Background

As Gartner predicts, by 2022, API abuse will become the most common attack medium leading to data breaches for enterprise web applications,. A large number of black markets will regard API as the preferred attack target for business attacks and data theft. The current security protection system is mainly aimed at protecting the network layer and the application layer, lacking effective security means for the API attacks on the business layer, so that a large number of black markets can attack the API to achieve the goals of gaining benefits, inventory occupation, malicious bidding, drag, account takeover, etc., causing huge economic losses of enterprises.

Security Challenges
Large attack surface and difficult to manage
Enterprises have API services open to the public and will open a large number of business API interfaces to third party and partners. This makes the API exposed on the Internet vulnerable to attack, resulting in a large amount of customer data leakage, and the attack surface is large and difficult to manage.
Increasing business risks caused by API attacks
A large number of black markets can attack the API to achieve the goals of gaining benefits, inventory occupation, malicious bidding, drag, account takeover, etc., causing huge economic losses of enterprises.
Lack of effective security system
The current security protection system lacks effective detection means for dynamic proxy and low-frequency attacks of black market, and will bypass the existing WAF, API gateway and other security equipment strategies. The attack initiated by the API is a logical attack and cannot be detected by the rule engine. At present, lack effective security countermeasures against such logic and low-frequency attacks.
Solutions

By deploying the API security control platform, take the API as the center, manage the API attack surface and data exposure, and comprehensively grasp the business weaknesses. Build API behavior baseline based on Threat Hunter intelligence, effectively identify API attack risk through aggregate analysis of traffic, helping enterprises build API risk situation awareness ability to effectively deal with API risk.

Core Advantages
Auto management of the attack surface

With the high-frequency and real-time iterative API asset identification engine, ensure the effectiveness of API identification, automatically and accurately manage the API attack surface, and grasp the business risk.

Comprehensive defect risk identification

Based on Threat Hunter API attack and defense research and honeypot intelligence, comprehensively cover security issues of OWASP API Top 10 and grasp business risk.

Detect API attack with high accuracy

Build API behavior baseline based on external threat intelligence updated at second level, perform automated cluster analysis of traffic, and identify API attack risks with high accuracy.

Effective blocking API attack risk

Relying on the accurate identification ability, directly link the security equipment to effectively block the attack risk without manual participation after identifying the risk event.

Why Threat Hunter?
Master the overall situation of assets
Establish a full API list covering all unknown and zombie APIs that are not in management.
Improve risk detection capability
The risk monitoring ability is guaranteed through comprehensive monitoring of API assets, defects and risks.
Comprehensive security risk management
Through systematic management and closed-loop of the identified security risks.
Effectively reduce security risks
Relying on the automatic and effective blocking of the ability to accurately identify risks, the security risks are effectively reduced.
Start a trial >