What Is API Detection and Response?
What does ChatGPT say about API detection and response?
ChatGPT answers the question “What is API detection and response?” with the following reply:
API (Application Programming Interface) detection and response refers to the process of identifying and responding to API calls or requests made to a software application or system.
API detection involves identifying and tracking the incoming API calls and requests to determine the purpose and intent behind them. This is often done through various security tools such as firewalls, intrusion detection systems (IDS), and security information and event management (SIEM) systems.
API response involves the way a system or application responds to the detected API requests. Depending on the security policy and the purpose of the request, the system can either allow the request and provide the desired response, block the request, or challenge the requester for additional authentication.
The goal of API detection and response is to enhance the security of the system by detecting and responding to any malicious or unauthorized API requests, while still allowing legitimate requests to be processed.
The current ChatGPT response is certainly impressive, but does it hit the mark? No way. That response is erroneous in many ways and it shows that ChatGPT has a long way to go in understanding new technologies like API detection and response.
What is the history behind API detection and response?
As enterprise security teams shift their focus from protecting well-defined infrastructure to defending a distributed collection of API-accessible application resources, familiar enterprise security market evolution patterns are now repeating.
Consider, for example, how the endpoint security market evolved over time. For years, endpoints could be sufficiently protected with antivirus software, even though those products were limited in effectiveness. Their capabilities only allowed them to:
Rely on attack signatures
Assess individual signatures
Block when a signature match occurs
How EDR and XDR changed enterprise security
Antivirus solutions eventually gave way to endpoint detection and response (EDR) and, eventually, extended detection and response (XDR), which became critical to protecting endpoint devices. EDR and XDR improved and revolutionized the effectiveness of endpoint security by orders of magnitude via some differentiated techniques, including:
Using true behavioral analytics to detect threats — even if they haven’t been previously seen and modeled into a signature
Harnessing the power and scale of the cloud to store and analyze data collectively over time to see the bigger picture
Improving scalability and reducing performance bottlenecks by shifting to a software as a service (SaaS) model
Providing richer data and tools to support investigations and threat hunting
Applying XDR concepts to APIs
The first-generation of API security technologies have many of the same limitations as antivirus solutions did because they also rely heavily on predefined rules and signatures. They also evaluate each request individually and are deployed in-line, which is great for defending external threats, but not effective for analyzing API behavior.
The same broad concepts that transformed endpoint security through the transition to EDR/XDR must now be applied to application security to mitigate the complex and growing set of threats attacking APIs.
The founders of Akamai API Security — who also founded LightCyber — played a pivotal role in the invention and mainstream adoption of XDR. This product was built with the express purpose of applying XDR concepts to the growing challenge of API security by pioneering a new approach called API detection and response.
How API detection and response works
Akamai API Security brings to APIs the same attributes that make XDR so effective, creating a new category called API detection and response (ADR). API Security’s SaaS-based ADR platform uses behavioral analytics to provide unparalleled visibility into API usage. With API Security you can:
Continuously discover new APIs and updates to existing APIs to create an up-to-date inventory
Continuously assess the risk of all discovered APIs, even those not implemented through sanctioned methods
Uniquely stitch together the entities involved within all discovered API activity to make context and intent clear across your API estate
Aggregate all monitored API activity — not just alerts — into a DVR-style timeline view that makes investigations and threat hunting activities faster and more effective
Similar to XDR products, API Security’s SaaS platform includes a data lake that retains data for extended periods, enabling more sophisticated analysis and detection. This rich dataset is what makes true behavioral analytics possible.
The open nature of API Security
Behavioral analytics provides the detection accuracy and data fidelity necessary to:
Take automated responses based on detected threats
Make it practical for human threat hunters to understand the complete threat landscape and drill deeper into critical threat and risk areas
And, critically, the API Security platform isn’t a black box; it provides visibility and detailed explanations of every decision for every entity within your APIs, explaining the why in every API attack.
The open nature of the platform is demonstrated by its inclusion of an API of its own that makes detailed API activity and contextual information accessible to other tools in the enterprise security and API development tool stacks.
How API detection and response leapfrogs first-generation API security
Akamai’s API Security’s XDR approach is transforming how enterprises approach the growing challenge of API security. By drawing from firsthand experience in the XDR marketplace, the Akamai team is driving a similar shift in how enterprises approach application security.
The following table summarizes how Akamai’s approach leapfrogs early application security techniques for protecting APIs in the enterprise.
Capability |
Application security |
Akamai API Security |
Better together |
|---|---|---|---|
Deployment |
In-line |
Out of band; 100% SaaS-based approach storing detailed historical data |
Deploy anywhere at scale |
Manual effort required for discovery |
Fully automated and continuous approach to discovery |
Discover APIs anywhere, 24/7 |
|
API risk assessment |
Risk assessment based on known signatures |
Details API activity statistics for each day, down to 15-minute resolution |
Stop known API vulnerabilities and assess new risks with behavioral analytics |
Data storage and enrichment |
Data storage and analysis focused on known attack types — not on behavior |
Detailed data stored in cloud-based data lake IP addresses enriched with more precise location and ASN details Sophisticated relationship mapping of API entities Sensitive data tokenized prior to storage and user interface display |
Store all forms of API data, including data that contains potential attack information and data that might contain undiscovered threats |
Threat detection |
Limited to snapshots of short-term activity |
30 days of DVR-style visibility into all API activity, including authenticated APIs |
Store granular data across time to become acutely aware of threats |
Investigation and threat hunting |
Alert investigations based on previously known API attack types |
Ability to query all enriched data, including behavioral data, to support investigations Data lake and tokenization enables industry-first managed API threat hunting offering |
Analyze known attack types while conducting detailed threat research on emerging threats using data lake |
Get started with API detection and response today
With Akamai API Security’s 100% SaaS-based approach, it’s easy to get started with XDR. Within hours, you’ll know more about your APIs than ever before and have a strong foundation for applying XDR-style sophistication to your API detection and response efforts.
