Data Driven API SecuritySubra Kumaraswamy @subrakMichael Russo

2

Don’t Let Your APIs get Naked!

3

What’s Keeping You Up at Night?

Key TheftMan-in-the-Middle

4

Legacy design can also haunt you..

5

How APIs are Protected?

OAuth Quota Rate Limit Threat Protection0

10

20

30

40

50

60

70

80

90

Apigee Edge – Take Care of the Basics

6

Security & Identity Capabilities

Threat Protection

Traffic Protection

Backend Service

Apps

Security for API Consumption

Authentication & Authorization

TLS

Hide the Complexity of API Security

7

Backend Service

Authentication & Authorization

Identity Services

Logging & Auditing

Security Analytics

Authentication & Authorization

Secure API Exposure

TLS

AppsSecurity & Identity

Capabilities

Take Security away from Developers

8

Communication Security

Backend Service

Security for App Developers

Single Sign-On

Developers

TLS

Security & Identity Capabilities

Application Key Security

Configure and Not Code Security

9

Authentication & Authorization

Identity & Authentication

Data Masking

Logging & Auditing

Security for API Developers

Developers

API Team

TLSRBAC

Security & Identity Capabilities

Apps

API Data Driven Approach

11

Am I Secure Now?

Security Policies Configured

12

Need to rethink the traditional coarse control security

12

Backend Service

Legitimate Traffic

API Bots

IP Blacklist

Apps

13

We need a new approach…

Continuous Data Driven API Threat Management

14

Activity Bursts

Anomalous Behavior Patterns

Data Scraping Geo Location

BotContent Scraping

Information Theft

Bot Bot

Bot

Analyze API Requests

TagThrottleBlock

Detect Anomalies

15

Apigee enables:

API security hygiene

Continuous data driven security that scales!

Thank you