F5 Adds More ML Algorithms to Better Secure APIs
F5 this week extended the ability of its cloud security platforms and services to secure application programming interfaces (APIs) by adding additional machine learning (ML) algorithms to make it easier to both discover APIs and apply analytics to identify anomalies.
The enhanced API security capabilities are being made available via the F5 Distributed Cloud Services platform and through a set of managed services the company provides to secure cloud computing environments on behalf of customers.
The F5 Distributed Cloud Services platform is a software-as-a-service (SaaS) offering that, in addition to protecting APIs, also protects web applications by integrating a web application firewall (WAF), bot mitigation, distributed denial-of-service (DDoS) defense capabilities and API protection within a single cloud service.
Brian McHenry, vice president of product management for F5, said given the highly dynamic nature of IT environments, APIs are breeding like rabbits. A recent F5 2023 State of Application Strategy (SOAS) report found 85% of respondents deployed applications and APIs in distributed environments spanning multiple public clouds, as well as in on-premises and edge locations. More than 20% of respondents are deploying applications and APIs in six different environments.
The report also found nearly two-thirds of organizations are prioritizing the use of artificial intelligence (AI)/machine learning, with security as a top use case.
F5 is leaving it up to each organization to determine whether they want to manage security themselves versus relying on F5’s managed services, said McHenry. However, with an ongoing shortage of cybersecurity expertise, interest in managed cybersecurity services is on the rise, he noted.
That lack of expertise is especially chronic when it comes to applications and API security because historically, cybersecurity teams focused more on securing perimeters rather than applications, McHenry added.
In the longer term, application and API security will become higher priorities in the wake of the National Cybersecurity Strategy paper by the Biden administration. The national cybersecurity strategy, among other things, called for more liability for organizations that deploy insecure software. It’s not clear how those proposals might manifest as law just yet, but there’s clearly more focus than ever on securing software supply chains that are made up of thousands of APIs.
Unfortunately, cybercriminals have taken note of the fact that API endpoints are the soft underbelly of enterprise IT environments. Those APIs represent a tempting target because they facilitate data exfiltration; that data can be used to either extort an organization or resold to some other entity. In some scenarios, cybercriminals are reselling data even after ransom demands have been met.
Cloud platforms infused with machine learning algorithms should, theoretically, lead to more secure application environments. Regardless of approach, the way application security is achieved and maintained is changing with the rise of machine learning algorithms and other forms of AI. The only issue now is determining how effective these new capabilities will be as cyberattackers take advantage of the same AI technologies.
