License Type | SaaS |
Feature | Protect |
Main Product Category | Traceable UI |
Sub Category | Defense AI |
Question
How do you identify malicious activities? How do you differentiate between normal v/s unknown/outliers / nefarious?
Answer
The platform uses the foundational approach of distributed tracing to track, trace and baseline API traffic all the way from the users through the APIs all the way to the backend. First, activities are attributed to users rather than transient properties like IPs and / or device IDs. The platform reverse-engineers the predictive nature of the API traffic to automatically learn the schema. Next, the platform builds a comprehensive baseline of things related to (but not just limited to) traffic patterns in / out of the APIs, the API interactions, the sequence of API calls, the parameters exchanged etc.
Based on the above, the platform identifies deviations/outliers/series of deviations. A simplified version of the detection algorithm in each of the API requests and responses, we see if the parameter value matches the baseline, for what we have seen for that specific API request. If it doesn't, then the anomaly is identified as a possible security event. The anomaly can be further analyzed for known security patterns.
The platform tries to answer questions like is it exploiting a backend vulnerability? Is it an isolated attempt? How many such attempts? Are we seeing a pattern of behavior? While the platform specializes in the detection of OWASP API top 10, it can easily replace your WAF and / or RASP by protecting against traditional attacks included in the OWASP Top 10 such as SQLi, Cross Site Scripting etc.