What ChatGPT says about API Detection and Response
The current ChatGPT response to this question is impressive, but does it hit the mark? It is erroneous in many ways and shows that ChatGPT has a long way to go in understanding new technologies like API Detection and Response.
API (Application Programming Interface) detection and response refers to the process of identifying and responding to API calls or requests made to a software application or system.
API detection involves identifying and tracking the incoming API calls and requests to determine the purpose and intent behind them. This is often done through various security tools such as firewalls, intrusion detection systems (IDS), and security information and event management (SIEM) systems.
API response involves the way a system or application responds to the detected API requests. Depending on the security policy and the purpose of the request, the system can either allow the request and provide the desired response, block the request, or challenge the requester for additional authentication.
The goal of API detection and response is to enhance the security of the system by detecting and responding to any malicious or unauthorized API requests, while still allowing legitimate requests to be processed.
What is the History Behind API Detection and Response?
As enterprise security teams shift their focus from protecting well-defined infrastructure to defending a distributed collection of API-accessible application resources, familiar enterprise security market evolution patterns are new repeating.
Consider, for example, how the endpoint security market evolved over time. For years, organizations ran anti-virus software, which was severely limited in its effectiveness and scalability because of several critical flaws:
- Reliance on attack signatures, which were always a step behind the latest attack techniques.
- Assessing only an individual signature match without storing data, ensuring the big picture of endpoint threats taking shape over time was invisible to security teams.
- Operated on device or endpoint once a signature match occurred, creating performance, usability, and scalability challenges.
How EDR and XDR Changed Enterprise Security
Because of the above limitations, anti-virus gave way to endpoint detection and response (EDR) and eventually extended detection and response (XDR). EDR and XDR improved and revolutionized the effectiveness of endpoint security by orders of magnitude through using some differentiated techniques including:
- Using true behavioral analytics to detect threats – even if they haven’t been seen previously and modeled into a signature
- Harnessing the power and scale of the cloud to store and analyze data collectively over time to see the bigger picture
- Improving scalability and reducing performance bottlenecks by shifting to a software-as-a-service (SaaS) model
- Providing richer data and tools to support investigations and threat hunting
Applying XDR Concepts to APIs
The first generation of API security technologies have many of the same limitations that plagued antivirus endpoint security for so many years. They also rely heavily on predefined rules and signatures. They also evaluate each request individually and then discard data rather than storing it for analysis. They also are deployed inline, creating a performance and scalability bottleneck as API usage grows.
While it might be premature to say that traditional application security is dead, the re-birth is underway. The same broad concepts that transformed endpoint security through the transition to EDR/XDR must now be applied to application security in order to mitigate the complex and growing set of threats attacking APIs.
As the founders of Lightcyber – and later as executives at Palo Alto Networks following Lightcyber’s acquisition – the founders of Neosec played a pivotal role in the invention and mainstream adoption of XDR. Neosec was founded with the express purpose of applying XDR concepts to the growing challenge of API security by pioneering a new approach called API detection and response.
How API Detection and Response Works
Neosec is the first API security solution to bring the same attributes that make XDR so effective to APIs, creating a new category called API Detection and Response (ADR). Neosec’s SaaS-based ADR platform uses behavioral analytics to provide unparalleled visibility into API usage:
- Continuously discover new and any updates to existing APIs to create an up-to-date inventory.
- Continuously assess the risk of all discovered APIs, even those not implemented through sanctioned methods.
- Uniquely stitch together the entities involved within all API activity to make context and intent clear across your entire API estate.
- Aggregate all API activity – not just alerts – into a DVR-style timeline view that makes investigations and threat hunting activities faster and more effective.
Similar to XDR products, Neosec’s SaaS platform includes a data lake that retains data for extended periods, enabling more sophisticated analysis and detection. This rich data set is what makes true behavioral analytics possible.
Behavioral analytics provides the detection accuracy and data fidelity necessary to:
- Take automated responses based on detected threats.
- Make it practical for human threat hunters to understand the complete threat landscape and drill deeper into critical threat and risk areas.
And critically, unlike other application security solutions, which don’t provide access to the data that explain the context of their decisions, the Neosec platform isn’t a black box. It provides visibility and detailed explanations of every decision for every entity within your APIs. Neosec explains the ‘why’ in every API attack.
The open nature of the platform is demonstrated by Neosec’s inclusion of an API of its own that makes detailed API activity and contextual information accessible to other tools in the enterprise security and API development tool stacks.
How API Detection and Response Leapfrogs First-Generation API Security
Neosec’s pioneering ADR approach is transforming how enterprises approach the growing challenge of API security. Drawing from first-hand experience in the XDR marketplace, the Neosec team is driving a similar shift in how enterprises approach application security.
The following table summarizes how Neosec’s approach leapfrogs early techniques for protecting APIs in the enterprise.
|Capability||The Old API Security Way||The Neosec Way|
|Deployment||On-premises, with little-to-no data stored in the cloud for analysis||100 percent SaaS-based approach storing detailed historical data|
|API Discovery||Manual effort for each new discovery
||Fully automated and continuous approach to discovery|
|API Risk Assessment||Basic assessment such as “sensitive” tag for personally identifiable information
Analysis limited to seven-day aggregates compared to previous seven days.
|Details API activity statistics for each day, down to 15-minute resolution.|
|Data Storage and Enrichment||Lacks a scalable data lake.
Enrichment limited to basic info like a ‘country’ flag.
Data is not anonymized in storage or user interface.
|Detailed data stored in cloud-based data lake.
IP addresses enriched with more precise location and ASN details.
Sophisticated relationship mapping of API entities.
Sensitive data tokenized prior to storage and user interface display.
|Threat Detection||Limited to snapshots of short-term activity only on unauthenticated web APIs.||30 days+ of DVR-style visibility into all API activity including authenticated APIs.|
|Investigation and Threat Hunting||Impossible with lack of data storage.
No anonymized data to support outsourced managed threat hunting.
|Ability to query all enriched data to support investigations.
Data lake and tokenization enables industry-first managed API threat hunting offering.
Get Started with API Detection and Response Today
Neosec’s 100 percent SaaS-based approach makes getting started with ADR easy. Within hours, you’ll know more about your APIs than ever before and have a strong foundation for applying XDR-style sophistication to your API detection and response efforts.
Visit Neosec.com to request a free trial.
Test Drive the Neosec API Security Solution
One cloud-native platform, fully deployed in minutes, to protects your APIs.START NOW