Applying AI to API Security

It is hard to go anywhere in the security profession these days without the topic of artificial intelligence (AI) coming up. Indeed, AI is a popular topic.  Like many popular topics, there is quite a bit of buzz and hype around it. All of a sudden, it seems that everyone you meet is leveraging AI in a big way.

As you can imagine, this creates quite a bit of fog around the topic of AI. In particular, it can be difficult to understand when AI can add value and when it is merely being used for its buzz and hype. Beyond buzz and hype, however, how can we know when AI is being leveraged in a useful way to creatively solve problems?

In my experience, AI works best when applied to specific problems. In other words, AI needs to be carefully, strategically, and methodically leveraged in order to tackle certain problems that suit it.  While there are many such problems, API security is one such problem that I’ve experienced AI producing good results for.

Let’s take a look at five ways in which AI can be leveraged to improve API security:

1. API discovery: AI can be leveraged to study request and response data for APIs.  Behavioral analysis can be performed to discover previously unknown API endpoints.  Once discovered, these previously unknown APIs can be included in asset inventory, asset management, security policy, and security monitoring activities.  In this way, API discovery is an important contributor to overall API security.
2. Schema enforcement/access control: As AI studies request and response data for APIs, there are other benefits beyond API discovery.  Schemas for specific API endpoints can be learned and then enforced, and subsequent departures from learned schemas can be observed and then mitigated.  Functions can be generated that accurately fit metrics such as request size and response size, latency with and without data, request rate and error rate, response throughput, and others.  Subsequent departures from these metrics can also be observed and then mitigated.  This provides improved access control capabilities across API endpoints  The ability to enforce schemas and to improve access control is another important contributor to overall API security.
3. Exposure of sensitive data: Yet another benefit to AI studying request and response data for APIs is the ability to identify sensitive data in transit.  This includes the detection and flagging of Personally Identifiable Information (PII) that is being exposed.  The exposure of sensitive data, including PII, is a big risk for most enterprises.  Improving the ability to detect and mitigate the exposure of sensitive data improves overall API security.
4. Layer 7 DDoS protection: While most enterprises have DDoS protection at layers 3 and 4, they may not have it at layer 7.  With APIs, layer 7 is where the bulk of the action is.  Thus, AI can be leveraged to help protect API endpoints from the misuse and abuse that can happen at layer 7.  AI can be applied to analyze metrics and log data collected from an enterprise’s API endpoints.  The visibility generated by this continuous analysis and baselining of API endpoint behavior provides insights and alerting on anomalies, which can then be used to generate layer 7 protection policies.  Improved layer 7 DDoS protection means improved API security.
5. Malicious user detection: Malicious users, or clients, pose a significant risk to most enterprises.  All client interactions, including those with API endpoints, can be analyzed for the enterprise over time, and outliers can be identified.  Then, each client can be given a risk score based on all of their interactions with specific API endpoints.  Based on each client’s specific activities, the client’s threat level will rise or fall over time.  Policies and processes can be put in place to define how these malicious users/clients are handled.  This opens up yet another path to improved API security.

Both AI and API security are top of mind for most security professionals these days.  While there is quite a bit of buzz and hype around AI, it is a technology that can add tremendous value to security programs.  Not surprisingly, like many technologies, AI works best when applied to specific problems that suit it.  In my experience, API security happens to be one of those problems.  By carefully, strategically, and methodically applying AI to API security, enterprises can improve their overall security postures.

Related: SecurityWeek to Host Cyber AI & Automation Summit