Google Cloud enhances API protection with machine learning abuse detection

With increasing threats to business security and increased application programming interface traffic, Google LLC’s cloud division today announced an API abuse detection dashboard powered by machine learning algorithms.

This new feature extends Google’s Apigee Advanced API Security dashboard to focus on business logic attacks that are notoriously difficult to detect and defend against. This is because they tend to target APIs used for intellectual property, business processes, and sensitive information (products, user data, product listings, financial data, etc.).

Google Cloud product manager Shelly Hershkovitz said in an interview with SiliconANGLE: “So API usage and traffic volumes have increased. For example, the volume of API traffic handled by Apigee on Black Friday and Cyber ​​Monday has increased year-on-year over the past three years, and is projected to increase from 2021 to 2022. 35% increase over time.”

With this increase in traffic comes an inevitable increase in disruption and security threats to APIs. Google Cloud’s latest Google Security Research report notes that 50% of surveyed organizations have experienced an API security incident in the past 12 months, with 77% of those delaying the release of new services and applications as a result. . Imperva’s 2022 report found that these incidents can also be costly, with insecure APIs costing global organizations between $41 billion and $75 billion annually. .

“We focus on business logic attacks such as scraping and anomalies,” said Hershkovitz.

One of the biggest examples of API scraping attacks revealed that in 2021, the information of 530 million Facebook users was exposed on the dark web, a shady corner of the internet that could be accessed with special software. It’s time to At the time, Facebook clarified that this information was collected through “scraping.” Scraping is when an attacker uses legitimate access to an API to download large amounts of sensitive data from it.

This kind of behavior can usually be blocked using rules that limit the number of queries that can be run at once from a particular internet address or API key to thwart potential attacks. However, attackers can use multiple bots, Internet addresses, and more to circumvent rules and safeguards.

The same is true for anomalous or deviant traffic that subverts APIs and gains escalated access, infiltrates networks and attempts to modify or alter data output to other users. This is especially dangerous as it is even harder for surveillance software to detect and the impact can be devastating, especially in regulated industries such as finance.

“A new machine learning model that powers abuse detection for Apigee APIs has been trained by internal teams at Google and is used to protect some of the company’s public APIs,” said Hershkovitz. “So we are bringing them to his Apigee to help our customers keep their APIs more secure.”

Models are trained on years of traffic and threat detection best practices to provide the best capabilities for detecting and modeling what should and shouldn’t happen in API traffic To do. It is particularly good at sifting out alerts designed to detect less sophisticated attacks. This will generate a large number of alerts, many of which are not critical. Or it can help you deal with a large number of bot attacks at once and help your team deal with it. Solve your biggest problems faster.

The dashboard also presents key events with ‘human friendly’ titles that seek to capture key elements of an attack, such as the source of the attack, the APIs affected, and the duration of the attack, using machine learning-powered exploit detection algorithms. will be Enable security teams to respond to events faster.

The dashboard also provides recommendations on how to drill down into the attack, cross-reference it with other similar attacks, and action to remediate the event as quickly as possible.

Image: Pixabay, Google