Thursday, October 29, 2020

- PDT
PRO SESSION (API): Enhanced Platform Protection for API Gateways Through Cognitively Assorted ML Algorithms
Join on Hopin
Hung Dinh
Hung Dinh
Dell EMC, Distinguished Member Technical Staff
Matt Frank
Matt Frank
Dell Technologies, API Product Manager
Bijan Mohanty
Bijan Mohanty
Dell Technologies, Sr. Enterprise Architect
Sabu Syed
Sabu Syed
Dell Technologies, Enterprise Architect: Data Platform and Integration Strategy

Most API gateways, as the first line of defense and policy enforcement point, are responsible for a variety of tasks including security validations, run-time governance and contract enforcements. Besides authentication, authorization and token validations, they must be able to protect enterprise systems from a multitude of security threats like DDoS/XDoS, Code Injection, protocol threats, XML injections and others. Most gateways use static policies that are applied on the inbound API messages to detect these threats. Gateways also use static policies to enforce any user contracts and SLA.

All these static policy-based methods need to be updated periodically to reflect the ever-changing threat vectors. This becomes a hard and cumbersome management activity and always tend to be reactive. Although the existing gateways collect a huge amount of transaction metrics, they surprisingly lack robust analytics to dynamically analyze API consumption behavior and patterns. They also act as a mere pass-through layer in most situations and don’t provide much assistance with managing the behavior of the back-end applications. This is where Artificial Intelligence and Machine Learning can play a crucial role to provide deep insight into how APIs are used, detect anomalies and thereby help prevent bad incidents before they happen. It can produce comprehensive information for cybersecurity, helping with compliance, governance reports and forensics, to uniquely enhance protection of platforms within IT ecosystems. It can augment the capability gaps in the existing API gateways and provide more important analytics on API consumer behavioral patterns and detect anomalies both from consumption as well as API execution perspective.

The entire paper to be submitted later will detail a multitude of supervised and unsupervised learning algorithms that can be used and trained with the metrics already being collected from the API gateway and logging frameworks. Some of the metrics used by the machine learning models include API usage rate patterns, error patterns, payload patterns etc. These machine learning models can then provide a variety of classification operations for rate limiting decisions and SLA enforcements. They can also detect and predict API consumption anomalies like DDoS and other security threats, back-end application behavior anomalies, predictive analysis on performance of backend applications etc. These models can then work in conjunction with robotic process automation systems to take actions on some of these anomalies detected or predicted to perform self-healing before errors occur.