Trends & News

Protect your API Management infrastructure against cyberattacks using AI


Have you ever wondered how to protect your API Management infrastructure against cyberattacks using Artificial Intelligence (AI)? This webinar has you covered! Laura Heritage, Senior Director, Product Line Manager at Axway joins Bernard Harguindeguy, CEO and Founder of Elastic Beam (and now CTO at Ping Identity) host the insightful webinar. In this blog post, we recap how the partnership with Axway and Ping Identity protects against API attacks. Read how APIs and AI can be complementary.

Axway AMPLIFY™ Platform is the data integration and engagement platform providing capabilities for message file transfer, content collaboration and API Management. AMPLIFY API Management is a foundational capability of the AMPLIFY platform enabling hybrid integration.

API Management infrastructure

AMPLIFY API Management provides you with a myriad of possibilities: For starters, you can use API Builder to build microservice based APIs and Orchestration. This allows you to have rapid Rest API creation and orchestration, data connectors with the ability to turn any OAS described service into a connector, and API mockup. Key to the API Management infrastructure solution is the API Gateway,giving you REST SOAP API creation, REST to SOAP transformations and vice versa, Light ESB, along with visual mapper. The API Gateway provides you with over 200 policies in the Axway policy library to secure your APIs. These services help protect your APIs in the full spectrum threats and attacks. Read more how API Management works here.

Further advantages of the API Management system including the ability to visualize and govern your APIs. API Manager contains an API Catalog and provides API Lifecycle Management with simplified policies for your REST APIs such as OAuth and OpenID Connect. The API Manager also includes partner management and the ability to monitor the consumption of your APIs.

Another feature to AMPLIFY API Management is the ability to consume with a customizable API Portal. API Portal provides the following capabilities; branding and customization, self-service onboarding, API Discovery and trial, client APP creation and authorization, client SDK Generator, blogs and forums. Furthermore, you can measure your APIs with the embedded analytics this gives you predictive insights on your technical and business users, API usage and health baselines.

Thanks to AMPLIFY

Thanks to AMPLIFY, you can protect your APIs to their greatest abilities. It’s available in a hybrid cloud format so you can have it in the cloud or on-premise and the Axway cloud. This helps with integration, security, control and acceleration.

Ping Identity’s “PingIntelligence” gives you the capability to drop Artificial Intelligence (AI) based policies into the Axway API Gateway to enable AI based API cybersecurity controls. PingIntelligence complements Axway security by dropping in their AI policies into the Axway API Gateway.

With AI, you can identify cyberattacks on APIs within minutes instead of months or years after being continually attacked and finally revealed by the attacker themselves. Once an attack has been identified you have the option to either automatically block the attack through the Axway API gateway or move the attack to an API Honeypot. PingIntelligence also provides, on top of Axway’s analytics, deep API traffic visibility for Ops, compliance and Forensic reports. By dropping in existing deployment via configuration policy, you have operational simplicity, along with high-scale performance.

APIs are an emerging vulnerability

Together with Axway, Ping Identity works to fight cybersecurity. Cyberattacks can be difficult to detect. But thanks to today’s AI capabilities to recognize hackers and identify the source, you can be protected.

Many reasons come into play as to why API security is such a difficult problem to treat. For one thing, high traffic volumes across many APIs can make it difficult to detect a large mix of inbound client activity, legitimate clients–expected activity used to access API services, high-velocity attackers, attempts to disrupt services, gather content, etc. All these situations come into play.

Hackers with valid credentials can blend in while maliciously accessing API services. The goal of AI-based cybersecurity is to be able to identify these attacks based on machine-learning of how your API is typically used then stopping the attacks. A similar analogy would be how your credit card company knows you can’t be making a purchase in San Francisco the same time you are making a purchase in Dublin Ireland. The credit card company alerts you right away to verify and stop the attack to prevent further damage.