Traceable AI Extends Reach to Combat Fraudulent API Activity
Traceable AI has extended the reach of its application security platform to detect and thwart fraudulent activities enabled by the manipulation of application programming interfaces (APIs).
Richard Bird, chief security officer for Traceable AI, said cybercriminals have become more adept at exploiting APIs used to drive a wide range of transactions. They are employing bots, residential proxies and anonymous virtual private networks (VPNs) to abuse APIs and enable them to hide their identity, he noted.
The Traceable AI platform can surface those attacks by tracking API behavioral patterns, authentication, authorization and other vulnerabilities at the identity layer, said Bird. Those capabilities are enabled using distributed tracing, graph technologies and machine learning (ML) algorithms to extract temporal and spatial patterns from API call sequences to create a digital fingerprint. This, in turn, makes it simpler to identify anomalous behavior.
Cybercriminals are targeting APIs specifically as they are often poorly defended, noted Bird. In many organizations, the cybersecurity team assumes application development teams are securing APIs as they are built and deployed. Conversely, application development teams often assume the cybersecurity teams are securing APIs within the context of an overall application security strategy.
As a result, many organizations have deployed rogue APIs unknown to the security team. There are also so-called zombie APIs that were deployed by a developer and forgotten but are still being used to access data.
Ultimately, cybersecurity teams will be held accountable for securing APIs that continue to exponentially increase as organizations deploy cloud-native applications based on microservices, said Bird. In effect, those APIs are yet another endpoint that needs to be secured, he added. Given the number of APIs that exist and the nuances involved in securing them, it’s easy for cybersecurity teams to become overwhelmed, noted Bird.
Cybercriminals are, of course, as flexible and agile as ever, and it takes cybersecurity teams too long to adjust to tactical changes and the techniques being used by cybercriminals, he added.
As always, it’s not possible to secure that which is unseen so the first order of business for any cybersecurity team focusing on API security is the need to acquire discovery capabilities. The irony of the situation today is that when it comes to API discovery, cybercriminals have better tools at their disposal than most cybersecurity teams.
Hopefully, as more organizations embrace DevSecOps best practices, application security in general, and API security specifically, will improve. Unfortunately, the pace at which APIs are being built and deployed by developers with varying skill levels is going to increase. The amount of technical security debt involving the remediation of insecure APIs may soon approach insurmountable levels. ML algorithms and other forms of artificial intelligence (AI) might one day level an API security field that today decidedly leans in favor of the cyberattacker.