Risk Management

Ping Identity and Axway webinar wrap-up: API security challenges and solutions

API security challenges

Ping Identity and Axway came together for an absorbing webinar to discuss API security challenges and solutions. The charge was led by Jason Bonds, Vice President of Sales at Ping Identity, along with Dan Tortorici, API Management and Product Solutions Marketing. They discussed how the two solutions connect users to the cloud, mobile and on-premises applications to secure your APIs and data to which they provide access.

The main focus is on the enterprise. Ping Identity has been used globally by large companies to secure their APIs. Axway has over 11,000 customers around the world to leverage the technology in the integration space and customer engagement. Further, Axway helps customers manage their technology needs.

API security challenges

As the two companies discussed, the “API economy is growing at a large and expansive rate.” Ping Identity did a survey to find out how many people use their APIs and found that over “25 percent manage over 1,000 APIs, while 35 percent manage between 400 to 1000.” A problem that exists is that API Growth concerns play into the 45 percent of respondents. They are not confident in their ability to detect a malicious API attack. Further, 51 percent said that were not confident in their security team’s awareness of all APIs. API security challenges are a big concern.

Benefits of rapid growth

The benefits of rapid growth are driving expansion, enhanced alignment, low-cost onboarding and standardized data usage. While APIs provide great information to the user, the downside is that APIs can expose your information–another API security challenge. In the blink of an eye, hackers can get to your information. They can also abuse your APIs, from stolen credentials to a weak gateway, many capabilities can be compromised.

As an example, tens of thousands of malicious apps using Facebook APIs have been compromised. Further, Google, Verizon and the U.S. Postal Service also were compromised to name a few. The list goes on and on. Breaches are unfortunately high. The time it takes to discover you’ve been attacked is a huge problem. At Verizon, it took several months to a year to discover their breach. How can this be? Poor visibility!

Axway and Ping Identity to the rescue!

Axway and Ping Products bring about a solution to this wide-spread problem. They offer capabilities to protect your APIs spread out across the board.

Dan Tortorici from Axway explained that “AMPLIFY is all about bringing solutions to the table for common benefits. User interfaces, resources to learn and share, also available for hybrid deployment.”

AMPLIFY API Management is important to understand because of its digital business value chain. APIs can penetrate several vectors. API teams figure out how to combine them for a seamless transition. (Read more about API Management and API security, not so secure.)

APIs can deliver apps and integrate with other systems. AMPLIFY and API Management addresses all these needs. There are many functionalities to create, manage and govern APIs and consume them. Metrics are important to measure to guide your success. The reason Axway is a strong solution, along with the partnership of Ping Identity, is that you have the two forces together that help provide a strong policy filter. This helps to build these policies with minimal change to get things wrong. Security and policy filters are important to achieve protection.

Access control

Big areas of interest are access control. There are a lot of items in terms of data and identity control that enable Ping Identity to pinpoint high-level threats. Therefore, Axway has partnered with the company to combat API security challenges and cyberattacks.

PingIntelligence for APIs is security and intelligence combined. Intelligence to manage threats to APIs. AI-powered cybersecurity at the highest level. This lists all active APIs with API Auto-Discovery. This is self-learned modeling to identify and block cyberattacks on APIs, data and helps to detect hacking with API Deception (Honeypots). Further, with deep traffic visibility and reporting, you have a high level of protection to cover a cyberattack. A goal of the product is to detect future problems.

A key component is API security

On the AutoDiscovery side, Ping can notify you when problems arise. Hijacking is always a problem. PingIntelligence can identify stolen cookies and deploy APIs that attack probing hackers. From there, hackers are blocked from production to the APIs.

The great thing about Auto-Discovery and deep API activity visibility is that you can automatically discover active APIs. Further, you have deep API traffic visibility, reports on attacks forensics, compliance and DevOps. This system complements the API Gateway Analytics. Also, APIs can integrate with third-party systems.

The Axway and Ping partnership allows for several other security measures to be in place. You’ll have the Gateway protection, as well as PingIntelligence together to combat security issues. It sends metadata to determine AI models to respond back to the Axway Gateway to block attacks.

Multiple deployment options are available—Inline and Sideband. So, you can provide PingIntelligence for a blocking perspective with the following:

*Automated API Discovery (Inline only)

*Deep traffic visibility/reporting

*Automated threat detection and blocking

*API deception and Honeypot, no network/infrastructure changes (Sideband only)

With Axway and Ping Identity, you have a formidable team in place to combat and prevent future cyberattacks.

Learn more how Ping Identity and Axway are solving API security challenges here in this webinar.