Abstract

 APIs have become the new diamond [part of New Normal as well] of enterprise transformation initiatives and strategy empowering customers, employees, partners, and other stakeholders to access their applications, business, data of their systems.

We see new waves of cyber-attacks from hackers against these enterprise assets and initiatives disrupting the industry from time to time. It is imperative to build robust API security (static, dynamic, AI-driven policies) for large enterprises to serve their customer and stakeholders better to address this. Gartner has predicted by 2022, the most frequent attack vendor for enterprise will be in the space of API.

Enterprises have a solid response to this scenario by having a comprehensive API management solution. APIs are must-have capabilities to govern, control, and access the API ecosystem. However, while building the API strategy, they need also to provide a comprehensive solution around the most sophisticated vector attacks on APIs, thereby implementing static, dynamic, and AI-driven security (around throttling and rate-limiting).

This paper aims to address API management solutions that enterprises should incorporate to address integrity, security, scalability, and API ecosystem availability.

References

[1] From Batter to Cake: Bake your Own Security Model in API Management http://www.ijcttjournal.org/archives/ijctt-v68i10p103
[2] Ping Intelligence (AI pre-trained ) models for API management https://www.pingidentity.com/en/software/pingintelligence.html
[3] Survey on the usage of Machine Learning Techniques for Malware Analysis https://www.researchgate.net/publication/320582721_Survey_on_the_Usage_of_Machine_Learning_Techniques_for_Malware_Analysis
[4] Surendiran,R., and Alagarsamy,K., Privacy Conserved Access Control Enforcement in MCC Network with Multilayer Encryption. SSRG International Journal of Engineering Trends and Technology (IJCTT), 4(5) (2013) 2217-2224.