specific problems. In other words, AI needs to be carefully, strategically, and methodically leveraged in order to tackle certain problems that suit it. While there are many such problems, API security is one such problem that I’ve experienced AI producing good results for.

Let’s take a look at five ways in which AI can be leveraged to improve API security:

API discovery: AI can be leveraged to study request and response data for APIs. Behavioral analysis can be performed to discover previously unknown API endpoints. Once discovered, these previously unknown APIs can be included in asset inventory, asset management, security policy, and security monitoring activities. In this way, API discovery is an important contributor to overall API security.
Schema enforcement/access control: As AI studies request and response data for APIs, there are other benefits beyond API discovery. Schemas for specific API endpoints can be learned and then enforced, and subsequent departures from learned schemas can be observed and then mitigated. Functions can be generated that accurately fit metrics such as request size and response size, latency with and without data, request rate and error rate, response throughput, and others. Subsequent departures from these metrics can also be observed and then mitigated. This provides improved access control capabilities across API endpoints The ability to enforce schemas and to improve access control is another important contributor to overall API security.
Exposure of sensitive data: Yet another benefit to AI studying request and response data for APIs is the ability to identify sensitive data in transit. This includes the detection and flagging of Personally Identifiable Information (PII) that is being exposed. The exposure of sensitive data, including PII, is a big risk for most enterprises. Improving the ability to detect and mitigate the exposure of sensitive data improves overall API security.
Layer 7 DDoS protection: While most enterprises have DDoS protection at layers 3 and 4, they may not have it at layer 7. With APIs, layer 7 is where the bulk of the action is. Thus, AI can be leveraged to help protect API endpoints from the misuse and abuse that can happen at layer 7. AI can be applied to analyze metrics and log data collected from an enterprise’s API endpoints. The visibility generated by this continuous analysis and baselining of API endpoint behavior provides insights and alerting on anomalies, which can then be used to generate layer 7 protection policies. Improved layer 7 DDoS protection means improved API security.
Malicious user detection: Malicious users, or clients, pose a significant risk to most enterprises. All client interactions, including those with API endpoints, can be analyzed for the enterprise over time, and outliers can be identified. Then, each client can be given a risk score based on all of their interactions with specific API endpoints. Based on each client’s specific activities, the client’s threat level will rise or fall over time. Policies and processes can be put in place to define how these malicious users/clients are handled. This opens up yet another path to improved API security.

Five ways in which artificial intelligence (AI) can be leveraged to improve API security to help enterprises improve their security posture.

Both AI and API security are top of mind for most security professionals these days. While there is quite a bit of buzz and hype around AI, it is a technology that can add tremendous value to security programs. Not surprisingly, like many technologies, AI works best when applied to specific problems that suit it. In my experience, API security happens to be one of those problems. By carefully, strategically, and methodically applying AI to API security, enterprises can improve their overall security postures.

Written By Joshua Goldfarb

Joshua Goldfarb (Twitter: @ananalytical) is currently Global Solutions Architect - Security at F5. Previously, Josh served as VP, CTO - Emerging Technologies at FireEye and as Chief Security Officer for nPulse Technologies until its acquisition by FireEye. Prior to joining nPulse, Josh worked as an independent consultant, applying his analytical methodology to help enterprises build and enhance their network traffic analysis, security operations, and incident response capabilities to improve their information security postures. He has consulted and advised numerous clients in both the public and private sectors at strategic and tactical levels. Earlier in his career, Josh served as the Chief of Analysis for the United States Computer Emergency Readiness Team (US-CERT) where he built from the ground up and subsequently ran the network, endpoint, and malware analysis/forensics capabilities for US-CERT.

Latest News

Click to comment

CIEM Chat: How to Reduce Cloud Identity Risk

March 26, 2024

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Virtual Event: Ransomware Resilience & Recovery Summit

April 17, 2024

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Navigating Vendor Speak: A Security Practitioner’s Guide to Seeing Through the Jargon

As a security industry, we need to focus our energies on those professionals among us who know how to walk the walk. (Joshua Goldfarb)

SD-WAN: Don’t Build a Dead End, Prepare for Future-Proof Secure Networking

SD-WAN must be scalable, stable, secure, and fully operational to serve as a strong base for seamless modernization and progression to SASE. (Etay Maor)

You Against the World: The Offenders Dilemma

Foreign attackers have many more toolsets at their disposal, so we need to make sure we’re selective about our modeling, preparation and how we assess and fortify ourselves. (Tom Eston)

Why Intelligence Sharing Is Vital to Building a Robust Collective Cyber Defense Program

With automated, detailed, contextualized threat intelligence, organizations can better anticipate malicious activity and utilize intelligence to speed detection around proven attacks. (Marc Solomon)

Know Your Audience When Speaking to Security Practitioners

How can security practitioners make sense of the vendor landscape and separate those who talk a good game from those who can execute, perform, and solve real problems for enterprises? (Joshua Goldfarb)

Artificial Intelligence

AI Helps Crack NIST-Recommended Post-Quantum Encryption Algorithm

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

Kevin TownsendFebruary 21, 2023