TIBCO Software Inc., global provider of integration, API management, and analytics, has announced an official partnership with Ping Identity, a provider of Identity Defined Security. Together, TIBCO Cloud Mashery and the PingIntelligence for APIs solution bring seamless, AI-powered protection against new emerging API threats to customers. TIBCO Cloud Mashery is a complete solution for digital leaders, IT leaders, and chief information security officers to invest in API-led, cloud-native transformation for their organisations, with advanced API security at its heart. TIBCO Cloud Mashery He adds, “API products are the building blocks of an organisation’s digital strategy and, as such, cyber-attacks on API programs are more prevalent and sophisticated. Few enterprises, however, take a standardised approach across their company to ensure the security of data and other digital assets, which are exposed via APIs,” said Rajeev Kozhikkattathodi, vice president, product management and strategy, TIBCO. “A number of highly publicised breaches resulted recently. As the API attack surface continues to expand due to the strategic value of APIs, a new generation of threats will similarly continue to emerge. We’re excited to partner with Ping Identity to improve security measures for enterprises with sensitive corporate data.” TIBCO Cloud Mashery offers API security features such as advanced authentication, bot detection, white and blacklisting, and access control to protect APIs from dangerous API consumers. PingIntelligence for APIs complements the solution by enhancing API security with AI-driven threat mitigation, decoy API deception PingIntelligence for APIs PingIntelligence for APIs complements the solution by extending and enhancing API security with AI-driven threat mitigation and decoy API deception. As market leaders in API management and API security respectively, these two solutions work together seamlessly to provide a complete API security offering, especially for businesses that are investing in new digital initiatives, such as banks adopting open banking to deliver a superior customer experience. “Companies' most sensitive digital assets, including their customer data, are increasingly made accessible via APIs, and protecting this infrastructure from abuses and cyber-attacks must be the top priority for CISOs and CIOs everywhere,” said Bernard Harguindeguy, chief technical officer, Ping Identity. “Our partnership with TIBCO brings AI-powered protection to boost the security of API infrastructures and help organisations everywhere secure their data and applications behind APIs.”
Ping Identity, the provider of Identity Defined Security, announces that it has made several significant updates to PingIntelligence for APIs, its AI-powered API cybersecurity solution. These latest enhancements include an AI-based cloud trial, the ability to detect new types of attacks, support for Splunk environments, and additional integration with API gateways. The lack of visibility into how APIs are consumed is becoming commonplace in today’s enterprise environment. In fact, a recent Ping Identity survey conducted among security and IT professionals reveals that 45% of respondents aren’t confident in their organisation’s ability to detect whether a bad actor is accessing their APIs. Detailed traffic information Fifty-one percent aren't even assured their security team knows about all of the APIs that exist in the organisation Fifty-one percent aren't even assured their security team knows about all of the APIs that exist in the organisation. This data illustrates that the people trusted with securing APIs don’t have enough visibility into their activity to identify abuses and attacks, which has contributed to why recent API attacks were not discovered for months. In this latest product update of PingIntelligence for APIs, three important capabilities make protecting APIs, and the data and applications they expose, even more achievable: PingIntelligence for APIs uses AI and machine learning methods to detect, block and report attacks, as well as deliver detailed traffic information for deep visibility into all API activity—which helps secure APIs and the digital assets they connect. To make it easier for organisations to experience this for themselves, Ping now provides a cloud-based intelligence trial. Blocking anomalous behaviour While traditional enterprise security solutions aren’t designed to protect against attacks targeting the unique vulnerabilities APIs present, PingIntelligence for APIs fills these security gaps by detecting, reporting and blocking anomalous behaviour and attacks on each API under its watch. These include attacks on login systems, data theft, remote application control, API-specific DoS/DDoS attacks, stolen credential attacks and more. This update now extends the ability of PingIntelligence for APIs to stop additional threats, such as data exfiltration over extended periods of time This update now extends the ability of PingIntelligence for APIs to stop additional threats, such as data exfiltration over extended periods of time, content scraping, and slow login attacks, along with delivering improved bot detection. In addition this release supports sending threat information to Splunk environments, thereby enabling teams to consolidate attack information across their full security spectrum. Emerging threats PingIntelligence for APIs enhances the security provided by any API gateway by bringing in AI-based threat detection and blocking to their environments. Adding to its current integrations with PingAccess and Axway AMPLIFY, the Ping solution now integrates with the Apigee Edge platform. “Ping is helping some of the world’s largest organisations protect against an ever-diversifying landscape of cybersecurity threats, including those against API infrastructures. Many of the recent API abuses and attacks took months and years to detect, further reinforcing the need for IT leaders to build API-security focused teams,” shared Bernard Harguindeguy, CTO, Ping Identity. “As evidenced by the new advancements to our PingIntelligence for APIs solution, we’re committed to delivering even more leading-edge technology to protect our customers’ API infrastructures against these emerging threats.”
Ping Identity, global provider of identity defined security, has announced that it has been honored with the API World 2018 Award in the “Best in API Security” category. Its AI-driven cybersecurity solution, PingIntelligence for APIs, brings an increased level of security and intelligence into how APIs are accessed and used. PingIntelligence for APIs The 2018 API Awards celebrate technical innovation, adoption and reception in the API and microservices industry. To support judging process, the program leverages an advisory board made up of seven industry veterans. Out of hundreds of nominations, these expert judges selected PingIntelligence for APIs based on three criteria: reputation among the developer and engineering community, recent visibility and awareness, and product innovation. “APIs are increasingly used by hackers to breach organisations and steal data. API infrastructures need strong cyber protection now,” said Bernard Harguindeguy, SVP, Identity Intelligence, Ping Identity. “With our PingIntelligence for APIs solution, organisations of all sizes have the ability to track the use of their APIs and automatically block identified API threats.” Artificial Intelligence and Cybersecurity PingIntelligence for APIs uses artificial intelligence to deliver a high level of visibility and cyber protectionPingIntelligence for APIs uses artificial intelligence to deliver a high level of visibility and cyber protection to any API infrastructure. This applies to internal- and external-facing APIs and for environments with or without API gateways. The solution helps: Autodiscover all active APIs and associated URLs so that none are forgotten or overlooked. Deliver deep visibility into all API activity at scale for forensic or compliance reporting, all actions on APIs are captured and consolidated for easy access. Identify and automatically blocks cyber-attacks that use APIs to compromise data or gain control, with no predefined rules or attack signatures, unlike today’s analytical tools with no API awareness. Prevent hackers from reconnecting after termination when attackers are identified, enforcement nodes automatically block access across all sites and clouds. "Developers and engineers are becoming key influencers in their companies, because the technologies they use continue to matter more to their operations. Ping Identity is empowering developers to have a greater impact on security of products and IT,” said Geoff Domoracki, founder of DevNetwork, producer of API World and the 2018 API Awards.
Ping Identity, the provider of Identity Defined Security, announced the general availability of PingIntelligence for APIs, following its acquisition of Elastic Beam. The AI-powered solution is part of the Ping identity platform and brings an increased level of intelligence into how APIs are accessed and used to protect API infrastructures from cyberattacks, while also delivering deep insight into API activities. “APIs are proliferating throughout all organisations faster than security teams can keep up with them. While APIs benefit digital transformation initiatives, they also are the gateway to everything of value and that has made them a major target for cyber-attacks,” explained Bernard Harguindeguy, SVP, Intelligence at Ping Identity. “PingIntelligence for APIs allows security and DevOps teams to monitor API infrastructures for new APIs, provides audit trails of API traffic, and automatically blocks identified cyberattacks that target data and systems behind the APIs.” Preventing API data breaches The availability of PingIntelligence for APIs help organisations challenged by emerging trends within the API landscape, including: Industry directives such as PSD2, Open Banking and FHIR/HL7 have accelerated the use of APIs to drive interoperability between organisations Industry directives such as PSD2, Open Banking and FHIR/HL7 have accelerated the use of APIs to drive interoperability between organisations in similar industries. As a result, APIs have become a new and growing security risk for all organisations by making it easier for hackers and others to reach into applications and data they expose. According to Gartner, “API abuses will be the most-frequent attack vector resulting in data breaches for enterprise web applications by 2022.” Demands from enterprises for rapid API integration projects force security teams to build unique policies for each API. This introduces significant complexity and overhead costs, while also hampering the delivery timelines. According to the Cloud Elements State of API Integration 2018 Report, more than 50% of net new API integrations are built in under 30 days. No network reconfigurations required PingIntelligence for APIs is offered via inline and sideband deployment options available for a range of production environments. The sideband option allows the solution to be “dropped in” into existing API Gateway and/or PingAccess deployments with no network reconfigurations.