Api security Checklist
Explore behavior analysis and anomaly detection
Yüklə 2,4 Mb. Pdf görüntüsü
|
|
Explore behavior analysis and anomaly detection:
as organizations embrace APIs more rapidly, they quickly realize the need for machine-driven data analytics and behavior analysis to understand normal API consumption and identify attackers abusing APIs. The algorithms must be informed by API metadata as well as API traffic collection, continuously learn, and make decisions dynamically based on the organization’s unique business logic. Machine-driven detection and protection should also be built into a larger platform of services and integration so that an appropriate mitigating action, such as setting a dynamic rate limit for an abusive requester, can be implemented temporarily at the appropriate network ingress of the overall architecture. Even mature organizations with development resources and data scientists quickly hit a wall trying to develop such detection and integration. You will inevitably need to explore API security tooling to fill this gap. Security operations The top 3 recommendations for security operations include: 1. Account for the non-security and security personas involved in the complete API stack 2. Create API-centric incident response playbooks 3. Spare your SOC from burnout by surfacing actionable API events and not dumping data Security operations, or SecOps, capabilities in organizations can be a mixed bag. SOC analysts that are full stack are in very short supply, much like the illusive full stack DevOps or DevSecOps engineer. Specializations in technology stacks and understanding of attack pattern specifics are inevitable if not necessary. This reality of the modern SOC increases the need for collaboration within the SOC but also with other teams within the organization. SOC analysts must often depend on Salt I API Security Best Practices I 25 application development and API protect teams who best know the application architecture and logic of APIs, which becomes critical in digital forensics and incident response. SOCs may also be outsourced to third parties, as in the case of managed security service providers and virtual SOCs, which can further complicate workflow, data feeds, and integration. You will need to emphasize the people and process aspects of SecOps more than technology, and don’t just approach the exercise as “getting a feed into Splunk.” Best practices for security operations include: 1. Yüklə 2,4 Mb. Dostları ilə paylaş:
|