Google recently announced an API abuse detection dashboard powered by machine learning algorithms.
Advanced API Security, a feature of Apigee API Management, provides a machine learning-powered fraud detection dashboard. This enables customers to quickly detect API security misconfigurations, malicious bots, and malicious activity. Additionally, the model behind the dashboard is trained to detect business logic attacks by internal teams at Google to protect public APIs.
Google Cloud Product Manager Shelly Hershkovitz explains in a blog post:
Business logic attacks are harder to detect using static security policies. This allows attackers to manipulate legitimate functionality to achieve malicious goals without triggering static security alerts.
The dashboard helps filter alerts designed to detect less complex attacks. These attacks often generate non-severe alerts or manage large numbers of bot attacks simultaneously, allowing security teams to more effectively address critical issues.
Additionally, the dashboard presents key events with “human-friendly” titles that seek to capture key elements of an attack, such as the source of the attack, the APIs affected, and the duration of the attack, so that security teams can take action. can. Make your event faster. Additionally, the dashboard provides recommendations on how to drill down into attacks, cross-reference with other similar attacks, and actions to remediate events as quickly as possible.
Security teams can access abuse detections through the Apigee UI, Security Incidents API, or Security Stats API.
Source: https://cloud.google.com/blog/products/identity-security/rsa-announce-api-abuse-detection-machine-learning/
Google has enhanced its API management (ApiGee) service in response to cyberattacks and the resulting increase in losses. The average cost of a data breach is $4.35 million, according to his 2022 data breach report for IBM, mentioned in Hershkovitz’s blog post.
Additionally, regulatory, privacy and cybersecurity expert Sarah Klein wrote in a LinkedIn blog post:
Many companies limit the identification of “data breaches” to incidents defined by various laws or regulatory statements with which compliance is mandated, which is insufficient for the mature data industry. Moreover, as companies increasingly rely on APIs to provide services and products to their customers, or use them internally to automate data processes, security professionals are actively changing their descriptions. , API abuse should be treated as a data breach.
As such, there are companies other than Google that use features such as API abuse detection in their products to improve security. For example, Cloudflare has an API Abuse Detection feature that can monitor your API for out-of-order calls that indicate that the API is likely being abused. Alternatively, it is available from Microsoft through Defender for APIs, which provides full lifecycle protection, detection, and response for APIs.
